1 · Legal notice
The Glusor website and platform (hereinafter, "the Service") are owned by [NOMBRE O RAZÓN SOCIAL], with tax ID [NIF] and registered address at [DIRECCIÓN]. Contact: clinico@glusor.com.
2 · Clinical-use notice
Glusor is a supporting visualisation tool and is NOT a certified medical device. It does not carry a CE mark under Regulation (EU) 2017/745 and must not be used as the sole source of information for diagnostic or therapeutic decisions.
Clinical decisions always belong to the professional team, supported by the institution's certified devices and systems. The accuracy and availability of the data shown depends on third-party systems (the patients' sensors and their Nightscout instances) outside Glusor's control.
3 · Privacy policy (GDPR)
3.1 What data we process as controller
- Business contact data (demo form): name, organisation, email, phone and message. Purpose: handling your request. Basis: pre-contractual measures (art. 6.1.b GDPR). Retention: up to 24 months.
- Unit account data: identifier, unit name, manager's email and passwords (stored exclusively as bcrypt hashes). Purpose: providing the Service. Basis: performance of the contract.
- Technical logs: IP address, page and action, with credentials redacted. Purpose: security of the Service (legitimate interest). Retention: 7 days.
3.2 Glucose data: what we do NOT process
Glusor does not store glucose readings. Each value is requested in real time from each patient's Nightscout instance, displayed on the unit's station and discarded. It is not recorded, not retained and not shared with third parties. Bolus entries introduced by staff are transmitted directly to the patient's Nightscout with no copy kept in Glusor.
With regard to the data the healthcare institution links to the Service (Nightscout URLs and tokens, bed labels), Glusor acts as a data processor under art. 28 GDPR, on the basis of the processing agreement signed with each client. We expressly recommend not entering patient-identifying data: beds should be labelled pseudonymously (e.g. "Bed 12"). Access tokens are stored encrypted (XChaCha20-Poly1305 or AES-256-GCM).
3.3 Your rights
You may exercise your rights of access, rectification, erasure, objection, restriction and portability by writing to clinico@glusor.com. You may also lodge a complaint with the supervisory authority (in Spain, the AEPD).
3.4 Processors and transfers
The Service is hosted at [PROVEEDOR DE HOSTING], in EU data centres. No analytics tools or third-party trackers are used. The site's query assistant relies on the Anthropic API; only the text you voluntarily type into the chat is sent to it, never patient data.
4 · Cookies
Glusor uses only strictly necessary technical cookies: the session cookie (authentication) and the language cookie (gs_lang). We use no analytics or advertising cookies, so no consent banner is required.
5 · Terms of service
- Signing up: the Service is contracted through a commercial proposal following the demo. There is no self-service; units are set up by the Glusor team.
- Authorised use: the client is responsible for safeguarding its credentials and the display-mode key, and for ensuring that use of the Service complies with its internal policies and applicable law, including obtaining any necessary authorisations or consents regarding the monitored patients.
- Availability: the Service is provided on a reasonable-effort ("as is") basis. Data reading depends on the availability of the patients' Nightscout instances, which are outside Glusor's control.
- Limitation of liability: to the maximum extent permitted by law, Glusor is not liable for clinical decisions made on the basis of the information displayed, without prejudice to rights that cannot be waived under applicable law.
- Termination: upon termination of the contract the unit's configuration is deleted in full. There are no glucose readings to delete, because none were ever stored.
This document is a good-faith informative template and does not constitute legal advice.