Privacy Policy
How CuffLog protects your data
Last Updated: 2 July 2026
Overview
CuffLog is a blood-pressure logging app for iPhone, developed by Jane McKay (bundle identifier com.janemckay.cufflog). CuffLog lets you record blood-pressure readings by hand or by pointing your camera at your home monitor's display, and it keeps a private log on your device. Your privacy is fundamental to how the app is built: your health data is stored locally on your device, there is no account to create, and CuffLog does not track you, show ads, or sell your data. This policy explains exactly what data the app handles and where it goes. For help, see our Support page or return to the home page.
Information We Collect
Data Stored Locally on Your Device
All of the following is stored exclusively on your device using iOS standard storage (UserDefaults inside the app's sandboxed container). It is never transmitted to the developer or synced to any account.
- Blood-pressure readings — systolic, diastolic, and pulse values
- The date and time of each reading
- Symptoms and notes you add to a reading (e.g. headache, dizziness, how you felt)
- Any tags or context you record (e.g. time of day, before/after medication)
- App settings and display preferences
Because this data lives only on your device, uninstalling CuffLog permanently removes it.
Camera and Photo Access
CuffLog can read a blood-pressure reading directly from your monitor's screen. When you choose to scan a reading, the app asks your permission to use the camera (to photograph the display) or your photo library (to pick an existing photo of the display). These permissions are requested only when you use the scan feature, and you can decline and enter readings by hand instead. You can change these permissions at any time in iOS Settings > CuffLog.
How the "scan your monitor" feature handles your photo
To turn a photo of your monitor's display into numbers, CuffLog uses optical character recognition (OCR) powered by Google's Gemini model. To keep the AI service credentials secure, the app does not talk to Google directly. Instead:
- The captured image is sent over an encrypted (HTTPS) connection to a Cloudflare Worker proxy operated for CuffLog.
- The Worker forwards the image to the Google Gemini OCR endpoint, using an API key that is held server-side only — the key is never stored in the app or on your device.
- Gemini reads the systolic, diastolic, and pulse numbers from the image and returns just those values.
- The returned numbers are shown to you for confirmation and then saved locally on your device, exactly as if you had typed them.
This transfer is transient: the image is sent only to extract the reading in that moment. The Cloudflare Worker does not persist your image or build a profile of you, and CuffLog does not keep a copy of the photo on any server. Google processes the image to perform OCR under its own terms; Google states that data sent to the Gemini API is not used to train its models. See Google's Gemini API terms and Cloudflare's privacy policy for details. If you would prefer not to send any image off your device, simply enter your readings manually — the scan feature is optional.
No Account, No Tracking, No Ads
CuffLog does not:
- Require you to create an account, sign in, or provide an email address to use the app
- Use third-party analytics, advertising, or tracking SDKs
- Display advertisements
- Sell or share your personal or health data with anyone
- Collect device identifiers or your location
Health Data Sensitivity
Blood-pressure readings and related symptoms are sensitive health information, and CuffLog treats them accordingly. Your readings are kept private on your device, protected by your device's own security (passcode, Face ID, or Touch ID). CuffLog does not write to or read from Apple Health unless a future version explicitly asks your permission and you grant it. The developer cannot see your readings.
Data Security
- Readings and symptoms are stored in the app's sandboxed container, isolated by iOS from other apps.
- The connection used by the scan feature is encrypted in transit (HTTPS).
- Your data is protected by your device passcode / Face ID / Touch ID.
- The developer operates no server that stores your health data and cannot access data on your device.
Data Deletion
Delete a single reading: remove any individual reading from within the app.
Delete everything: uninstalling CuffLog from your device permanently removes all locally stored readings, symptoms, and settings.
Photos: the scan feature does not save the photo it captures; if you took a photo with the iOS Camera app yourself, manage it in the Photos app as usual.
Third-Party Services
CuffLog relies on the following services only for the specific purposes shown:
| Service | Purpose | Data Sent |
|---|---|---|
| Cloudflare Worker (CuffLog proxy) | Securely relays the monitor photo to the OCR service so the API key stays server-side | The monitor image, transiently, at the moment you scan. Not stored. |
| Google Gemini (OCR) | Reads the blood-pressure numbers from the monitor image | The monitor image, to extract the reading. Not used to train Google's models per Google's API terms. |
| Apple App Store | App distribution and (if offered) any purchases | Handled entirely by Apple; the developer never receives your payment details. |
No advertising networks, no analytics SDKs, and no other third-party trackers are used.
Children's Privacy
CuffLog is intended for adults managing their own or a family member's blood pressure. It is not designed for or directed at children under 17, and we do not knowingly collect data from children.
Medical Disclaimer
CuffLog is a logging and tracking tool. It is not a medical device and does not provide medical advice, diagnosis, or treatment. The OCR scan is a convenience feature and may occasionally misread a display, so always check that a saved reading matches your monitor. Always consult your healthcare provider about your blood pressure and any treatment decisions.
Your Rights and Control
Because your data is stored locally on your device, you have complete control over what exists, how long it is kept, who can access it, and when it is deleted. Since CuffLog does not collect or retain personal data on a server controlled by the developer, there is no server-side profile to request or erase. If you have questions about your rights, contact us below.
Changes to This Policy
We may update this privacy policy from time to time. Changes will be reflected by updating the "Last Updated" date above and publishing the revised policy at this same URL.
Contact
If you have questions or concerns about this privacy policy or how CuffLog handles your data:
Email: [email protected]