Privacy Notice for iPeTek App
Last updated date: April, 2026
The Changsha Sinocare Inc. (“we”, “our”, “us”or“the company”) operates the iPeTek App (“iPeTek ”). This Privacy Notice demonstrates how we collect, use, and share your personal data when you use iPeTek. We take the protection of your privacy and personal data very seriously. We process your personal data strictly in compliance with this Privacy Notice( “Notice” ), and with the applicable data privacy laws and regulations in your jurisdictions. As we provide services globally, specific provisions applicable to certain jurisdictions are included in Appendix.
Please read this Notice carefully to get a clear understanding of our processing of your personal data. If you have any questions, you can contact us through the contact details listed in this Notice.
This Notice will help you understand the following:
Appendix Specific Provision for Different Jurisdiction
• Identity and the contact details of the Company
Changsha Sinocare Inc.
Changsha Sinocare Inc. 265 Guyuan Road, Hi-Tech Zone, Changsha, 410205, Hunan Province, P.R. China
• Identity and the contact details of the Data Protection Officer (DPO)
DPO: Uilliam WU
Email: dataprivacy.global@sinocare.com
When you download and use the iPeTek, we collect and process certain technical data that is mandatory and necessary for the functioning of the iPeTek through your device automatically, including:
• Technical Data: IP address, operating system and its current version, date and time of access.
2.2 Registration and Login
To use the iPeTek App, you need to register a user account. You can choose to create an account with your phone number or email address, or you can choose to register with a third-party platform account, such as Apple, Google account. As the iPeTek is used to monitor your pet’s glucose condition, we also collect basic data about your pet. During the registration process, data we collect includes:
• Account Data: your country/region, valid phone number/email address, username, and password you provide. Or third-party account identifier, email address, username and profile picture (if available) we received from third-party platform under your authorization.
• Basic Pet Data: the type of your pet (dog/cat), the pet’s name, and health condition you provide.
2.3 Device Binding
To connect and read data collected from the Continuous Glucose Monitor (“CGM”) or Blood Glucose Meter (“BGM”), you need to bind the CGM/BGM device to your account. In the process of the binding, you need to grant the camera permission to scan the QR code on the device and grant the Bluetooth permission for the connection. When you complete the binding, we collect the following device data through the App automatically:
• CGM Device Data: the CGM’s SN, the sensor remaining life, and the version number.
• BGM Device Data: the BGM’s SN.
2.4 Glucose and Blood Glucose Monitoring
When you use the CGM to monitor your pet’s real-time glucose values, or use the BGM to test your pet’s blood glucose readings, we collect the following glucose data:
• Pet’sGlucose Data: real-time glucose values, historical trends, data timestamps from CGM.
• Pet’s Blood Glucose Data: blood glucose reading from BGM.
2.5 Glucose Alert Settings and Notifications
When you use the CGM to monitor your pet’s real-time glucose values, iPeTek allows you to set preferred high and low glucose thresholds for reminder purposes. If your pet’s glucose value exceeds the high threshold or falls below the low threshold you have set, iPeTek will generate an alert and send you a notification. In this process, we collet the following data when you perform the setting:
• Alert Setting Data: alert setting values, notification methods (sound/vibration).
2.6 Behavior and Event Recording
To help you create a detailed health diary for your pet, you can use the behavior and event recording function of the iPeTek. You can voluntarily record various health and lifestyle events, including blood glucose test, diet, exercise, medication, Insulin injection, and other events. If you wish to upload diet photos, you need to grant the camera or the photo library permission. When you record the events, we collect the following data (collectively, the “Event Data”):
• Pet’s Blood Glucose Data: blood glucose reading, monitoring time, monitoring period, remarks (optional).
• Pet’s Diet Data: dining date, dining time, carbs, remarks (optional), and photo (optional).
• Pet’s Exercise Data: start date, start time, exercise type, exercise time, remarks (optional).
• Pet’s Medication Data: medication date, medication time, remarks (optional).
• Pet’s Insulin Data: injection date, injection time, injection type, injection dosage, remarks (optional).
2.7 Dashboard and Monitoring Reports
To help you review and understand your pet’s glucose status and trends, the iPeTek provides data dashboard and analysis reports. In this process, we collect the following data:
• Pet’s Glucose Analytics Data: the percentages of time in range, time above range, and time below range, average, maximum, and minimum glucose values, glucose management indicator (GMI), and coefficient of variation (CV).
2.8 Customer Services
You may encounter issues or need assistance when you use our CGM, BGM products for pets or the iPeTek App. In such scenario, you may contact us through our customer service channels, such as in-app support features, customer support tickets, email, or other communication methods we make available from time to time. In this process, based on your circumstances, we may collect the following data:
• Customer Service Data: your country or region, name, email address, contact phone number, device’s SN, issue, fault occurrence time, detail description.
We process the Technical Data to provide you with the iPeTek App. The legal basis for processing the Technical Data is your consent, as well as the necessity to fulfill or initiate a contractual relationship between you and us and to perform obligations under the contract.
3.2 Account Data and Basic Pet Data
We process the Account Data and Basic Pet Data to create your account, and enable you to use the iPeTek App. The legal basis for processing the Account Data and Basic Pet Data is your consent, as well as the necessity to fulfill or initiate a contractual relationship between you and us and to perform obligations under the contract .
3.3 CGM Device Data and BGM Device Data
We process the CGM Device Data and BGM Device Data to enable you to connect the device to your account and to activate the device. The legal basis for processing the Device data is your consent, as well as the necessity to fulfill or initiate a contractual relationship between you and us and to perform obligations under the contract.
3.4 Pet’s Glucose and Blood Glucose Data
We process the pet’s Glucose and Blood Glucose Data for you to monitor your pet’s glucose and blood glucose status. The legal basis for processing the pet’s Glucose and Blood Glucose Data is your consent.
3.5 Alert Setting Data
We process the Alert Setting Data to send notification to you if your pet’s glucose value is abnormal and needs attention. The legal basis for processing the Alert Setting Data is your consent.
3.6 Event Data
We process the Event Data for you to record your pet’s health event and keep the health diary. The legal basis for processing the Event Data is your consent.
3.7 Pet’s Glucose Analytics Data
We process the Pet’s Glucose Analytics Data to show the pet’s glucose trend and analysis. The legal basis for processing the Pet’s Glucose Analytics Data is your consent.
3.8 Selected Veterinarian Data
We process the Selected Veterinarian Data to enable you to share data with your veterinary professionals. The legal basis for processing the Selected Veterinarian Data is your consent.
3.9 Customer Service Data
We process the Customer Service Data to respond to your questions and service requests, to analyze and resolve technical or service-related issues, to improve and develop our products and services, and to comply with applicable laws, regulations, or regulatory requirements. The legal basis for processing the Customer Service Data include the necessity to fulfill or initiate a contractual relationship between you and us and to perform obligations under the contract, the necessity for us to comply with a legal obligation), the pursue of our legitimate interests, and your consent.
In addition to the cases explicitly mentioned in this Notice, your personal data will only be transferred with your express prior consent or if this is permitted and required by law. We may transfer your personal data to the following categories of recipients.
4.1 Our Affiliates
We may transfer your personal data to our affiliates for internal administrative purposes, such as joint customer services and customer support, the development, improvement, maintenance, and security of our products and services, and for compliance with applicable laws, regulations, or regulatory requirements. Our affiliates take organizational and technical measures to safeguard your personal data and never use your personal data in contraction to this Notice. The legal basis for transfer data to our affiliates include the necessity to fulfill or initiate a contractual relationship between you and us and to perform obligations under the contract, the pursue of our legitimate interests, such as such as ensuring the functionality, security of our product and service, and your consent.
4.2 Our Business Partners
We employ business partners to perform functions on our behalf. Examples include the Cloud service provider, SMS service provider, the Customer service provider, and the SDK providers (including Push notification, App analytics and crash monitoring, Third-party login, Cloud storage, and QR code/barcode scanning SDKs). If we use such external service providers, we have carefully selected them beforehand, verify their reliability, and contractually obligate them to process all personal data provided by us exclusively in accordance with our instructions. These business partners may have access to personal data needed to perform their functions but may not use it for other purposes. The legal basis for transfer data to our business partners is your consent.
4.3 Public Authorities
We may transfer personal data if permitted or required by law, for example, in response to a court order or a subpoena. To the extent permitted by applicable law, we also may disclose personal data in the following scenario:
• In response to a law enforcement or public agency’s request.
• If we believe disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of end users.
• To protect the security or integrity of our sites, applications, and other technology, as well as the technology of our service providers.
• Enable us to take precautions against liability.
The legal basis for transfer data to public authorities is the necessity for us to comply with a legal obligation or the necessity for the purposes of the legitimate interests pursued by us.
You acknowledge and agree that we may access and process personal data on a global basis as necessary to provide the products and service. In particular, personal data may be transferred to and processed in Singapore and Chinese Mainland.
Whenever personal data is transferred outside its country of origin, we will take measures to ensure such transfers are made in compliance with the requirements of applicable data protection laws and regulations.
Please note that despite careful selection and commitment of our service providers, these may be subject to compulsory laws in their respective country of establishment requiring them to grant access to data on request of governmental authorities.
Please be aware that the data protection laws in other countries may differ from, and in some cases, be less protective than, the laws in your country/region. In certain circumstances, governmental authorities in those countries may have the right to access your data, and you may have limited legal options to be informed about or challenge such access.
With the iPeTek App, we offer you the voluntary option to upload your data to a cloud server in Singapore, which is operated by one of our partners on our behalf. Otherwise, the data collected will remain stored locally and in a secure environment on your device.
6.2 Retention Period
We delete or anonymize your personal data as soon as it is no longer necessary for the purposes we have collected and processed it as stated in this Notice and the time limit required by applicable laws and regulations. In general, we store your personal data for the duration of the contractual relationship regarding the iPeTek App. The data may remain stored beyond this period if required by applicable legal obligations to which we are subject, for example statutory retention or documentation obligations. In such scenario, we will delete your personal data once the requirements cease to apply.
If you have uploaded your personal data to our cloud server, we will store your data for a period of twelve months from the last use of your account and delete or anonymize them thereafter. Should you withdraw your consent in accordance with the “Your Rights Regarding Personal Data” section below, the respective data will be deleted by us.
Our products and services are not directed to children, as defined under applicable laws and regulations. We do not intend to collect personal data from children. If we become aware that personal data of a child has been collected, we will take reasonable steps to delete such information without due delay. Parents or guardians who believe that their child has provided us with personal data may delete the account directly in the iPeTek App or contact us to request deletion of the account and associated data, we will delete the data upon verification.
For data loss prevention and protection against unauthorized access to your personal data, we use various encryption methods, encryption standards and security means.
Account Data, Basic Pet Data, Pet’s Glucose and Blood Glucose Data stored locally on your device is encrypted using CBC encryption, while the user account password is MD5 encrypted. The data transmitted from the transmitter to the iPeTek App adopts the Bluetooth standard protocol for encryption. Should you choose our cloud service and decide to upload your data to our cloud server, this data is transmitted to the cloud server using HTTPS encryption. The data stored on our cloud server is encrypted using Advanced Encryption Standard (AES).
For the prevention of data loss of data stored on our cloud server, we perform daily incremental backups and monthly full backups for the sole purpose of providing you with backups of your data in the event of accidental data loss.
We maintain appropriate technical and organizational measures to protect your personal data. In the event of a personal data breach, we will take steps to contain, investigate the incident, and to mitigate any potential harm. We will notify the relevant supervisory authority and affected individuals in accordance with the timescales and scope as provided by applicable laws and regulations.
Subject to possible restrictions under applicable laws, as a data subject, you have the right of knowledge, access, rectification, correction, erasure, restriction of processing, objection to a decision based solely on automated processing, data portability and not to be discriminated with regard to your personal data. In addition, you can withdraw your consent and object to our processing of your personal data on the basis of our legitimate interests. You can also lodge a complaint with a supervisory authority.
Please notice, the types of rights regarding personal data vary across jurisdictions due to differences in applicable laws and regulations. For more detailed information about the specific rights and applicable response times, please refer to the Appendix.
We are doing everything possible to ensure that you can successfully exercise your rights in accordance with applicable laws and regulations. When you need to exercise your rights, we may ask you necessary verification question in order to protect your personal data. If you have any questions regarding this Notice or you have a problem exercising your rights, you may send your request in writing to the email address provided in this Notice.
We reserve the right to charge you a reasonable fee for the processing of any data access or correction request where requests are manifestly unfounded or excessive, in particular because of their repetitive character.
We may update this Notice from time to time in response to changing legal, technical or business developments. The current version can be viewed under the menu “About” in the App. When we update this Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make and as required by applicable laws.
Appendix. Specific Provision for Different Jurisdictions
In the Context with our provision of the iPeTek App in the United Kingdom, we are bound by the United Kingdom General Data Protection Regulation (UK GDPR). We constitute the “controller” under the UK GDPR.
As the data subject, you have the following rights according to UK GDPR:
1.1 Right of access: you have the right to obtain from the us confirmation as to whether or not your personal data are being processed; you can also request a copy of your personal data that are undergoing processing.
1.2 Right to rectification: you have the right to obtain from us without undue delay the rectification of inaccurate or incomplete personal data.
1.3 Right to erasure (“right to be forgotten”): you have the right to obtain from us the erasure of personal data if the following circumstances occur:
• The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
• When you withdraw consent on which the processing is based, and there is no other legal ground for the processing.
• When you object to the processing, and there are no overriding legitimate grounds for the processing.
• The personal data have been unlawfully processed.
• The personal data have to be erased for compliance with a legal obligation in union or member state law to which the controller is subject.
• The personal data have been collected in relation to the offer of information society services for children under the age of 13.
1.4 Right to restriction of processing: you have the right to obtain from us the restriction of processing where one of the following applies:
• The accuracy of the personal data is contested, for a period enabling us to verify the accuracy of the personal data.
• The processing is unlawful, and you oppose the erasure of the personal data and requests the restriction of their use instead.
• We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.
• You have objected to processing, pending the verification whether the legitimate grounds of us override those of yours.
1.5 Right to data portability: you have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller provided that (a) the processing is based on consent; and (b) the processing is carried out by automated means.
1.6 Right to object: you have the right to object to data processing based on specific reasons, including: (a) processing based on legitimate interests; (b) processing based on public interest or official authority; (c) when personal data is used for direct marketing, you can object at any time; (d) for scientific, historical research, or statistical purposes, unless it involves public interest.
1.7 Right not to be subject to automated decision-making (including profiling): you have the right not to be subject to decisions based solely on automated processing, especially when the decision has legal consequences or significantly affects the data subject.
1.8 Right to complaint: If you are of the opinion that our processing of your personal data by us is not in compliance with this Notice or the UK GDPR, you have the right to make a complaint to the ICO.
We will respond to your requests within one month or two months (if the request is complex or you have made a number of requests), or within the time limit prescribed by applicable law.
In the Context with our provision of the iPeTek App in Australia, we constitute an “App entity” under the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles set out in Schedule 1 of the Privacy Act (“APPs”).
As the data subject, you the following rights according to the Privacy Act and APPs:
2.1 Right to access: You have the right to request the access to your personal data held by us.
2.2 Right to correction: You have the right to correct your personal data held by us. We take reasonable steps to ensure the data we held is accurate, up-to-date, complete, relevant and not misleading.
2.3 Right to Complain: If you believe our practices constitute a breach of the Privacy Act or the APPs, you can contact us. We will try our best to resolve the matter with you. If your concerns are not resolved to your satisfaction, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by visiting its website, and filling the privacy complaint form.
The request for access and correction, and the submission of complaint need to be submitted to us via the contact details provided in this Notice. We will respond to your request within a reasonable period.
In the Context with our provision of the iPeTek App in Philippines, we are bound by the Data Privacy Act (DPA). We constitute the “controller” under the DPA.
As the data subject, you have the following rights according to DPA:
3.1 Right to be informed: you have the right to be informed whether your personal data will be, are being or have been processed by us.
3.2 Right to object: You have the right to object to our processing of your personal data, including processing for direct marketing, automated processing, or profiling.
3.3 Right of access: Upon request, you have the right to reasonably access the following information:
• the specific personal data we have processed about you;
• the source of your personal data;
• the name and address of the recipients of your personal data;
• how your personal data is processed;
• the reason(s) for disclosing your personal data to recipients (if any);
• information about automated processing where your personal data will be, or may be, used as the sole basis for decisions that may significantly affect you;
• the date on which your personal data was most recently accessed and modified; and
• our identity and address.
3.4 Right to rectification: You have the right to object to inaccurate or incorrect personal data and request that we promptly correct it.
3.5 Right to erasure/restriction: You have the right to withdraw your consent, and to request that we suspend processing in our systems, or restrict, erase, delete, or destroy your personal data.
3.6 Right to compensation: If you suffer damage due to inaccurate, incomplete, outdated, false, unlawfully obtained personal data, or unauthorized use of your personal data, you have the right to seek compensation in accordance with applicable law.
3.7 Right to data portability: Where your personal data is processed electronically in a structured and commonly used format, you have the right to obtain a copy of such data from us. We will provide it in an electronic or structured, commonly used, and machine-readable format that allows you to further use the data.
We will respond to your requests within one month or two months (if the request is complex or you have made a number of requests), or within the time limit prescribed by applicable law.
In the Context with our provision of the iPeTek App in Thailand, we are bound by the Personal Data Protection Act, B.E. 2562 (2019) (PDPA). We constitute “controller” under the PDPA.
As the data subject, you have the following rights according to PDPA:
4.1 Right to withdraw consent: you may withdraw consent at any time.
4.2 Right of access and right to obtain a copy: you have the right to access the personal data processed by us and to obtain a copy of the personal data.
4.3 Right to receive and transfer: you have the right to obtain personal data from us and to request us to send or transfer your personal data to another controller.
4.4 Right to object: you may, at any time, object to the collection, use, and disclosure of personal data by us in specific circumstances.
4.5 to erasure, destruction, and anonymization: you have the right to request the us to delete, destroy, or anonymize personal data in specific circumstance.
4.6 Right to restrict processing: you have the right to restrict the processing of your personal data.
4.7 Right to rectification and completion: you have the right to request that the personal data held by us be accurate, up-to-date, complete, and not misleading.
4.8 Right to lodge a complaint: you have the right to lodge a complaint against us or other processor for the unlawful processing of personal data.
For requests to exercise the right of access and the right to obtain a copy, a response should be provided without undue delay and no later than 30 days after receiving the request. For requests to exercise the right to object, the objection will immediately become effective.
In the Context with our provision of the iPeTek App in Vietnam, we are bound by the LUẬT BẢO VỆ DỮ LIỆU CÁ NHÂN (PDPL). We constitute the “controller” under the PDPL.
As the data subject, you have the following rights according to PDPL:
5.1 Right to be informed: you have the right to be informed about our personal data processing activities.
5.2 Right to consent or withdraw consent: you have the right to give or refuse to consent, and to request withdrawal of your consent (where we rely on consent) for the processing of your personal data.
5.3 Right of access and rectification: you have the right to access, correct, update your personal data.
5.4 Right to request provision, erasure or restriction you have the right to request that we provide a copy of your personal data, delete or erase it, or restrict the processing of your personal data.
5.5 Right to object: you have the right to object to the processing of your personal data, as permitted by law.
5.6 Right to lodge a complaint and seek remedies: you have the right to lodge a complaint with the competent authority, report a violation, initiate legal proceedings, or seek compensation for damages.
5.7 Right to request protective measures: you have the right to request competent authorities and/or any organization or individual involved in the processing of your personal data to take protective measures as required by law.
We will respond to your requests within one month or two months (if the request is complex or you have made a number of requests), or within the time limit prescribed by applicable law.
In the Context with our provision of the iPeTek App in India, we are bound by the Digital Personal Data Protection Act 2023 (DPDPA). We constitute the “Data Fiduciary” under the DPDPA.
As the data subject, you have the following rights according to DPDPA:
6.1 Right to access: you have the right to obtain the following information:
• a summary of personal data which is being processed by us and the processing activities undertaken by us.
• the identities of us and Data Processors with whom the personal data has been shared, along with a description of the personal data so shared; and
• any other information related to the personal data and its processing, as may be prescribed.
6.2 Right to correction and erasure: you have the right to correction, completion, updating and erasure of your personal data for the processing of which you have previously given consent.
6.3 Right of grievance redressal: You have the right to have readily available means of grievance redressal provided by us in respect of any act or omission of us regarding the performance of our obligations in relation to the personal data or the exercise of your rights under the provisions of DPDPA and the rules made thereunder.
6.4 Right to nominate: You have the right to nominate, in such manner as may be prescribed, any other individual, who shall, in the event of death or incapacity of you, exercise the rights of the data subject in accordance with the provisions of DPDPA and the rules made thereunder.
Your exercise of the above right need to be submitted to us via the contact details provided in this Notice. We will respond to your request within 90 days.
In the Context with our provision of the iPeTek App in Indonesia, we are bound by the Law No. 27 of 2022 on Personal Data Protection (PDPL). We constitute the “controller” under the PDPL.
As the data subject, you have the following rights according to PDPL:
7.1 Right to be informed: you have the right to request the information regarding the purpose of processing, and our responsibilities.
7.2 Right to completion and rectification: you have the right to request the completion ofincomplete personal data or the rectification of errors.
7.3 Right of access and right to obtain a copy: you have the right to access your personal data and obtain a copy of it.
7.4 Right to erasure: you have the right to request the termination of processing, deletion, and/or destruction of your personal data.
7.5 Right to withdraw consent: you have the right to withdraw consent to the processing of your personal data that has been granted to us.
7.6 Right to object to automated decision-making: you have the right to object to decisions made solely based on automated processing.
7.7 Right to delay or restrict processing: you have the right to delay or restrict the processing of your personal data based on the purpose of the processing of personal data.
7.8 Right to complain and claim compensation: you have the right to file a lawsuit against violations in the processing of your personal data and to obtain compensation in accordance with relevant laws and regulations.
7.9 Right to data portability: you have the right to obtain and/or use your personal data from us in a format that is structured, commonly used, and machine-readable. You also have the right to transfer your personal data to another data controller, provided that the systems used can communicate securely.
Your exercise of the above right need to be submitted to us via the contact details provided in this Notice. We will respond to your request within the time limit prescribed by law (e.g., we will respond to data subjects' requests for access or correction within 72 hours).