We take data privacy very seriously at Levels. We'll never share your health data for marketing or advertising purposes and require the parties we work with to follow these privacy principles.

We also firmly believe that your health data belongs to you, so we make it easy to export and download your glucose data through your Levels profile page.

Our full Privacy Policy can be found here and in the Research Study’s Privacy protocol below.

Research Study’s Privacy protocol

Summary of Levels data storage practices for our full Amazon Web Services cloud hosted dataset:

• Levels uses a HIPAA-compliant cloud platform, Aptible, to manage our server and database infrastructure.
• Aptible manages and audits security best practices, including ensuring that data is encrypted via AES-256 industry standards at rest and End-to-end Encryption in transit. Traffic is encrypted all the way from endpoints to app and database containers using strong Transport Layer Security (TLS) ciphers.
• Databases are not publicly accessible, all access is controlled and audited, two factor authentication is used for all devices, and backups are performed and encrypted at regular intervals. Internal Data access is strictly controlled. We maintain an audit log for administrator access.

CGM System data is transmitted from the sensor, to participant handset, and securely routed  to the Levels dataset for inclusion in the research dataset.

The research dataset will be produced from the full Levels dataset by creation of a modified version of each participant data record for inclusion in the research dataset. The research dataset will include a randomized identification code created at account generation, which replaces identifying information for each participant in the dataset. The key that associates unique identifiers with individual participants will be securely stored by Levels separately from the research record and cannot be matched to any participant through any combination of the data within the research dataset to ensure de-identification is maintained.

The data collection and storage processes will be managed continuously during the study via these steps:

1. Data Collection - remote primary & secondary/exploratory biomarker and lifestyle data collection
2. Encryption and storage in Levels’ secure database
3. Generation of de-identified, coded research dataset

Post-study data analyses by Levels and/or 3rd party researchers will occur at the end of study.

In order to clarify this process graphically, a schematic illustrating the data management processes with the CGM system is demonstrated in Figure 1.