Privacy Notice

Last Updated: February 11, 2025

Note if you are in the United States of America, this Privacy Notice does not cover Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”). For more information, see our HIPAA Notice of Privacy Practices.

This Privacy Notice describes how Tandem Diabetes Care, Inc. (“Tandem,” “us,” “we,” or “our”) collects, uses, and discloses your personal information through products and services that link to this Privacy Notice (collectively, our “Services”), which include, but are not limited to certain of our:

  • Websites, such as www.tandemdiabetes.com and www.sugarmate.io (“Websites”).
  • Web and mobile applications (“Apps”).
  • Online portals.
  • Downloadable computer software.
  • Connected devices, such as insulin pumps.
  • Offline activities, such as in-person or virtual tradeshows, customer interactions, conferences, seminars, focus groups or other events in which we participate or host, our social media channels, and surveys or questionnaires and any feedback you voluntarily provide to us (“Offline Activities”).

We may also collect personal information through other online services you use to interact with us, such as online webinars and social media platforms, where we may be unable to directly provide a link to this Privacy Notice because the online service is owned by another party.

Some of our other products and services will contain a link to their own privacy notice, which applies in lieu of this Privacy Notice.

If you are in the United States of America, please note this Privacy Notice does not cover our use, collection, or disclosure of your Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”). For more information about these practices, see our HIPAA Notice of Privacy Practices. If you are a California resident, please see the “Additional Information for California Consumers” section below, which sets forth additional information and rights you may have under California law relating to your information that is not HIPAA-covered PHI.

If you are in the European Union, Iceland, Liechtenstein and Norway (i.e., the "European Economic Area" or "EEA"), the United Kingdom ("UK"), Switzerland, Canada, or any other country that is not the United States, please see the “Additional Information for Users Outside the United States” section for additional information which is specific to you.

This Privacy Notice does not cover personal information that may be collected about you as an applicant for a job at Tandem or as a member of Tandem's workforce.

If you have any questions or concerns about our use of your personal information, please contact us using the contact details provided at the bottom of this Privacy Notice.

1. Collection of Personal Information

Personal information generally means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly with you. Personal information does not include information that is de-identified or aggregated. We may combine your personal information with data we obtain from our Services, other users, or other parties. We reserve the right to convert, or permit others to convert, your personal information into deidentified, anonymized, aggregated, or pseudonymized data, as permitted by law.

What personal information we collect may differ depending on how you interact with us. For example, we collect personal information when you use our Services, such as when you use our Apps which track your insulin. This personal information may differ from personal information we collect from health care providers, clinic administrators appointed by a health care provider (collectively referred to as “HCPs”), visitors to our Websites or physical offices or individuals who contact us or voluntarily share personal information with us.

Personal information we collect about you may include:

  • Contact information. This includes name, email address, phone number, billing and mailing address, and zip code. 
  • Identifiers. This includes your username, password, IP address, online identifiers, online advertising identifiers, and device identifiers or serial numbers. 
  • Usage information. This includes your device type, device operating system, unique device identification numbers, browser-type, internet service provider, details of cookies stored on your browser, diagnostic performance reports, which webpages you visited and when, time spent on the Services and other similar technical information like software type, version, language, settings, and configuration. We may also collect information about how you or your device has interacted with our Services, our Websites and Offline Activities.
  • Customer records. This includes your birth date; signature; information provided to us when you contact us (including the reason for your inquiry, information necessary to address your inquiry and any other information you voluntarily provide); and history of training with our Services.
  • Personal characteristics or traits. This includes demographic data, including those regarding characteristics protected by law, gender, and physical characteristics or description.
  • Commercial Information. This includes records of personal property; services purchased, obtained, or considered; or other purchasing or consuming histories or tendencies.
  • Internet/Network Information. This includes browsing history, search history, usage information, information regarding your interaction with our Websites, Apps, or advertisements.
  • Social Media Information. If you interact or engage with us through Social Media platforms, this includes the content of your post (which may include photographs or videos you post); the nature of your interaction (such as a “Like” or a “Retweet”); and your screen name or handle.
  • Geolocation Data. This includes your approximate geolocation.
  • Audio, electronic, visual, or similar information. This includes audio recordings of customer service calls, any images you voluntarily provide, and in-office interaction data such as security camera footage.
  • Feedback data. Any data you voluntarily provide to us as part of our Offline Activities.
  • Health-related data. This includes medical history, pregnancy status, current diabetes therapy information, lab charts, diagnosis and prescription history (including diabetes type, use of medications, your current insulin brand and insulin dosing information), biometrics, glucose and insulin data, blood sugar ranges, information related to your sleep, eating, and exercise habits, device data and any health information you voluntarily provide. Device data includes, for example, data collected from devices you use to access our Services, including data sent to us through App permissions; device operating system, Bluetooth address; UPC; purchase or device related information of that connected device; Services identification information such as a serial number; log of pump operations; and device interactions connected to our Services (such as interactions between the connected device and Services or any partner products, including continuous glucose monitoring devices and glycemic controllers). We may also collect information from our partner services when you connect our connected devices or our Services to them, for example, this may include information from manufacturers or suppliers of your previous or future pumps; manufacturers or suppliers of glucose monitors you use or have used, which could include glucose readings; existence of a health condition that may impact your therapy (such as pregnancy status, retinopathy, or neuropathy); eligibility for insurance coverage and payment amounts; evidence you received Services training; your HCP’s name and contact information; and/or details of your use of medical devices for diabetes therapy/medical treatment. 
  • User generated content. This includes any content or material you publish, post, or submit to us, such as photos and videos.
  • Inferences derived from personal information. This includes information about your characteristics, behavior, attitudes, aptitudes, interests or preferences, which may include inferences derived from your use of connected devices, or from combining multiple sources or categories of information. We may also supplement certain information we collect from you with outside records. External parties may provide us with information about you in connection with a co-marketing agreement or in connection with a tracking technology.
  • HCP Information. If you use our Services as an HCP, we may collect your assigned HCP account ID number, Clinic ID number, and other information in relation to our interactions with you in your role as an HCP.

Back to Top

2. Sources of Personal Information

We may collect your personal information directly from you, from other parties, or from you indirectly through cookies and other technologies, including through the following sources.

Directly from You, When You:

  • Communicate with us over the phone or via electronic or paper forms and communications, ask a question, request information, submit a complaint, enter information on our Services or seek customer support from us.
  • Post on our social media channels or interact or engage with us through Social Media platforms (including but not limited to Facebook, Twitter, Instagram, or Reddit).
  • Order Services, including submitting payment and registering our Services.
  • Register for an online account.
  • Provide us your purchased items or Services for evaluation/troubleshooting or participating in Services training (which may be one-on-one or in group settings).
  • Visit our physical offices.
  • Use location-based services.
  • Interact with our online Services, which may have tracking technologies, such as cookies, that we or our vendors place on our online Services, or which may have external-party features or Services, such as social media network tools.
  • Participate in our events, or other promotional activities, such as conferences or presentations.
  • Participate in a survey, participate in a focus group, test our devices, or provide your thoughts on our Services or marketing (e.g., Services ratings and reviews).
  • Interact with or sign up for our advertising, marketing or newsletter, including targeted ads or marketing communications, such as emails, where applicable.
  • Use connected devices, including our devices and those made by other companies, to interact with us or our Services.
  • Depending on your mobile device or App permission settings, our Apps may collect geolocation information (approximate location) and other information, for example, pair and access Bluetooth devices, view Wi-Fi and network connections, or receive data from the internet. If you do not consent to our collection of App permissions then this may impact on our ability to provide our Services or features to you and the functionality of the App.

Additional Sources:

We may also obtain your personal information from a variety of sources, including external parties such as advertising networks, internet service providers (ISPs), contractors, data analytics providers, government entities, and social networks, as defined by applicable law.

We may collect some information automatically from your computer, mobile phone, tablet, or other device when you visit our Websites, use our Apps, use our Services or participate in Offline Activities as well as security surveillance footage when you are physically present on our premises.

In addition, we work with distributors across the world in order to provide our Services to you. Personal information will therefore be provided by you to the relevant in-country distributor when using a Tandem Service. The distributor may pass on some of this information to us if necessary, for example, to return a faulty device for investigation. Please check your relevant in-country distributor's privacy notice to find out more about the information which it will process.

We may also receive personal information from partner services when you allow external parties to provide it to us. For example, when you connect our connected devices or our Services to them, or where you choose to use a Services feature provided by an external party. We may also receive personal information about you from partners when you integrate a partner’s product with our connected devices or Services or otherwise authorize a partner service to provide personal information about you to us. Examples of such third parties include, without limitation, Dexcom, data received through Apple Health and/or Google Fit, and data received from Nightscout, Intercom, Siri Shortcuts, and iCloud.

We may also collect personal information about you from third parties who host social media webpages that we manage.

Any use of an external online service may be subject to that service’s terms and privacy policies.

Indirectly Through Cookies and Other Tracking Technologies:

We may obtain your personal information through the use of cookies and other tracking technologies. For more details, see the Cookies and Other Tracking Technologies section of this Privacy Notice.

Back to Top

3. Use of Personal Information

We collect, use, disclose, or otherwise process your personal information for various purposes, including the following:

  • Providing Services. We may use your personal information to provide you our Services, including creating and activating your account; linking you to others across platforms (such as your HCP or individuals which whom you chose to share your information); enabling your activity within our Services (including connecting with your HCP, other users, or health management followers); enabling external-party features (e.g., social media connections) or other external-party products (e.g., connected devices); facilitating and managing purchases (including working with applicable insurance entities); providing software updates; shipping and tracking products, supplies, and related materials; verifying customer information; establishing, performance or maintaining an agreement or contract with you; and providing Services training.
  • To understand your use of our Services and ensure technical functionality of the Services. We may use your personal information to ensure that our Services are compatible with your devices as well as administering our Websites, displaying information more effectively, diagnosing problems with our networks and servers, better understanding who visits our Websites and/or uses our Services, where you are located and what content on our Websites and/or Services is of interest to you and personalizing your experience while using our Services.
  • Health Management. We may use your health-related data and other personal information to provide tailored information to support your health management such as providing insulin tracking, Services training, instructional feedback, and Services recommendations.
  • Geographic-Based Features. We may use location information, including approximate geolocation, to provide geographic-based features such as geographically relevant services, offers, or ads, and to conduct analytics to improve our Services and facilitate navigation.
  • Research and Development. We may develop new Services features and create new Services or improve existing Services (including our Websites and Offline Activities), including using personal information for internal purposes related to certain research, analytics, development, statistical, demonstration, innovation, testing, monitoring, customer communication, risk management, and administrative purposes. This may include when you participate in surveys or research activities such as academic, commercial, and research study purposes. This may also include surveys regarding your preferences, or data derived from your use of our Services for internal analytics.
  • Advertising. We may personalize your experience with us and our Services by conducting advertising, such as contextual, targeted, or behavioral advertising. For example, this allows us to recommend Services you might like or find useful. It also allows us to assess user interactions, including ad impressions to unique visitors, and quality of ad impressions. We may also use social media services such as matched ads to deliver ads to you on those social media platforms. If you disclose personal information using a social network, that disclosure will be governed by the social network’s privacy policy and preferences or settings.
  • Marketing Messages. We may use your personal information to communicate with you about the Services you have purchased or used; to provide you with promotional messages and personalized advertising (including invitations Offline Activities); to notify you of other Services; to notify you of Services we think may be of interest to you; and for other marketing purposes, where permissible by law.
  • Customer Service. We may use your personal information to respond to your requests for technical support (including product complaints, troubleshooting or malfunction); online service requests; Services information requests; or any other communication you initiate, including requests, inquiries, complaints, and information you may provide on our Websites.
  • Security. We may use personal information for security purposes to protect against unauthorized disclosure of personal information, as well as detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity. We may also use personal information for debugging to identify and repair errors that impair existing intended functionality of the Services.
  • Legal and Safety. We may use personal information to verify or maintain the quality or safety of a Service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the Service or device that is owned, manufactured, manufactured for, or controlled by us. We also use personal information to meet our legal obligations, work with law enforcement, and for public safety purposes. We may use personal information in order to comply with laws, regulations, court orders, or other legal obligations or to assist in an investigation; to protect and defend our rights and property, or the rights or safety of other parties; to enforce our Terms of Use, this Privacy Notice, or agreements with other parties; or for crime-prevention purposes.

Back to Top

4. Disclosure of Personal Information

We may disclose your personal information, as described above, to:

  • Affiliates. We may disclose personal information to companies or ventures that are owned or controlled by us or our affiliates in order to provide and improve our Services, for marketing purposes, and for advertising.
  • Vendors. We may disclose personal information to contractors, business partners, marketing partners, analytics providers, and other vendors to provide, improve, and personalize Services or where we have your permission to do so. Our vendors may engage subcontractors to perform Services for us.
  • Other Services Users. Where your personal information is disclosed publicly on our Services, such as when you allow us to share your feedback or testimonial or post in community forums or connect with others, it may be viewed by other visitors and users.
  • Your Insurance Providers. Depending on your location, we may assist you by providing personal information to your insurance providers to facilitate insurance coverage and payments for our Services.
  • Healthcare Providers (HCPs). We may disclose personal information to your healthcare providers to facilitate care. Note if you are in the United States of America, this Privacy Notice does not cover PHI under HIPAA. For more information, see our HIPAA Notice of Privacy Practices.
  • Distributors. We may disclose personal information to our distributors to provide the Services to you.
  • Law Enforcement, Government Agencies, Professional Advisers, and Similar Parties. We may disclose personal information for legal compliance, law enforcement, and public safety purposes, as allowed by law. For example, to law enforcement, government or regulatory bodies, lawful authorities, or other authorized external parties in order to comply with laws, regulations, court orders, or other legal obligations or to assist in an investigation, to protect and defend our rights and property, or the rights, vital interests or safety of other parties, to comply with law enforcement proceedings, to enforce our Terms of Use, this Privacy Notice, or agreements with other parties, to help with public health, safety issues or for crime-prevention purposes. This may include working with a medical examiner or funeral director.
  • Others. We disclose your personal information when you consent or direct us to disclose it, such as where you connect our connected devices to a compatible service not provided by us and individuals with whom you voluntarily share your account.
  • Buyers. We may disclose personal information to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed sale or transfer of all or a portion of our business assets (e.g., further to an actual or proposed merger, reorganization, liquidation, bankruptcy, or any other business transaction), including negotiations of such transactions.

Back to Top

5. Personal Information Provided to External Businesses

This Privacy Notice does not apply to the practices of companies we do not own or control. Our Services may provide a link or otherwise provide access to external services. We provide these links merely for your convenience. We have no control over, do not review, and are not responsible for external services. External services and other businesses may have their own privacy policies applicable to their personal information processing.

Back to Top

6. Cookies and Other Tracking Technologies

We may use cookies, pixels, software development kits (SDKs), web beacons, mobile analytics and advertising IDs, and similar online tracking technologies (collectively “cookies” or “tracking technologies”) managed by vendors or external parties, for various reasons, such as recognizing your devices and your preferences when you log in to your Tandem account, protecting your Tandem account data, helping us improve our Services by tracking statistical information related to navigation, keeping our Services secure, troubleshooting, and generally providing a better experience on our Services.

We may use technology vendors in connection with your activity on certain pages of our Websites. The tools these vendors provide help us control how user personal information is collected by online tracking technologies. These tools also allow us to limit how certain types of Website user data, such as details about your activity on our Websites, may be transmitted to other parties.

In certain circumstances, we may combine tracking technology information with other personal information about you. We or external parties, on our behalf and pursuant to contract, may collect personal information about your online activities over time and across different online services when you use our Services.

We may use Google Analytics or other providers (such as Google Tag Manager and New Relic) for analytics services. We may also implement Google Analytics Advertising Features such as remarketing with analytics and interest-based ads. We may use first-party cookies or other first-party identifiers as well as third-party cookies or other third-party identifiers to deliver advertisements, measure your interests, and/or personalize content.

For more information on how these providers use data collected through our Services or to opt-out, visit:

You may also opt out of certain tracking technologies by visiting the opt-out services by the Digital Advertising Alliance in the U.S., the Canadian Digital Advertising Alliance in Canada, and the European Digital Advertising Alliance in the EU. You can visit Ad Choices (US), Your Ad Choices (Canada), or Your Online Choices (EU). Opting out through these services does not mean you will no longer receive advertising from us, or when you use the internet.

Depending on your device settings, you may also opt out of certain interest-based advertising through the device’s "Limit Ad Tracking" or equivalent feature. Refer to your device for more information on what this opt out affects. For instance, you can generally adjust or reset the advertising identifiers on your mobile device in the device settings. In addition, iOS and Android operating systems provide options to limit tracking and/or reset advertising IDs.

You can set your browser to refuse cookies from websites, but if you do so, you may not be able to access or use portions of our Services, and certain offerings on our Services may not function as intended or as well.

To control web beacons, most email providers have settings which allow you prevent the automatic downloading of images, which will disable web beacons in the email messages you read.

We are not responsible for opt-out processes provided by external parties.

Back to Top

7. Interactive Features

We may engage vendors to provide certain interactive features on our Services. Your use of these interactive features is voluntary, and we may retain the information that you submit through these features. For example, we may offer an interactive chat or voice assistance features on our Services to answer questions and for other customer service purposes. When you participate in the interactive features, either with a virtual or live agent, the contents of the communication may be captured and kept as a transcript. By using these features, you understand that our vendors may process the information obtained through the feature to provide the service on our behalf.

Back to Top

8. Security

We use appropriate administrative, technical, physical, and organizational measures to protect the personal information we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. While we implement security measures designed to be appropriate to the relevant risks, please note no data transmission over the internet or any wireless network can be guaranteed as 100% secure.

Back to Top

9. Data Retention

We will store your personal information for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be required or permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements.

Back to Top

10. Your Choices

Some of our Services may have settings available to you to allow you to set preferences. Information collected through our various Services, such as between our online portals and Apps, may not be synchronized (especially when you are not logged into one Service, and you are logged into another). Where information is not synchronized and you would like to have consistent settings, you may make sure your settings across Services are consistent by accessing each Service independently, and you may contact customer service if you have any issues.

Some of our Websites provide you with the opportunity to manage your cookie and tracking technology settings. To opt out of the use of certain tracking technologies, please click on the “Do Not Sell or Share my Personal Information” link in the footer of the Website you are visiting.

If you receive marketing emails from us, you may opt out through the email’s instructions, as provided. Please note that regardless of your email preferences, we may send you notifications pertaining to the performance of our Services, such as revision of our Terms of Use or this Privacy Notice or other formal communications relating to Services you have purchased or used. If you receive texts from us, you may opt out by texting “STOP” to the number contacting you.

Back to Top

11. Children’s Personal Information

Parts of our Services may be available and/or directed to children. Where required by law, we seek to obtain the verifiable parental consent from the child’s parent or guardian. Where the law requires us to obtain verifiable parental consent and we learn that a child, as defined under that legal requirement, has provided us personal information independently without the permission of their parent or guardian, we delete that information.

Back to Top

12. Additional Information for California Consumers

This Section is provided pursuant to the California Consumer Privacy Act, as amended (the “CCPA”) and describes how Tandem may collect, use, and disclose personal information of consumers that reside in California. Please note certain information we collect, use, and disclose is considered PHI, as described above, and is therefore covered by our HIPAA Notice of Privacy Practices. For more information, please visit www.tandemdiabetes.com/legal/privacy/hipaa-notice-of-privacy-practices.

Unless otherwise noted, the disclosures in this Section cover our activities in the twelve (12) months preceding the “Last Updated” date, as well as our current practices.

How and Why We Collect, Use, and Disclose Your Personal Information

Tandem may collect, use, and disclose the personal information as set out in the Collection of Personal Information, Sources of Personal Information, Use of Personal Information, and Disclosure of Personal Information sections above.

Selling and Sharing of Personal Information

We may sell or share the following categories of personal information with third parties for the purposes of cross-context behavioral advertising: identifiers, internet or other electronic network activity, and approximate geolocation data. We sell and/or share this personal information with third parties for advertising purposes. The third parties to whom this personal information was sold and/or shared are advertisers and analytics vendors. When we use the terms sell, sold, or sale, we mean for valuable consideration and not monetary value.

We offer you the ability to opt out of sales and sharing of your personal information as set forth in the “California Privacy Rights” section below.

We do not have actual knowledge that we sell or share the personal information of consumers under sixteen (16) years of age.

California Privacy Rights

If you are a resident of California, you have the right to submit certain requests relating to your personal information as described below. To exercise your CCPA rights, please submit a request by email to privacy@tandemdiabetes.com and indicate that you are making a HIPAA request. To exercise your CCPA rights, please submit a request by email to privacy@tandemdiabetes.com, or by calling us at 1-877-283-8720. Please note that, depending on the nature of your request, you may be asked to provide information to verify your identity before your request can be processed.

You may designate an authorized agent to make a request on your behalf; however, you will still need to verify your identity directly with us before your request can be processed.

If you would like to submit a request pursuant to your rights under HIPAA instead of CCPA, please contact us at privacy@tandemdiabetes.com and indicate that you are making a HIPAA request.

Right to Know. You have the right to know what personal information we have collected about you, which includes:

1. The categories of personal information we have collected about you, including:

a.    The categories of sources from which the personal information was collected.  

b.    Our business or commercial purposes for collecting, selling, or sharing personal information.

c.    The categories of recipients to which we disclose personal information.

d.    The categories of personal information that we sold and shared, and for each category identified, the categories of third parties to which we sold and shared that particular category of personal information.

e.    The categories of personal information that we disclosed for a business purpose, and for each category identified, the categories of recipients to which we disclosed that particular category of personal information.

2. The specific pieces of personal information we have collected about you.

Right to Delete Your Personal Information. You have the right to request that we delete personal information we collected from you, subject to certain exceptions.

Right to Correct Inaccurate Information. If you believe personal information we maintain about you is inaccurate, you have the right to request we correct that personal information.

Right to Opt Out of Sales and Sharing of Personal Information. You have the right to opt out of the sale or sharing of your personal information and to request that we do not share your personal information for cross-context behavioral advertising, which only applies to Tandem in the context of cookies and other tracking technologies. To opt out of the sale or sharing of your personal information via cookies and other tracking technologies, please click on the “Do Not Sell or Share my Personal Information” link in the footer of our Website. You may also opt out of the sale or sharing of your personal information through an opt-out preference signal. In order to process your request through an opt-out preference signal, you must use a browser or extension supporting the preference signal.

Right to Limit Use and Disclosure of Sensitive Personal Information. We do not use or disclose sensitive personal information for purposes to which the right to limit use and disclosure applies under the CCPA.

Right to Non-Discrimination for the Exercise of Your Privacy Rights. If you choose to exercise any of the privacy rights described above, we will not discriminate against you.

California Shine the Light

We do not share personal information with third parties or affiliates for those third parties’ or affiliates’ own direct marketing purposes. Californians may request information about our compliance with this law by contacting us at privacy@tandemdiabetes.com.

Back to Top

13. Additional Information for Users Outside of the United States

Data Subject Rights

Please note, we do not currently use your personal information for automated decision making which produces legal effects concerning you or similarly significantly affects you.

The European Union’s General Data Protection Regulation (“GDPR”), the UK’s General Data Protection Regulation (“UK GDPR”), Switzerland’s Data Protection Act, and other data protection laws provide data subjects with certain rights regarding their personal information. If you are located in certain countries, subject to certain conditions, you may ask us to take the following actions in relation to your personal information:

  • Confirm whether we process your personal information, provide you with information about our processing of your personal information, and give you access to your personal information.
  • Update, complete, or correct out of date, incomplete, or inaccurate personal information.
  • Request that your personal information be deleted, destroyed, or anonymized.
  • Transfer a machine-readable copy of your personal information to you or an external party.
  • Restrict the processing of your personal information.
  • Object to our processing of your personal information for direct marketing purposes.
  • Obtain information about and object to our reliance on legitimate interests as the basis for processing of your personal information.
  • Withdraw your consent for processing personal information where applicable.

You may designate someone to act on your behalf, for example, if you have given someone power of attorney or if someone is your legal guardian.

If you reside in Canada, you have the right to request how we use your personal information and the recipients to which it has been disclosed. If you live in Canada and would like to receive written information about our policies and practices regarding service providers outside of Canada, please submit your request via email per the instructions provided below in this section.

If you reside in Italy and are an individual with a direct interest in a deceased user’s personal information, or are a representative of a deceased user acting to protect the deceased user or his/her family interests, then you have the right to exercise the rights described above except for the right to delete.

If you reside in France, you may designate a person to carry out specific or general instructions on how to store, delete, or communicate the personal information relating to you after your death. If the instructions relate only to the personal information we hold about you, you may choose to directly notify us such instructions.

If you reside in Portugal, you may appoint someone who can exercise your rights or to give instructions not to exercise them at all after your death regarding special categories of personal information (such as health data) or data related with private life, images, or communications. You may exercise some of these rights and choices through Service features, such as editing your account settings or profile details when you are logged in. Additionally, you can submit requests by email as described below.

If you would like to submit a request to exercise any of the rights described in this section, you may you submit requests by email to privacy@tandemdiabetes.com. We may request specific information from you to help us confirm your identity prior to processing your request. Applicable law may require or permit us to decline your request.

If you would like to submit a complaint about our processing of your personal information or our response to your requests regarding your personal information, you may contact us at DPO@tandemdiabetes.com or submit a complaint to a data protection regulator. EEA residents can find information about your data protection regulator here. The data protection regulator for residents of the UK is the Information Commissioner’s Office. If you live in Switzerland, you can lodge a complaint with the Federal Data Protection and Information Commissioner, via the contact details located here. In Canada, the regulators are the Data Protection Authorities in the provinces of British Columbia, Alberta and Quebec.

Legal Bases of Processing

For users located in jurisdictions that require certain bases for processing personal information, including the EEA and the UK, our processing of your personal information is carried out under the following legal bases:

  • The processing is necessary for us to provide you with the Services you request, or to respond to your inquiries, such as to comply with our contractual obligation to fulfill transactional services.
  • We have a legal obligation to process your personal information, such as compliance with applicable tax and other government regulations or compliance with a court order or binding law enforcement request.
  • The processing is to protect your vital interests, or those of others.
  • We have a legitimate interest in carrying out the processing activity. In particular, we have a legitimate interest to:
    • Analyze and improve the safety and security of the Service. This includes implementing and enhancing security measures and safeguards and protecting against fraud, spam, and abuse.
    • Maintain and improve the Service.
    • Operate the Service and provide you with certain information and communications tailored to, and in accordance with, your preferences.
  • You have consented to the processing of your personal information. When you consent, you may change your mind at any time.

Given the nature of our business, we may process special categories of your personal information in the form of health information. This information includes diabetes therapy data, such as your glucose levels, biometrics, related exercise and eating habits, and lab charts. We will only process this information in accordance with applicable law such as obtaining your explicit consent or where processing is necessary for reasons of public interest in the area of public health.

Transfers of Personal Information for Data Subjects located in the EEA, UK, and Switzerland

Where we transfer your personal information to countries and territories outside of the EEA, the UK and Switzerland, which have been formally recognized as providing an adequate level of protection for personal information, we rely on the relevant “adequacy decisions” from the European Commission, “adequacy regulations” from the Secretary of State in the UK, and the adequacy assessment from the Swiss Federal Council, as applicable (together referred to as "EEA/UK/Swiss adequacy decisions").

Some EEA /UK/Swiss adequacy decisions require Tandem to take steps in order for relevant transfers to be covered, in particular for transfers to the U.S. under the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the UK Extension to the EU-U.S. DPF ("UK Extension"), and the Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF") as set forth by the U.S. Department of Commerce.

Tandem Diabetes Care, Inc. has certified to the U.S. Department of Commerce that they adhere to:

  • the EU-U.S. Data Privacy Framework Principles ("EU-U.S. DPF Principles") with regard to the processing of personal information received from the EEA in reliance on the EU-U.S. DPF and from the UK in reliance on the UK Extension to the EU-U.S. DPF; and
  • the Swiss-U.S. Data Privacy Framework Principles ("Swiss-U.S. DPF Principles") with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF.

To learn more about the Data Privacy Framework ("DPF") and to view our certification, see here. It is important however for us to provide you with the following information about our certification:

  • We will only rely on the UK Extension and the Swiss-U.S. DPF as transfer mechanisms under the applicable data protection laws, once respectively (i) the adequacy regulations implementing the data bridge for the UK Extension; and/or (ii) the Swiss Federal Council's recognition of adequacy of the Swiss-U.S. DPF, enter into force.
  • We are responsible for the processing of personal information received under each DPF and, subsequently, transfers to a third party acting on our behalf. We comply with the DPF Principles for all onward transfers of personal information we receive in reliance on the EU-U.S. / Swiss-U.S. DPF Principles and/or the UK Extension, including the onward transfer liability provisions. In particular, where we have received your personal information in the U.S. in reliance upon the EU-U.S. / Swiss-U.S. DPF Principles and/or the UK Extension, if we subsequently transfer that information to a third party acting on our behalf, and that third party processes your personal information in a manner inconsistent with the Principles, we will remain liable unless we can prove we are not responsible for the event giving rise to the damage.
  • With respect to personal information received or transferred pursuant to each of the DPFs, Tandem is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • If you want to contact us with any inquiries or complaints regarding our reliance on the DPFs, you can email us at privacy@tandemdiabetes.com or please see the How to Contact Us section at the end of this Privacy Notice.
  • •If you have an unresolved privacy concern that we have not addressed satisfactorily, you can contact the individual panel established by the EU DPAs and, as applicable, the UK Information Commissioner’s Office (ICO) (and the Gibraltar Regulatory Authority (GRA)), and/or the Swiss Federal Data Protection and Information Commissioner (FDPIC) free of charge to make a complaint. Tandem commits to cooperate and comply with the advice of this panel. Under certain conditions, more fully described on the DPF website you may also invoke binding arbitration when other dispute resolution procedures have been exhausted.

Where the transfer is not subject to an adequacy decision or regulations, we take appropriate safeguards to require your personal information will remain protected. The safeguards we use under GDPR, include the European Commission’s Standard Contractual Clauses ("SCCs") as issued on 4 June 2021, in the form of modules 1 (controller to controller), module 2 (controller to processor), module 3 (processor to processor) and/or module 4 (processor to controller), as appropriate depending on our relationship with the recipient(s). We incorporate the UK's International Data Transfer Addendum to the EU Commission SCCs as permitted under Article 46 of the UK GDPR, when transferring personal information protected under UK GDPR and the Swiss Addendum to the SCCs as provided by the FDPIC in its statement of 27 August 2021.

Our SCCs can be provided on request. Please note some sensitive commercial information may be redacted. For details of what personal information may be transferred to group entities or third parties, please see the Disclosing Your Information section of this Privacy Notice above.

In exceptional circumstances, personal information may also be transferred to countries that are not subject to an adequacy decision or regulations on the basis of a derogation. A derogation may apply, for example, in case of legal proceedings abroad, if transfer is necessary for the performance of a contract, if you have consented to the transfer, or if the data has been made generally available by you and you have not objected to the processing.

Back to Top

14. Updates to this Privacy Notice

We may update this Privacy Notice from time to time. You can see when this Privacy Notice was last updated by checking the “Last Updated” date displayed at the top of this Privacy Notice. Any changes to this Privacy Notice take effect immediately after being posted or otherwise provided by Tandem.

Back to Top

15. How to Contact Us

If you have questions regarding this Privacy Notice or our personal data processing, please contact us at privacy@tandemdiabetes.com or

Tandem Diabetes Care, Inc.
Attn: Legal Department
12400 High Bluff Drive
San Diego, CA 92130

To contact Tandem’s EEA and UK Data Protection Officer (DPO), please contact us at DPO@tandemdiabetes.com or

Fieldfisher LLP
Attn: Data Privacy
Riverbank House
2 Swan Lane
London
EC4R 3TT

The data controller of your personal information is Tandem Diabetes Care, Inc.