Privacy Policy

Last updated: October 13, 2025

Your privacy is of the utmost importance to us. This Privacy Policy explains how Sleepnosis, LLC and our subsidiaries and affiliates (together, “Sleepnosis,” “we,” or “us”) collect, use, and disclose information about you when you access or use our websites, mobile applications, and other online products and services (the “Services”). It also includes information required by the laws of the European Economic Area (EEA), the United Kingdom (UK), and similar jurisdictions.

1. Who We Are (Controller)

For the purposes of the EU/UK data protection laws, Sleepnosis, LLC is the “controller” of your personal data unless stated otherwise in this Policy.

2. Information We Collect

Information You Provide

• Account details: name, email address, and any profile information you choose to provide.
• Payment details: subscription status and purchase metadata (processed by Apple App Store / Google Play; we do not store full card numbers).
• Preferences & interactions: favorites, recently played, goals, feedback, support messages.

Information Collected Automatically

• Usage: sessions completed, content played, screens/features used, crash/diagnostic logs.
• Device & app: device type, OS, app version, language, IP address, timestamps, country/region derived from IP.
• Identifiers: in-app user ID; where permitted, device advertising identifiers (e.g., Google Advertising ID) and on iOS the IDFA (subject to App Tracking Transparency).

Information From Other Sources

• App stores: purchase validation and subscription status.
• Service providers/SDKs: analytics and install measurement (see “Processors & SDKs”).

3. Firebase Services We Use

• Firebase Authentication: account creation and sign‑in (email, hashed password handled by Firebase), user ID (UID).
• Cloud Firestore: app data tied to your account (favorites, recently played, subscription/trial metadata).
• Firebase Storage: delivery of media files (images/audio) with access controlled by Security Rules.
• Firebase Hosting: website and policy pages.
• Firebase App Check: protection against abuse via app/device attestation.

4. Legal Bases for Processing (EEA/UK only)

We process personal data only when we have a valid legal basis under the EU/UK GDPR:

• Contract: to provide and operate the Services you request (e.g., create an account, deliver content, manage subscriptions).
• Legitimate interests: to keep our Services secure, prevent abuse, understand usage, and improve features. We balance these interests against your rights and expectations.
• Consent: for optional activities such as certain analytics/advertising identifiers on mobile devices and, where applicable, cookies or similar technologies. You may withdraw consent at any time.
• Legal obligation: to comply with laws (e.g., tax, accounting, consumer protection).
• Vital interests: only in rare cases to protect someone’s life or physical safety.

5. How We Use Information

• Provide, personalize, and maintain the Services (including authentication and audio playback features).
• Operate subscriptions and free trials; process transactions via app stores.
• Communicate with you about your account, purchases, updates, and support.
• Monitor performance, debug, and improve reliability and safety.
• Create aggregated or de‑identified insights for product research.
• Comply with legal obligations and enforce our terms.

6. Processors & SDKs (including Analytics/Attribution)

We work with service providers that act as our processors under contract and only process data on our instructions. These include Google Firebase (authentication, database, storage, hosting, security) and analytics/attribution providers such as Meta App Events (for basic install measurement) and similar tools we may add from time to time. Where required by law, we rely on your device or platform settings (e.g., App Tracking Transparency on iOS) and/or your consent.

Controls: On iOS, review tracking permission at Settings → Privacy & Security → Tracking. On Android, you can reset or limit the advertising ID at Settings → Privacy → Ads (menu names may vary by device).

7. Cookies & Similar Technologies

Our website may use cookies and similar technologies for essential functions, performance, and (where enabled) analytics. Where required, we will present a consent banner that lets you accept, reject, or manage categories. You can also adjust your browser settings to block or delete cookies.

8. Sharing of Information

• Service providers: hosting, authentication, storage, analytics, and operations support under our instructions.
• Professional advisors: auditors, legal counsel, consultants under confidentiality.
• Legal and safety: when required by law or to protect rights and safety.
• Business transfers: in connection with a merger, acquisition, or asset sale.
• Affiliates: within the Sleepnosis corporate group.
• With your consent: when you choose to link or share data with third parties.

We may share aggregated or de‑identified information that does not reasonably identify you.

9. International Data Transfers

We are based in the United States and may process data in other countries. When transferring personal data from the EEA/UK to countries without an adequacy decision, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK equivalents) and implement additional measures where appropriate.

10. Data Retention

We retain personal data only as long as necessary for the purposes described above, to comply with legal obligations, or to resolve disputes. Backups and logs may persist for a limited period before automatic deletion.

11. Your Rights (EEA/UK and similar jurisdictions)

Subject to applicable law, you may have the right to:

• Request access to your personal data and obtain a copy.
• Request correction (rectification) of inaccurate data.
• Request deletion (erasure) of your data.
• Request restriction of processing.
• Object to processing based on legitimate interests.
• Withdraw consent where processing is based on consent.
• Request data portability.
• Lodge a complaint with your local supervisory authority.

To exercise your rights, contact us at support@sleepnosis.com. We may ask you to verify your identity and will respond as required by law.

12. Children’s Privacy

Our Services are not directed to children under 13 (or under 16 in the EEA/UK, or a lower age as permitted by local law). We do not knowingly collect personal data from children. If we learn that we have, we will delete it.

13. Security

We use administrative, technical, and organizational measures designed to protect personal data, including encryption in transit, authentication, role‑based access, and Firebase Security Rules. However, no method of transmission or storage is 100% secure.

14. How to Delete Your Account

You can request deletion of your account and associated data at sleepnosis.com/delete-account. That page explains what data is deleted or retained and typical timelines.

15. Contact Us

Sleepnosis, LLC
Email: support@sleepnosis.com
Website: www.sleepnosis.com

16. EEA/UK Representatives (Article 27) — if applicable

If you appoint an EU and/or UK representative under GDPR Article 27, list their contact details here. If you determine Article 27 does not apply to you, you may remove this section.

• EU Representative: [Name/Company], [Address], [Email/Telephone]
• UK Representative: [Name/Company], [Address], [Email/Telephone]

U.S. State Privacy Notice (California, Colorado, Connecticut, Virginia, Utah)

If you reside in a U.S. state with a comprehensive privacy law (e.g., California/CPRA), this section applies in addition to the rest of our Privacy Policy.

• Categories we collect: Identifiers (name, email, in-app user ID, device/advertising identifiers where permitted), Internet/usage data (app activity, diagnostics), Device data (OS, language, IP-derived region), Commercial information (subscription status), Inferences (non-sensitive product analytics). We do not collect precise geolocation or sensitive personal information.
• Sources: You, your devices, app stores, and our service providers/SDKs (e.g., Firebase, Meta App Events).
• Purposes: Provide and secure the Services, process subscriptions, measure performance, fix bugs, improve features, comply with law.
• Disclosures to service providers: We share the above categories with vendors that process data on our behalf under contracts (no independent use).
• “Sell”/“Share” of personal information: We do not sell personal information. We also do not “share” personal information for cross-context behavioral advertising. If this changes, we will update this Notice and provide a “Do Not Sell or Share” option.
• Global Privacy Control (GPC): If we offer web experiences that use cookies for advertising, we will honor GPC signals where applicable.
• Your rights: access/know, delete, correct, portability, and limit the use of certain data. To submit a request, email support@sleepnosis.com. We will verify your request and respond as required by law. If we deny a request, you may appeal by replying to our decision email with “Appeal.”
• Non-discrimination: We will not discriminate against you for exercising your privacy rights.
• Minors: We do not knowingly sell or share personal information of consumers under 16 years of age.
• Retention: We retain data only as long as needed for the purposes described above or as required by law, then delete or de-identify it.
• Contact: Sleepnosis, LLC — support@sleepnosis.com

17. Changes to This Policy

We may update this Privacy Policy from time to time. If we make changes, we will revise the “Last updated” date above and, where appropriate, provide additional notice within the app or by email.