Privacy Policy
Privacy Policy
Data Controller
Legal Basis for Processing
- Contract Performance (Article 6(1)(b)): Account management, alarm functionality, subscription services
- Legitimate Interest (Article 6(1)(f)): App improvement, security, fraud prevention
- Explicit Consent (Article 9(2)(a)): Health-related data (sleep patterns, wake-up consistency)
Personal Data We Collect
- Email address, username, name
- Profile image (optional)
- Subscription status
- Wake-up times and patterns
- Alarm response times
- Sleep schedule consistency
- Alarm events and settings
- App usage patterns
- Device information (NFC capabilities)
- Friends list and connections
- Streak sharing preferences
- Achievement data
How We Use Your Data
- Provide alarm and wake-up tracking services
- Calculate streaks and achievements
- Enable social features with friends
- Improve app functionality and user experience
- Provide customer support
- Ensure app security and prevent fraud
- Comply with legal obligations
Data Sharing
- Supabase (Data Processor): Cloud database hosting
- RevenueCat (Data Processor): Subscription management
- TelemetryDeck (Data Processor): App analytics (if enabled)
- Your username and display name
- Current and best streaks
- Achievement progress (if you choose to share)
Data Retention
- Account data: Until account deletion + 30 days
- Alarm events: 2 years for analytics
- Health data: Until withdrawn consent + 30 days
- Support data: 3 years for service improvement
Your Rights (UK GDPR)
- Access your data (Article 15)
- Rectify inaccurate data (Article 16)
- Erase your data (Article 17)
- Restrict processing (Article 18)
- Data portability (Article 20)
- Object to processing (Article 21)
- Withdraw consent (Article 7)
International Data Transfers
- United States (Supabase, RevenueCat)
- European Union (TelemetryDeck)
- EU-US Adequacy Decision (where applicable)
- Standard Contractual Clauses
- Appropriate safeguards and security measures
Data Security
- End-to-end encryption for data transmission
- Row-level security in our database
- Regular security audits and updates
- Access controls and authentication
- Secure data centers with physical security
Children's Privacy
Changes to This Policy
- Changes in our services
- Legal requirements
- Industry best practices
- In-app notification
- Email (if provided)