The Sleep Cycle app privacy notice
We believe that transparency is the key to any healthy relationship. We appreciate that you trust us with information about you, and we want to be transparent about how we use it.
You own your personal data, and you are always in control. Therefore, we offer you several ways to control the privacy of your personal information and we are constantly striving to improve the functions and features needed in order for you to be in control. As a default setting, personal data related to your health will only be stored locally on your device. Although the app is configured to send account information (such as user name and/or email address) and technical data (such as IP address and device type) to us in certain situations, we will not able to get hold of or exercise any control of your health data unless you give us your consent.
Sleep Cycle AB (“we”, “us”, “our”) is the data controller for any personal data that you or the Sleep Cycle app forward to us and we will process your personal data only in accordance with applicable legislation, such as the GDPR. We are not the data controller for personal data that is processed locally on your device.
This notice describes how we process your personal data. You will learn about the data we collect, how we use it, your rights, and the measures we take to keep it safe. We always make sure that your data is protected in accordance with applicable legislation.
If you have any questions, or feel you need any part of this notice explained, please contact us or our data protection officer.
General information about the Sleep Cycle app
When using the Sleep Cycle app, you will enter certain personal data into the app (such as your email address, your height and weight, when you go to bed and wake up, etc.), some personal data will be collected through your device’s accelerometer (such as your movements), microphone (such as snoring or other noises), camera (pulse), or device location (for weather and sleep location statistics), and some personal data will be derived (such as sleep efficiency and sleep quality).
Depending on what personal data you choose to provide, the data processed within the Sleep Cycle app may, alone or together with other data, indicate information about your health. Personal data, including health data, may also be collected from other sources, for example if you choose to connect the Sleep Cycle app with your Life Cycle app, or other (third party) apps – e.g. Google Fit or Apple Health. You have control over what data are stored and accessed between the different apps and you can modify these settings at any time. We do not collect information about you from any third party source unless you tell us (or the app) to do so.
If you and another Sleep Cycle app user is connected to the same WiFi, and you have given Sleep Cycle access to the WiFi, your devices will automatically connect with each other via the partner link feature (available in the app’s privacy settings). This allows the app to separate your noise(s) and movement(s) from the other app user’s, which will ultimately give you better and more to the point insights about your sleep. You can deactivate the partner link feature in the privacy settings at any time.
Please note that this notice does not apply to third party products or services or the practices of companies that we do not own or control, including other companies you might interact with, in or through Sleep Cycle, unless indicated otherwise. We will not be responsible or liable for: (i) the availability or accuracy of such third party apps or sites (ii) the content, products or services on or availability of such third party apps or sites; or (iii) your use of any such third party apps or sites.
How we use your data
Managing our relationship with you
We are delighted that you have chosen our app to get better insights into how you sleep and thereby hopefully improve your sleep quality. To manage our relationship and provide the app and thereto related services in a satisfactory and error free manner, we need to process your personal data. For example, we process your data when you create an account, if you contact our customer support team, for maintenance of the app, and for marketing purposes. Please find more detailed information on how we process your data when we manage our relationship, below.
|Why we process this data||Description||The personal data we process||Where we got it from||Legal basis for doing so||How long will we keep your data?|
|Create and manage your user account||If you create a user account, we will process the data you have provided in order to create, maintain and manage your account.||Name, email address, password.||You.||Our agreement with you (GDPR art 6.1(b)). If you do not provide the data, you will not be able to create an account.||One (1) year after your last activity.|
|Manage payments and returns||Payments and returns are handled by iTunes and Google Play. If you have registered your email address in the app, we will receive information on your payments and returns.This data will also be kept for bookkeeping purposes.||Active subscription and returns.||iTunes or Google Play.||Our agreement with you (GDPR art 6.1(b)).It is also necessary to comply with the Swedish Bookkeeping Act.||One (1) plus seven (7) years, in accordance with the Swedish Bookkeeping Act.|
|Provide customer support||If you have any questions or problems with the app, you can contact our customer support team who will help you with any questions or problems you may have.||Primarily, we will only process technical data (e.g. IP addresses, timestamps, log files, device type and operating system).Only in limited situations, additional information (including health data) may be required to resolve the issue.||You/the Sleep Cycle app.||Technical data is processed based on our agreement with you (GDPR, art 6.1(b)). In most cases, we need to process this data to be able to help you with your request.Health data is processed based on your consent (GDPR, art 6.1(a) and art 9.2(a)).||We will delete or anonymise the data as soon as the support ticket is resolved.|
|Marketing and communication||To send you notifications and respond to you when you contact us. If you have agreed to receiving e-mails from us, we may send you service and marketing related notices. If you want, you can unsubscribe to all our e-mails at any point. The information about how you unsubscribe is always presented in the email you’ve received.||Email address.||You.||Legitimate interest assessment (GDPR, art 6.1(f)).We assess that our legitimate interest to communicate with you outweighs the potential (but unlikely) impact this may have on your rights and freedoms. For more information on this particular balancing test, please contact us.||Until you opt-out from communication via email, or one (1) year after our relationship has ended.|
|Improve and personalize the services and to develop new ones||We may use your data to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new features and services.||Technical data (e.g. IP addresses, timestamps, log files, device type and operating system). For this purpose we may also process your location data.||You/the Sleep Cycle app.||We will only do this if we find that this use is compatible with the purpose for which the data was originally collected. If so, we will rely on the original legal basis.||Three (3) years from collection.|
|Respond to legal requests/requirements||We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Sleep Cycle app or the physical safety of any person.||All data in the Sleep Cycle app.||You/the Sleep Cycle app.||Use for this purpose is, by definition, compatible with the original purpose and no separate legal basis is required.Furthermore, any health data covered by the request which is necessary to process in order to establish, exercise or defend legal claims or whenever a court is acting in its judicial capacity will also be processed (GDPR; art 9.2(f)).||As long as we have to to establish, exercise or defend the claim in question.|
Store your sleep data on our servers
To protect your health data (i.e. sleep data) from loss you can choose to use our backup service. Then, we ensure that your health data are saved even if something would happen to the app on your device. We will store all the data available in the app on our secure servers, hosted by Google Cloud. Learn more about Google Cloud under “How we share your personal data and who we share it with”.
We will keep your health data in the backup until you withdraw your consent, or until you end your subscription. If you withdraw your consent we will immediately delete or anonymise your health data. If you unsubscribe to the service, we will keep your data for up to one (1) year, in case you change your mind within this period of time and want to start a new subscription. We will thereafter delete or anonymise your data as soon as possible.
Help us improve the Sleep Cycle app
We appreciate if you would like to help us improve the Sleep Cycle app by contributing with your health data. If we know how you are using the app, know about your sleep patterns and surrounding circumstances, etc. we can improve the app – this will make our, and ultimately your, insights better and more to the point and this will also improve your user experience. For this purpose, we will only use pseudonymised data, meaning that your health data will be awarded a hashed ID.
Your data will be stored in our product development environment (separate from the backup environment), hosted by Amplitude Inc. and their service provider Amazon Web Services. Learn more under “How we share your personal data and who we share it with”.
We will keep your data until you withdraw your consent or up to three (3) years from collection, whichever is longer. If you withdraw your consent we will immediately delete or anonymise your health data.
Help us improve the world
Provide aggregated and anonymous insights/statistics
If you consent, we may use your data (including health data) to share publicly and to third parties, for example, in public reports about sleep and activity, to partners under agreement with us, or as part of the community benchmarking information we provide to users of our subscription services. We will only share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify you as an individual.
Your data will be stored on our secure servers, hosted by Google Cloud. Learn more about Google Cloud under “How we share your personal data and who we share it with”.
If you withdraw your consent, we will stop using your data in the community benchmarking information. However, we may continue to store data that we have already collected based on your consent for statistical and scientific purposes (GDPR, art 9.2(j)). If so, your data will be stored only in pseudonymised form.
We want to make the world a better place and contribute in the best way we can. We have a large user base who uses the app on a daily basis. Many research projects are interested in gaining access to our users’ personal data and consequently, we may ask you to participate in a research study from time to time. If you want to participate, we will share your personal data (as identified in each individual case) with the investigator in question. Once the investigator has received your data, the investigator will be the data controller for any sub-sequent processing of the data.
Your personal data may be shared with the investigator “one-off” or on an ongoing and continuous basis, depending on the set up of the research project. If you withdraw your consent during a research study, we will immediately stop sharing your personal data. Your withdrawal does not affect previous transfers of data.
Depending on the research project, and the investigator, your data may be transferred to a country outside the EEA. We will make sure that your data enjoys the same level of protection as if it had remained within the EEA. For this purpose we will enter into EU Model Clauses with the investigator. Your data will be encrypted during transfer.
You will receive separate, and more specific, information about the research study in question in connection with signing-up to participate.
How we share your personal data and who we share it with
The data we store and otherwise process about you will be stored on secure servers hosted by Google Cloud. In addition, data that we process for product development purposes will be transferred to our product development environment (separate from the backup environment) hosted by Amplitude Inc. and their service provider Amazon Web Services.
We also use other service providers that may process your data on our behalf. When we communicate with you, for example via e-mail, your e-mail address may be transferred to Mailgun Technologies Inc. and Leanplum Inc. who provide e-mail and communication services. In order to provide the best possible customer support, we use the services of Zendesk Inc. We use Fivetran Inc. to facilitate transfers of data between the service providers mentioned above. Fivetran Inc. will only store data for twenty-four (24) hours.
As you may understand, this means that your data may be processed both within the EU/EEA, as well as in other locations outside the EU/EEA, including in the U.S. In order to ensure that your data enjoys the same level of protection as if it had remained within the EU/EEA, we have entered into EU Model Clauses with all our service providers who process personal data outside of the EU/EEA. In addition, your data will generally be encrypted during transit and rest, and the data stored Amplitude Inc. and Amazon Web Services will be pseudonymised.
You can exercise many of your rights directly in the Sleep Cycle app or on your device. You are always welcome to contact us directly and we will help you with your request. [link to contact information]
Right to information and access
You have the right to know if we process personal data about you. If we do, you also have the right to receive information about the personal data we process and why we do it. You also have the right to receive a copy of all personal data we have about you.
If you are interested in specific information, please indicate it in your request. For example, you can specify if you are interested in a certain type of information (e.g. what contact and identification information we have about you) or if you want information from a certain time period.
Right to have erroneous data corrected
If the data we hold about you are incorrect, you have the right to have it corrected. You also have the right to supplement incomplete information with additional information that may be needed for the information to be correct.
Once we have corrected your data, or it has been supplemented, we will inform those we have shared your data with about the update, provided that it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your data with.
If you request to have data corrected, you also have the right to request that we limit our processing during the time we investigate the matter.
Right to have data deleted
In some cases, you have the right to have your data deleted. You have the right to have your data deleted if:
- The data is no longer needed for the purposes for which we collected it,
- You withdraw your consent, if applicable,
- The data is used for direct marketing and you unsubscribe from it,
- You oppose use that is based on our legitimate interest and we cannot show compelling grounds that outweigh your interests,
- The personal data has been used illegally, or
- Deletion is required to fulfill a legal obligation.
You can delete specific data points, for example sleep sessions or comments posted by yourself, directly in the app. If you are not using the online backup services you can simply just uninstall the Sleep Cycle app in order to remove any stored data. If you choose to delete your account (or if you withdraw your consent), please note that while most of your information will be deleted within a few days, it may take up to thirty (30) days to delete all of your information, like the data stored in our backup systems. We may preserve data for legal reasons or to prevent harm.
If we delete data following your request, we will also inform those we have shared your data with, provided that it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your data with.
You may export your personal data to a CSV file from inside the app.
Objecting to data use
You have the right to object to processing that is based on our legitimate interest. If you object to the use, we will, based on your particular situation, evaluate if our interests in using the data outweigh your interests in the data not being used for that purpose. If we are unable to provide compelling legitimate grounds that outweigh yours, we will stop using the data you object to – provided we do not have to use the data to establish, exercise or defend legal claims. If you object to the use, you also have the right to request that we restrict our use during the time we investigate the matter.
You always have the right to object to, and thus unsubscribe from, direct marketing.
Right to withdraw consent
You have the right to withdraw your consent for a specific processing at any time. You can withdraw your consent in the privacy settings in the app or by contacting us [link to contact information].
Your withdrawal will not affect processing that has already been carried out.
Right to request restriction
Restriction means that the data is marked so that it may only be used for certain limited purposes. The right to restriction applies:
- When you believe the data are incorrect and you have requested correction. If so, you can also request that we limit our use while we investigate if the data are correct or not.
- If the use is illegal but you do not want the data to be deleted.
- When we no longer need the data for the purposes for which we collected it, but you need it to be able to establish, assert or defend legal claims.
- If you object to the use. If so, you can request that we limit our use while we investigate if our interest in processing your data outweighs your interests.
Even if you have requested that we restrict our use of your data, we have the right to use it for storage, if we have obtained your consent to use it, to assert or defend legal claims or to protect someone’s rights. We may also use the information for reasons relating to an important public interest.
We will let you know when the restriction expires.
If we limit our use of your data, we will also inform those we have shared your data with, provided that it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your data with.
Our policies for children
We appreciate the importance of taking additional measures to protect children’s privacy.
We do not knowingly collect personal data from children under the age of 16. If you have reason to believe that a child under the age of 16 uses the Sleep Cycle app please contact us and we will endeavor to delete that information from our databases [link to contact information].
Changes to privacy notice
We reserve the right to change this Privacy Notice from time to time. We will inform you of any changes by posting the updated notice in the app and on our website. If we make any material changes to our notice, we will push a notification through the Sleep Cycle app and/or by e-mail (if we have your e-mail address and you have not opted-out from such use). We encourage you to contact us if you have any questions about the notice or about how we process your personal data.
You may also submit complaints to a supervisory authority, in particular in the Member State of your habitual residence, place of work or where the alleged infringement of the GDPR took place. In Sweden, the supervisory authority is the Swedish Supervisory Authority for Privacy Protection.
|Name:||Sleep Cycle AB|
46411 15 Göteborg
|E-mail address:||[email protected]|
Data Protection Officer
|Postal address:||Sleep Cycle AB|
Att. Data Protection Officer
Kungsgatan 46411 15 Göteborg
|E-mail address:||[email protected]|
Versions in other languages than English
The original version of this Privacy Notice is written in English. To the extent a translated version of the Privacy Notice is in conflict with the English version, the English version shall prevail.