Privacy Policy for Sleepr
This Privacy Policy explains how Mads Media (“we”, “us”, or “our”) collects, uses, and protects personal data when you use the Sleepr mobile application (the “App”). We are the data controller for the personal data described in this policy under Regulation (EU) 2016/679 (the “GDPR”) and the Danish Data Protection Act (databeskyttelsesloven).
- Data controller
- Mads Media
- CVR number
- 46062299
- Address
- 2500 Valby, Denmark
- Contact email
- sleeprsupport@gmail.com
1. Summary — what you should know
- Sleepr records audio from your device’s microphone overnight to detect snoring, coughs, talking, and movement, and to estimate sleep stages. Audio is processed entirely on your device and is never uploaded to our servers.
- If you grant permission, Sleepr reads your sleep and heart-rate data from Apple Health to enrich your nightly summary, and can write tracked sleep sessions back to Apple Health.
- We use Supabase as our backend to store your account, profile, sleep session summaries (numerical metrics — not raw audio), friend connections, and leaderboard entries.
- Our in-app sleep coach (“Somnus”) sends your messages and a small summary of your sleep metrics to Anthropic via our backend so the model can reply.
- We do not sell your personal data. We do not show third-party advertising in the App.
2. Data we collect and how we use it
2.1 Account and profile data
When you sign in with Apple or Google, we receive a stable user identifier and, depending on your provider settings, your email address and display name. We store these in our profiles table on Supabase together with preferences you set in the App (such as your sleep goal, time zone, notification preferences, and avatar).
Legal basis (GDPR Art. 6): performance of the contract you enter into when you create an account (Art. 6(1)(b)).
2.2 Sleep session data
For each tracked night, Sleepr stores a summary of the session: start and end time, estimated time in bed, estimated sleep duration, an estimated sleep-quality score, counts of detected events (snoring, coughs, talking, movement), and an estimated sleep-stage breakdown. Raw audio recordings stay on your device and are deleted after analysis; only the aggregated numerical results are synchronised to your account.
Legal basis: performance of the contract (Art. 6(1)(b)).
2.3 Apple Health data
If you grant HealthKit permission, Sleepr reads sleep analysis and heart-rate samples from Apple Health to enrich your nightly summary. With your permission, Sleepr also writes your tracked sleep sessions to Apple Health. HealthKit data is processed on your device and is not transmitted to our servers. You can revoke access at any time in iOS Settings > Health > Data Access & Devices > Sleepr.
Legal basis: your explicit consent for processing of health data (Art. 9(2)(a) GDPR), given through the iOS HealthKit prompt.
2.4 Microphone data
When you start a sleep session, Sleepr listens through your device’s microphone to detect events relevant to sleep quality. The audio is analysed in real time on-device by our audio engine and the resulting event counts and timestamps are saved locally. The audio itself is never stored in long-term form on the device and is never uploaded to our servers or to any third party.
Legal basis: your explicit consent given through the iOS microphone permission prompt (Art. 6(1)(a) GDPR).
2.5 Sleep coach (Somnus) chat data
If you use the in-app chat coach, your messages are sent to our Supabase Edge Function, which forwards them — together with a small context block containing your first name and aggregate sleep metrics (e.g. average quality, average duration, current streak, bedtime variance, primary sleep pattern) — to Anthropic’s API for a reply. Anthropic processes the request as our processor under their commercial terms and does not use the content to train their models.
Legal basis: performance of the contract (Art. 6(1)(b)).
2.6 Friends, leaderboards, and referrals
If you add friends or appear on a leaderboard, your display name, avatar, and aggregated score are visible to other users you are connected with. If you accept or share a referral code, we store a record of the referral relationship to award the corresponding reward.
Legal basis: performance of the contract (Art. 6(1)(b)) and our legitimate interest in operating the social and referral features (Art. 6(1)(f)).
2.7 Subscription data
Subscriptions are processed by Apple through StoreKit and the App Store. We do not receive or store your payment-card information. We receive only an anonymous transaction identifier and your current subscription status, which we use to unlock premium features.
Legal basis: performance of the contract (Art. 6(1)(b)).
2.8 Notifications and diagnostic data
If you grant notification permission, we use Apple’s push notification service to send sleep reminders and smart-alarm alerts. We may also process basic diagnostic information — such as a crash log or an error code — to keep the App working. We do not use third-party analytics or advertising SDKs.
Legal basis: our legitimate interest in operating and improving the App (Art. 6(1)(f)), and your consent for notifications (Art. 6(1)(a)).
3. Who we share data with (sub-processors)
We share personal data only with the service providers we need to run Sleepr. Each provider acts as our data processor under a written agreement and may only process your data on our instructions.
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Authentication, profile and sleep-session storage, friends and leaderboards, edge functions | EU / US |
| Apple | Sign in with Apple, push notifications, HealthKit, App Store subscriptions | EU / US |
| Google Sign-In (only if you choose this method) | EU / US | |
| Anthropic | Sleep-coach chat replies (Somnus) | US |
| Resend | Newsletter delivery and welcome email (if you opt in) | EU / US |
We do not sell your personal data and we do not share it with advertising networks or data brokers.
4. International transfers
Some of our processors (notably Anthropic, and parts of Supabase, Apple, Google, and Resend) may process data outside the European Economic Area, including in the United States. Where this is the case, the transfer is safeguarded by either (i) an adequacy decision of the European Commission, or (ii) the EU Standard Contractual Clauses adopted by the European Commission, supplemented where necessary by additional technical and organisational measures. You can request a copy of the relevant safeguards by emailing us at the address above.
5. How long we keep your data
- Account and profile data — for as long as your account is active. When you delete your account, we delete or anonymise associated data within 30 days, except where we are required to retain it (for example for accounting purposes under Danish bookkeeping law, currently 5 years).
- Sleep session summaries — until you delete the session in the App or delete your account.
- Microphone audio — discarded continuously during analysis; never retained beyond the live session.
- Chat history with Somnus — kept for as long as your account is active so the coach has context. You can clear the chat at any time in the App.
- Subscription transaction records — kept for as long as required by Danish tax and accounting law.
6. Your rights under the GDPR
You have the following rights regarding your personal data:
- Right of access — to obtain a copy of the personal data we hold about you (Art. 15).
- Right to rectification — to have inaccurate data corrected (Art. 16).
- Right to erasure — to have your data deleted (“right to be forgotten”) (Art. 17).
- Right to restriction — to limit how we process your data (Art. 18).
- Right to data portability — to receive your data in a structured, machine-readable format (Art. 20).
- Right to object — to processing based on our legitimate interests (Art. 21).
- Right to withdraw consent — at any time, without affecting the lawfulness of prior processing (Art. 7(3)).
To exercise any of these rights, email us at madsthorsen76@gmail.com. We will respond within one month, as required by Art. 12(3) GDPR.
You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) — Carl Jacobsens Vej 35, 2500 Valby, Denmark — or any other supervisory authority in the EU/EEA.
7. How we protect your data
We use industry-standard measures to protect your data: TLS encryption for data in transit, encryption at rest on our backend, row-level security policies on the database, and the principle of least privilege for access to production data. Our backend secrets — including the Anthropic API key — are stored as server-side environment variables and never ship in the App bundle.
8. Children
Sleepr is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it. Users between 13 and 15 in Denmark require parental consent under section 6(3) of the Danish Data Protection Act.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you in the App or by email before the changes take effect. The “Last updated” date at the top of this policy reflects the most recent revision.
10. Contact us
If you have any questions about this policy or how we handle your personal data, please contact us:
Mads MediaCVR 46062299
2500 Valby, Denmark
Email: madsthorsen76@gmail.com