Effective date: May 31, 2026 · Last updated: May 31, 2026
SnoozeSync ("SnoozeSync," "we," "us," or "our") provides a cognitive behavioral therapy for insomnia (CBT-I) self-help application and related website at app.snoozesync.com. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how long we retain it, and how you can delete it. SnoozeSync is a wellness and educational tool; it is not a medical device and does not provide medical diagnosis or treatment.
This policy applies to the SnoozeSync mobile application, the web application at app.snoozesync.com, and any related services we operate (collectively, the "Service"). It does not apply to third-party websites, apps, or services that we do not control, even where we link to them.
For the purposes of the EU/UK General Data Protection Regulation (GDPR) and similar laws, SnoozeSync is the data controller for personal data processed through the Service. Our contact details are in Section 13.
SnoozeSync is built on a local-first architecture. The substantive content you create — your sleep diary, your profile, your AI Coach conversations, and your in-app preferences — is stored on your own device or browser by default and is not transmitted to or stored on our servers. We hold only the minimum data on our servers needed to operate your account and subscription.
This data resides in your device's local storage and is under your control. We do not receive a copy of it on our servers.
We use personal data only to: (a) authenticate you and operate your account; (b) provide and personalize CBT-I features, including the AI Coach; (c) process and manage your subscription; (d) respond to your support requests; (e) maintain the security, reliability, and integrity of the Service; and (f) comply with legal obligations. We do not sell your personal data, and we do not use your sleep data or AI Coach conversations for advertising.
Where the GDPR applies, we rely on the following legal bases: performance of a contract (operating your account and subscription); consent (optional features and any non-essential processing, which you may withdraw at any time); legitimate interests (securing the Service and preventing abuse, balanced against your rights); and legal obligation (retaining limited billing/tax records).
We share personal data only with the service providers ("processors") needed to run the Service, each under a data-processing agreement, and where required by law. We do not sell or rent personal data.
| Processor | Purpose | Data involved |
|---|---|---|
| Google (Gemini API) | Generate AI Coach responses | AI Coach message content (transient; not retained by Google) |
| Stripe | Subscription billing & payment processing | Payment card details, billing identifiers |
| Sentry | Error monitoring & app stability | Crash traces, device/OS type, non-identifying error IDs |
We may also disclose data if required by valid legal process, to protect our rights or the safety of users, or in connection with a merger or acquisition (in which case we will notify you and this policy will continue to govern your data).
We protect data in transit using TLS encryption, store passwords using industry-standard salted hashing, restrict server access on a least-privilege basis, and rely on reputable processors (Google, Stripe, Sentry) that maintain their own security programs. Because your diary, profile, and coaching data live on your device, the most sensitive content never traverses our servers. No method of transmission or storage is perfectly secure, but we work to protect your data and will notify you and regulators of any qualifying breach as required by law.
We keep personal data only for as long as it is needed for the purposes described in this policy, after which we delete or anonymize it. Because SnoozeSync is local-first, most of your data has no server-side retention period at all — it remains on your device until you remove it.
| Data | Where stored | Retention period |
|---|---|---|
| Sleep diary, profile, AI Coach history, preferences | Your device / browser (local) | Retained on your device until you clear site data or uninstall the app. We hold no server copy and apply no separate retention period. |
| Account credentials (email, hashed password) | Our servers | Retained while your account is active. Deleted within 30 days of a verified account-deletion request or after a prolonged period of account inactivity (see 7.3). |
| Subscription records (status, dates, processor token) | Our servers | Retained while your account is active and deleted within 30 days of account deletion, except limited billing entries kept for legal/tax compliance (see 7.2). |
| Support communications | Our servers / email | Retained up to 24 months after your last contact, then deleted. |
| AI Coach message content | Google Gemini API (transient) | Not retained beyond the request, per Google's API terms. |
| Payment data | Stripe | Retained by Stripe per its own retention schedule and legal obligations. See stripe.com/privacy. |
| Diagnostic error logs | Sentry | Automatically deleted on a 90-day rolling basis. |
Where law requires us to keep certain records — for example, transaction and tax records for billing-dispute resolution and accounting obligations — we retain the minimum necessary for the legally mandated period (typically up to 7 years for financial records). Once an account is deleted, any such records we are legally required to keep are anonymized wherever possible so they can no longer be linked to you as an individual.
If your account remains inactive for 24 consecutive months, we may notify you at your registered email and, absent a response, delete the server-side account data described above. Local data on your device is never affected by this and stays under your control.
You have the right to delete your personal data at any time. SnoozeSync provides multiple paths depending on what data you want removed. For your broader privacy rights (access, correction, portability, withdrawal of consent), see Section 10.
Because SnoozeSync stores your sleep diary entries, profile information, AI Coach conversation history, and feature preferences locally on your device, you can remove that data yourself at any time:
You can also request complete deletion of all of your data — including any server-side records — by contacting us as described in Section 8.2 below.
To delete account credentials, subscription records, support communications, and any other data stored on our servers or our service providers' servers:
Some data may be retained longer where required by law (tax records, billing-dispute resolution) per Section 7.2. Where legal retention is required, we will anonymize the data rather than keep it identifiable to you.
Our processors (Google, Stripe, Sentry) may process data in the United States and other countries. Where personal data is transferred out of the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms.
Depending on where you live (for example, under the GDPR/UK GDPR or the California Consumer Privacy Act), you may have the right to: access the personal data we hold about you; correct inaccurate data; delete your data (see Section 8); restrict or object to certain processing; receive a portable copy of your data; and withdraw consent at any time. To exercise these rights, email support@snoozesync.com. We will respond within the timeframe required by applicable law (generally 30 days) and will not discriminate against you for exercising your rights. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.
SnoozeSync is not directed to children under 13 (or the minimum age of digital consent in your jurisdiction), and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.
We may update this Privacy Policy from time to time. When we make material changes, we will revise the "Last updated" date above and, where appropriate, notify you in-app or by email. Continued use of the Service after an update constitutes acceptance of the revised policy.
If you have questions about this Privacy Policy or how we handle your data, contact us at:
SnoozeSync
Email: support@snoozesync.com
Web: app.snoozesync.com