SnoozeSync Privacy Policy

Effective date: May 31, 2026  ·  Last updated: May 31, 2026

SnoozeSync ("SnoozeSync," "we," "us," or "our") provides a cognitive behavioral therapy for insomnia (CBT-I) self-help application and related website at app.snoozesync.com. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how long we retain it, and how you can delete it. SnoozeSync is a wellness and educational tool; it is not a medical device and does not provide medical diagnosis or treatment.

1. Scope & Who We Are

This policy applies to the SnoozeSync mobile application, the web application at app.snoozesync.com, and any related services we operate (collectively, the "Service"). It does not apply to third-party websites, apps, or services that we do not control, even where we link to them.

For the purposes of the EU/UK General Data Protection Regulation (GDPR) and similar laws, SnoozeSync is the data controller for personal data processed through the Service. Our contact details are in Section 13.

2. Data We Collect

SnoozeSync is built on a local-first architecture. The substantive content you create — your sleep diary, your profile, your AI Coach conversations, and your in-app preferences — is stored on your own device or browser by default and is not transmitted to or stored on our servers. We hold only the minimum data on our servers needed to operate your account and subscription.

2.1 Data stored locally on your device

This data resides in your device's local storage and is under your control. We do not receive a copy of it on our servers.

2.2 Data stored on our servers (minimal)

2.3 Data processed transiently by third parties

3. How We Use Data

We use personal data only to: (a) authenticate you and operate your account; (b) provide and personalize CBT-I features, including the AI Coach; (c) process and manage your subscription; (d) respond to your support requests; (e) maintain the security, reliability, and integrity of the Service; and (f) comply with legal obligations. We do not sell your personal data, and we do not use your sleep data or AI Coach conversations for advertising.

Where the GDPR applies, we rely on the following legal bases: performance of a contract (operating your account and subscription); consent (optional features and any non-essential processing, which you may withdraw at any time); legitimate interests (securing the Service and preventing abuse, balanced against your rights); and legal obligation (retaining limited billing/tax records).

5. Sharing & Third-Party Processors

We share personal data only with the service providers ("processors") needed to run the Service, each under a data-processing agreement, and where required by law. We do not sell or rent personal data.

ProcessorPurposeData involved
Google (Gemini API)Generate AI Coach responsesAI Coach message content (transient; not retained by Google)
StripeSubscription billing & payment processingPayment card details, billing identifiers
SentryError monitoring & app stabilityCrash traces, device/OS type, non-identifying error IDs

We may also disclose data if required by valid legal process, to protect our rights or the safety of users, or in connection with a merger or acquisition (in which case we will notify you and this policy will continue to govern your data).

6. Data Security

We protect data in transit using TLS encryption, store passwords using industry-standard salted hashing, restrict server access on a least-privilege basis, and rely on reputable processors (Google, Stripe, Sentry) that maintain their own security programs. Because your diary, profile, and coaching data live on your device, the most sensitive content never traverses our servers. No method of transmission or storage is perfectly secure, but we work to protect your data and will notify you and regulators of any qualifying breach as required by law.

7. Data Retention

We keep personal data only for as long as it is needed for the purposes described in this policy, after which we delete or anonymize it. Because SnoozeSync is local-first, most of your data has no server-side retention period at all — it remains on your device until you remove it.

7.1 Retention by data category

DataWhere storedRetention period
Sleep diary, profile, AI Coach history, preferences Your device / browser (local) Retained on your device until you clear site data or uninstall the app. We hold no server copy and apply no separate retention period.
Account credentials (email, hashed password) Our servers Retained while your account is active. Deleted within 30 days of a verified account-deletion request or after a prolonged period of account inactivity (see 7.3).
Subscription records (status, dates, processor token) Our servers Retained while your account is active and deleted within 30 days of account deletion, except limited billing entries kept for legal/tax compliance (see 7.2).
Support communications Our servers / email Retained up to 24 months after your last contact, then deleted.
AI Coach message content Google Gemini API (transient) Not retained beyond the request, per Google's API terms.
Payment data Stripe Retained by Stripe per its own retention schedule and legal obligations. See stripe.com/privacy.
Diagnostic error logs Sentry Automatically deleted on a 90-day rolling basis.

7.2 Legally required retention

Where law requires us to keep certain records — for example, transaction and tax records for billing-dispute resolution and accounting obligations — we retain the minimum necessary for the legally mandated period (typically up to 7 years for financial records). Once an account is deleted, any such records we are legally required to keep are anonymized wherever possible so they can no longer be linked to you as an individual.

7.3 Inactive accounts

If your account remains inactive for 24 consecutive months, we may notify you at your registered email and, absent a response, delete the server-side account data described above. Local data on your device is never affected by this and stays under your control.

8. Data Deletion

You have the right to delete your personal data at any time. SnoozeSync provides multiple paths depending on what data you want removed. For your broader privacy rights (access, correction, portability, withdrawal of consent), see Section 10.

8.1 Deleting local data on your device

Because SnoozeSync stores your sleep diary entries, profile information, AI Coach conversation history, and feature preferences locally on your device, you can remove that data yourself at any time:

You can also request complete deletion of all of your data — including any server-side records — by contacting us as described in Section 8.2 below.

8.2 Deleting your account and server-side data

To delete account credentials, subscription records, support communications, and any other data stored on our servers or our service providers' servers:

Some data may be retained longer where required by law (tax records, billing-dispute resolution) per Section 7.2. Where legal retention is required, we will anonymize the data rather than keep it identifiable to you.

8.3 Deleting data held by third-party processors

9. International Data Transfers

Our processors (Google, Stripe, Sentry) may process data in the United States and other countries. Where personal data is transferred out of the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms.

10. Your Privacy Rights

Depending on where you live (for example, under the GDPR/UK GDPR or the California Consumer Privacy Act), you may have the right to: access the personal data we hold about you; correct inaccurate data; delete your data (see Section 8); restrict or object to certain processing; receive a portable copy of your data; and withdraw consent at any time. To exercise these rights, email support@snoozesync.com. We will respond within the timeframe required by applicable law (generally 30 days) and will not discriminate against you for exercising your rights. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

11. Children's Privacy

SnoozeSync is not directed to children under 13 (or the minimum age of digital consent in your jurisdiction), and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the "Last updated" date above and, where appropriate, notify you in-app or by email. Continued use of the Service after an update constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at:

SnoozeSync
Email: support@snoozesync.com
Web: app.snoozesync.com