Privacy Policy

1. Data We Collect

Sleep to Earn ("the App," "we," "us") collects only the data needed to operate the wellness program:

• Sleep analysis from Apple Health — asleep minutes, time in bed, and time awake from the previous night, read once per day on the device.
• Account info from Sign in with Apple — your Apple ID-issued unique identifier and (if you choose to share it) your name and a relay email address. We do not receive your real Apple ID email unless you explicitly share it.
• Payment authorization — a Stripe customer ID and a tokenized reference to your saved payment method. We never see or store your card number, expiration, CVC, or bank details.
• Wellness records we create — your nightly League Sleep Index (LSI) score, daily outcome (Good / Fair / Poor), grace nights used, wallet balance, transaction history, and 30-day cycle status. These are derived from the sleep data above and stored in our database.
• Device & diagnostic data — when the App crashes or errors occur, we may collect anonymous crash logs (iOS version, device model, stack trace). This is used solely to fix bugs.

We do not use cookies, tracking pixels, fingerprinting, or any cross-app tracking. We do not run third-party advertising SDKs.

2. HealthKit & Apple Health

Sleep to Earn uses Apple's HealthKit framework to read sleep data. Your use of HealthKit data inside the App is bound by Apple's policies as well as ours.

• We read only the HKCategoryTypeIdentifierSleepAnalysis sample type. We do not read heart rate, workouts, blood pressure, menstrual cycle, mindfulness sessions, or any other category.
• HealthKit data is processed on your device to calculate your nightly score. The raw HealthKit samples are never uploaded to our servers — only the derived score and aggregate values (asleep minutes, in-bed minutes, awake minutes) are sent to our backend so we can determine your daily outcome.
• We will never use HealthKit data for advertising, marketing, sale to third parties, data brokering, or any purpose other than running the wellness program.
• You can revoke HealthKit access at any time: iPhone Settings → Health → Data Access & Devices → Sleep to Earn. If you revoke access, the App can no longer compute your nightly score and you may incur the daily $10 wellness adjustment for nights without data once your grace nights are used.

3. Data We Never Access

Even though Apple Health contains many categories of health data, we never access:

• Heart rate, ECG, blood oxygen, respiratory rate
• Workouts, steps, exercise minutes, calories
• Body measurements, nutrition, hydration
• Mindfulness sessions, mood, mental health logs
• Reproductive health, menstrual cycle, fertility, pregnancy
• Medications, lab results, immunizations, clinical records
• Location data, GPS, contacts, photos, calendar
• Microphone, camera, motion sensors

The App's HealthKit permission prompt makes the limited scope explicit.

4. How We Use Your Data

• Calculate your nightly League Sleep Index (LSI) score and assign you a daily outcome (Good / Fair / Poor).
• Determine eligibility for the wellness pool dividend or the daily $10 wellness adjustment.
• Display your progress, challenge status, and wallet balance inside the App.
• Process your wellness adjustment via Stripe, and issue your final Amazon Gift Card after the 30-day cycle.
• Maintain account security and prevent fraud or abuse of the program.
• Improve App stability through anonymous crash logs.
• Communicate critical service notices (e.g., changes to terms, account issues).

We do not use your data to build advertising profiles, train AI models, or sell to third parties for any purpose.

5. Third-Party Service Providers

To operate the App, we rely on the following third-party services, each acting strictly as a data processor on our behalf:

• Apple, Inc. — Sign in with Apple (authentication), HealthKit (sleep data), App Store (distribution). Subject to Apple's Privacy Policy.
• Google LLC (Firebase) — Authentication, Firestore database, Cloud Functions (server logic), Cloud Messaging (push notifications), Crashlytics (crash reporting). Subject to Google's Privacy Policy. Firebase data centers are located in the United States.
• Stripe, Inc. — Payment processing. We pass your authorization to Stripe; Stripe stores card details under PCI-DSS Level 1 compliance. We receive only a Customer ID and a payment method token. Subject to Stripe's Privacy Policy.
• Amazon.com, Inc. — Amazon Gift Card fulfillment at the end of each 30-day cycle. We send Amazon only the email address required to deliver the gift card. Subject to Amazon's Privacy Notice.

6. Data Sharing

We do not sell, rent, lease, or trade your personal data. We do not share data with advertisers or data brokers. We share data only:

• With the service providers listed above, strictly as needed to operate the App.
• To comply with a valid legal process (subpoena, court order) — we will notify you unless legally prohibited.
• To protect the rights, property, or safety of users, the public, or our company.
• In connection with a merger, acquisition, or asset sale — with notice to you and the same protections under this policy.
• With your explicit consent.

Aggregated, anonymized statistics (e.g., total active participants, average pool size) may be displayed in the App or on this website. Such aggregates contain no individual identifiers.

7. Storage & Retention

• Where: Google Firebase (Firestore) servers in the United States, encrypted at rest and in transit (TLS 1.2+).
• How long: Sleep records and transactions are retained for the duration of your active 30-day cycle plus 12 months after, for accounting, dispute resolution, and tax purposes. Account info (Apple ID identifier, Stripe Customer ID) is retained for as long as your account is active.
• After deletion: When you delete your account, all personal data is purged within 30 days, except where retention is legally required (e.g., financial transaction records may be retained for up to 7 years per U.S. tax law).

8. Security

We implement industry-standard safeguards:

• Authentication via Sign in with Apple (no password to leak).
• Encryption in transit (HTTPS / TLS) and at rest (Google-managed AES-256).
• Server access restricted to authorized personnel.
• Stripe handles all card data under PCI-DSS Level 1 — we never see it.
• Cloud Functions are protected by Firebase Auth tokens.

No system is perfectly secure. If we discover a data breach affecting your information, we will notify you and the appropriate regulators in accordance with applicable law.

9. Your Rights

Regardless of where you live, you have the right to:

• Access — view all your data inside the App (sleep records, transactions, wallet balance).
• Correct — request correction of inaccurate data.
• Delete — see Account Deletion below.
• Export — request a copy of your data in machine-readable format.
• Restrict — pause certain processing.
• Object — object to certain processing.
• Withdraw consent — at any time, without affecting prior lawful processing.

If you are a resident of the EEA, UK, Switzerland, California, Virginia, Colorado, Connecticut, or Utah, additional rights under GDPR / UK GDPR / CCPA / CPRA / VCDPA / CPA / CTDPA / UCPA apply. To exercise any right, contact hz489@cornell.edu.

10. Account Deletion

You can delete your account directly from inside the App: Settings → Delete Account. Deletion will:

• Permanently remove your sleep records, scores, wallet, and account profile within 30 days.
• End your active 30-day cycle. Pending dividends will be forfeited if the cycle has not yet completed.
• Cancel your Stripe payment authorization.
• Retain only data legally required to be kept (e.g., financial records for tax purposes).

If you cannot use the in-App option, email hz489@cornell.edu with the subject "Delete My Account" from your registered email — we will process the request within 30 days.

11. Children's Privacy

Sleep to Earn is intended for users 18 years of age or older. We do not knowingly collect data from children under 13 (or under 16 in the EEA / UK). If we discover that we have collected data from someone in this age range, we will delete it promptly. If you believe a child has used the App, contact us immediately.

12. International Users

The App is operated from the United States, and all data is stored on U.S.-based servers. If you access the App from outside the U.S., your data will be transferred to and processed in the U.S. By using the App, you consent to this transfer. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via in-App notice and/or email at least 7 days before they take effect. The "Last updated" date at the top reflects the latest revision. Continued use of the App after the effective date constitutes acceptance.

14. Contact Us

Questions, requests, or concerns about this policy or your data:

• Email: hz489@cornell.edu
• Subject line: "Privacy" for fastest routing

We aim to respond within 5 business days.