Privacy Policy

1. Controller

The controller responsible for data processing is:

Sleeploops.space
Switzerland
Email: privacy@sleeploops.space

2. Data We Collect

Account Data

When you create an account: name, email address, and an encrypted password. If you sign up via a third-party provider, we receive the profile information you authorize.

Billing Data

When you subscribe to Premium: payment is processed by PayPal. We receive your PayPal account email and subscription status. We do not receive or store your full credit card number or bank details.

Usage Data

We collect information about how you use the Service: sounds played, session duration, feature usage, favorites, and routine configurations. This data helps us improve the Service and is not shared with third parties for marketing purposes.

Device and Log Data

We automatically collect device type, browser type, operating system, IP address, and access timestamps for security, troubleshooting, and compatibility purposes.

Contact Data

When you contact us: name, email, subject, and message content submitted through our contact form or support email.

3. How We Use Your Data

• To provide and operate the Service
• To create and manage your account
• To process payments and manage subscriptions
• To personalize your experience (favorites, routines, preferences)
• To send transactional emails (account, billing, security)
• To respond to your support requests
• To analyze usage patterns and improve the Service (aggregated and anonymized where possible)
• To detect and prevent fraud or abuse
• To comply with legal obligations

4. Legal Basis

Under the Swiss Federal Act on Data Protection (nFADP), we process your data based on:

• Contract performance: processing necessary to provide the Service you signed up for (account, billing, core functionality)
• Legitimate interest: analytics, fraud prevention, and service improvement, balanced against your privacy
• Legal obligation: where required by Swiss law (e.g., financial record-keeping)
• Consent: for non-essential cookies and optional communications, which you can withdraw at any time

5. What We Do NOT Do

• We do not sell your personal data to third parties
• We do not share your data with advertisers
• We do not track your activity across other websites
• We do not use your data for targeted advertising
• We do not collect or store health data or biometric data — Sleeploops is not a medical device
• We do not make automated decisions that legally or significantly affect you

6. Data Recipients and Processors

We share data with a limited number of trusted service providers who process data on our behalf and under our instructions:

• PayPal (PayPal (Europe) S.à r.l. et Cie, Luxembourg) — payment processing and subscription management
• Brevo (Sendinblue GmbH, Germany) — transactional email delivery (account confirmations, password resets, billing notifications)
• Hosting provider: European-based infrastructure — server hosting and database storage

These providers are contractually obligated to protect your data and process it only for the purposes specified. We do not share your data with any other third parties except where required by law.

7. International Data Transfers

Some of our processors operate outside of Switzerland. Where data is transferred to countries without an adequate level of data protection recognized by Switzerland, we rely on appropriate safeguards such as standard contractual clauses.

Data may be processed in Germany (Brevo), Luxembourg (PayPal), and within the European Economic Area.

8. Data Retention

• Account data: retained for as long as your account is active
• After account deletion: personal data is permanently deleted within 30 days, except where legally required
• Billing records: retained for 10 years as required by Swiss financial record-keeping obligations (OR Art. 958f)
• Contact messages: retained for 2 years from the last correspondence, then deleted
• Server logs and IP data: retained for up to 90 days for security purposes

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• HTTPS encryption for all data in transit
• Encrypted password storage (bcrypt hashing)
• Database encryption at rest
• Access controls and authentication for internal systems
• Regular security reviews

While we take reasonable precautions, no system is entirely secure. We cannot guarantee absolute security of your data.

10. Your Rights

Under the Swiss Federal Act on Data Protection (and, where applicable, European data protection law), you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your account and personal data
• Export your data in a commonly used, machine-readable format
• Object to processing based on legitimate interest
• Withdraw consent for optional processing at any time

To exercise these rights, contact us at privacy@sleeploops.space. We will respond within 30 days. You may also delete your account directly from your account settings.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC).

11. Children and Minors

Sleeploops is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under this age, we will delete it promptly.

12. Cookies and Local Storage

We use cookies and browser local storage as described in our Cookie Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before they take effect. The “last updated” date at the top reflects the most recent revision.

14. Contact

For questions or requests relating to your personal data, contact us at privacy@sleeploops.space or visit our Contact page.