Privacy Policy

DriftWake ("DriftWake," "we," "us," or "our") provides a sleep-cycle intelligence platform that helps you wake up at the optimal point in your sleep cycle. This Privacy Policy describes how we collect, use, share, and protect personal information when you visit our website, join our waitlist, or use the DriftWake application (collectively, the "Service").

By using the Service, you agree to the collection, use, and sharing of your personal information as described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Personal Information We Collect

Information you provide directly:

• Waitlist sign-up: When you join our waitlist, we collect your email address.
• Account registration: When you create an account, we may collect your name, email address, and account credentials.
• Communications: When you contact us for support or provide feedback, we collect the contents of your messages and any contact information you provide.
• Payment information: If you subscribe to a paid plan, our payment processor collects your billing details (e.g., credit card number, billing address). We do not store full payment card numbers on our servers.

Information collected automatically when you use DriftWake:

• Sleep and wake data: Sleep and wake times you log, or that are detected by your device's sensors, including sleep duration, sleep quality ratings, and wake-up feedback.
• Device sensor data: Accelerometer and microphone-level data used to estimate sleep stages. Microphone data is processed on-device and is not recorded or transmitted.
• Sleep cycle calibration data: Your personal cycle duration patterns, variance, and progression data used by our Adaptive Cycle Engine to personalize predictions.
• Contextual factors: Information you optionally log such as caffeine intake, alcohol consumption, exercise, and perceived sleep debt.
• Device and usage information: Device model, operating system version, app version, language settings, time zone, and general usage patterns (e.g., features used, screens viewed).
• Log data: IP address, browser type, referring/exit pages, and timestamps when you visit our website.

Information from third-party platforms:

• Apple Health / Google Health Connect: If you choose to connect these platforms, we may receive sleep, step, and movement data. This data is used solely to provide and improve the Service and is never used for advertising. You can disconnect these integrations at any time in your device settings.

2. How We Use Personal Information

We use the personal information we collect to:

• Provide the Service: Operate and deliver DriftWake, including generating personalized sleep cycle predictions, wake windows, and alarm scheduling.
• Personalization: Calibrate our Adaptive Cycle Engine to your unique sleep patterns over time.
• Waitlist management: Communicate product updates, launch announcements, and early access invitations to waitlist subscribers.
• Research and development: Analyze aggregated, de-identified sleep data to improve our sleep models and develop new features. Individual data is never used in research without anonymization.
• Communications: Respond to your questions, support requests, and feedback.
• Marketing: Send you updates about new features, tips, and promotions if you have opted in. You may opt out at any time.
• Safety and security: Detect, investigate, and prevent fraud, abuse, and security incidents.
• Legal compliance: Comply with applicable laws, regulations, and legal processes.

3. How We Share Personal Information

We do not sell your personal information. We have not sold personal information in the preceding twelve months and will not sell your email address, sleep data, or any other personal data to third parties.

We may share information in the following limited circumstances:

• Service providers: We share data with trusted third-party services that process data on our behalf under strict confidentiality and data processing agreements. See Section 6 for specific providers.
• Professional advisors: We may share information with our lawyers, accountants, and auditors in connection with the professional services they provide to us.
• Legal requirements: We may disclose information if required by law, subpoena, court order, or other valid legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: If DriftWake is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change via email or prominent notice on our website.
• Aggregated or de-identified data: We may share aggregated or de-identified information that cannot reasonably be used to identify you. For example, we may publish aggregate statistics about sleep patterns across our user base.

4. Tracking Technologies

We and our service providers use the following technologies to collect information about your interactions with the Service:

• Cookies: Small text files stored on your device. We use essential cookies required for site functionality and optional analytics cookies to understand usage patterns.
• Local storage: We may use browser local storage to remember your preferences and session state.
• Log files: Our web servers automatically record information such as your IP address, browser type, referring URLs, pages viewed, and access timestamps.

Third-party analytics and SDKs:

When the DriftWake app launches, we may integrate the following third-party services for analytics and performance monitoring:

• Vercel Analytics: Website performance and visitor analytics. Privacy Policy
• Firebase Crashlytics (Google): Crash reporting and stability monitoring. Privacy Policy
• Sentry: Error tracking and performance monitoring. Privacy Policy

We do not use third-party advertising trackers or interest-based advertising SDKs. We do not share your sleep or health data with any advertising networks.

5. Do Not Track

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no universally accepted standard for how to respond to DNT signals, we do not currently respond to DNT signals. We will revisit this policy if a uniform standard is established.

6. Third-Party Services

DriftWake relies on the following third-party services to operate. Each provider processes data under their own privacy policy and our data processing agreements:

• Supabase: Database hosting, authentication, and backend services. Data is stored in Supabase-managed infrastructure in the United States. Privacy Policy
• Vercel: Website hosting and deployment. Privacy Policy
• Apple Health: Optional integration for importing/exporting sleep and activity data. Data shared with Apple Health is governed by Apple's Privacy Policy and your device settings.
• Google Health Connect: Optional integration for importing/exporting sleep and activity data on Android. Governed by Google's Privacy Policy and your device settings.

Health data received from Apple Health or Google Health Connect is used solely to provide and improve the Service and is never used for advertising, data mining, or sale to third parties.

7. Other Sites and Apps

The Service may contain links to third-party websites, apps, or services that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you visit or use.

8. Your Choices

You have the following rights and choices regarding your personal information:

• Opt out of marketing emails: You may unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email we send, or by contacting us at privacy@driftwake.com.
• Push notifications: You can disable push notifications through your device's system settings at any time.
• Access and correction: You may request access to or correction of your personal information by contacting us.
• Deletion: You may request deletion of your personal information by contacting us. When the app launches, you will also be able to delete your account and all associated data directly from the app settings.
• Health platform disconnection: You can revoke DriftWake's access to Apple Health or Google Health Connect at any time through your device settings.
• Cookie preferences: Most browsers allow you to refuse or delete cookies through browser settings. Note that disabling cookies may affect site functionality.
• Online tracking opt-out: You can opt out of certain online tracking by visiting the NAI opt-out page or the DAA opt-out page. On mobile, you can limit ad tracking through your device's privacy settings.

9. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. Specifically:

• Waitlist data: We retain your email address until you unsubscribe or request deletion, or until the waitlist is closed.
• Account data: We retain account information for the duration of your account plus 30 days after deletion to allow for account recovery.
• Sleep data: Your sleep history and calibration data are retained while your account is active. Upon account deletion, sleep data is permanently deleted within 30 days.
• Aggregated data: De-identified, aggregated data that cannot be used to identify you may be retained indefinitely for research and product improvement.
• Legal obligations: We may retain certain information for longer periods if required by law (e.g., tax or accounting requirements).

10. Data Processing & International Transfers

DriftWake is headquartered in the United States. Your personal information may be processed and stored on servers located in the United States. If you are accessing DriftWake from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country or jurisdiction.

By using the Service, you consent to the transfer of your information to the United States and the processing of your information in accordance with this Privacy Policy. We take appropriate safeguards — including encryption in transit and data processing agreements with our service providers — to ensure that your personal information remains protected.

11. Data Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and authentication requirements for internal systems
• Regular security assessments and code reviews
• Secure, audited third-party infrastructure providers
• On-device processing for sensitive sensor data (e.g., microphone levels) where possible

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. If we become aware of a security breach that affects your personal information, we will notify you in accordance with applicable law.

12. Children

DriftWake is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@driftwake.com. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective date" at the top of this page
• Notify you by email (if you have an account or are on our waitlist) or by prominent notice on our website
• Where required by law, obtain your consent before applying material changes

We encourage you to review this page periodically to stay informed about how we protect your information.

14. Notice to California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.

Categories of personal information collected: In the preceding twelve months, we have collected the following categories of personal information: identifiers (email address, IP address), internet or electronic network activity (log data, usage patterns), and geolocation data (inferred from IP address). When the app launches, we may also collect sensory data (device sensor data related to sleep) and health-related inferences.

Your rights under the CCPA/CPRA:

• Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to delete: You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, completing a transaction you requested).
• Right to correct: You have the right to request correction of inaccurate personal information.
• Right to opt out of sale or sharing: We do not sell your personal information and do not share it for cross-context behavioral advertising. There is no need to opt out, but you may still submit a request and we will confirm our practices.
• Right to limit use of sensitive personal information: To the extent we process sensitive personal information (such as health-related data), we use it only to provide the Service and do not use it for purposes that would require offering a right to limit.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not receive different pricing, a different quality of service, or be denied service for making a request.

How to submit a request: You or your authorized agent may submit a request by emailing privacy@driftwake.com with the subject line "CCPA Request." We will verify your identity by confirming your email address on file before processing the request. We will respond within 45 days, or notify you if we need an extension (up to an additional 45 days).

Authorized agents: If you use an authorized agent to submit a request on your behalf, we may require the agent to provide proof of written authorization and may still verify your identity directly.

15. Notice to European and UK Residents (GDPR/UK GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, the General Data Protection Regulation (GDPR) and UK GDPR provide you with additional rights.

Data controller: DriftWake is the data controller responsible for your personal information under this Privacy Policy.

Legal bases for processing: We process your personal information on the following legal bases:

• Contractual necessity: Processing necessary to provide the Service you have requested (e.g., generating sleep predictions, managing your account).
• Consent: Where you have given explicit consent (e.g., joining the waitlist, opting into marketing emails). You may withdraw consent at any time.
• Legitimate interests: Processing necessary for our legitimate business interests (e.g., improving our sleep models, ensuring security), provided these interests do not override your rights.
• Legal obligations: Processing necessary to comply with applicable laws.

Your rights under GDPR:

• Right of access: You have the right to request a copy of the personal information we hold about you.
• Right to rectification: You have the right to request correction of inaccurate or incomplete personal information.
• Right to erasure ("right to be forgotten"): You have the right to request deletion of your personal information in certain circumstances.
• Right to restriction of processing: You have the right to request that we limit how we use your personal information in certain circumstances.
• Right to data portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to request that we transmit it to another data controller.
• Right to object: You have the right to object to processing based on legitimate interests, including profiling. You also have the right to object to direct marketing at any time.
• Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

How to exercise your rights: You may submit a request by emailing privacy@driftwake.com with the subject line "GDPR Request." We will respond within 30 days.

International transfers: Your data is transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and/or other appropriate safeguards to ensure your data is protected in accordance with GDPR requirements when transferred outside the EEA or UK.

16. Notice to Brazilian Residents (LGPD)

If you are located in Brazil, the Lei Geral de Proteção de Dados (LGPD) provides you with additional rights regarding your personal information, including the rights to confirmation of processing, access, correction, anonymization, portability, deletion, information about sharing, and the ability to revoke consent. To exercise your rights, contact us at privacy@driftwake.com with the subject line "LGPD Request."

17. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@driftwake.com

For GDPR inquiries, you may also contact our data protection point of contact at the email address above.