SLEEPAL Privacy Policy
Last Updated: March 29, 2026
Welcome to use our products and services. SLEEPAL (“we,” “us,” or “our”) attaches great importance to the protection of your personal information and privacy. We will protect the security of your personal information and privacy in accordance with applicable laws and regulations.
Through this Privacy Policy, we will help you understand the measures SLEEPAL takes in collecting, using, managing, and protecting your personal information. Before using the services we provide, please read and understand this Privacy Policy carefully. Important content regarding your rights and interests in relation to personal information is highlighted in bold. Please begin using our services only after you have fully understood and agreed to this Privacy Policy.
1. How We Collect and Use Your Personal Information
Based on the principles of lawfulness, legitimacy, and necessity, we obtain information that you actively provide or that is generated during your use of the services in the following ways, so that we can provide services, improve our services, and protect the security of your account.
1.1 Information You Provide
We collect the account information you provide (such as email address, gender, and age) and your subjective sleep feedback (such as sleep feelings and diary entries) for the purposes of creating your account, generating sleep reports, and providing personalized sleep improvement suggestions.
1.2 Device Information
SLEEPAL continuously detects signals such as respiration, body movement, audio features, posture, temperature and humidity, light, and noise through millimeter-wave radar, microphones, infrared sensors, and environmental sensors, for the purpose of analyzing your sleep condition. In principle, the above raw data is processed only on the device or locally and is not directly uploaded to the cloud. Audio data is used for local analysis by default and will only be uploaded for specific functions if you have expressly authorized such upload.
After local processing, the system generates structured data (such as respiratory rate, heart rate, body movement, sleep position, in-bed status, sleep onset and wake times, and environmental indicators). After synchronization between the device and the app, such data is uploaded to the cloud for the purposes of generating sleep staging, sleep scores, respiration-related metrics, and personalized suggestions. This data is used only for sleep report display, service optimization, and algorithm improvement. We do not collect information that can directly identify you, and we adopt data minimization and de-identification measures to protect your privacy.
You may directly access product data through the App. We commit that we will never obstruct, deceive, or make it more difficult for you to exercise your rights. For details on how users can access, obtain, and delete data, please refer to Section 3, Your Rights and Control.
Data Volume and Format: Under normal use, the device generates approximately 40 MB of readable CSV/JSON metrics data per night (including heart rate, respiration rate, body movement, presence status, sleep posture labels, environmental data, etc.). The raw data from radar and temperature measurement array sensors is discarded immediately after real-time processing on the device and is neither recorded nor uploaded. Microphone data is discarded immediately after processing when the user has not granted authorization. If the user expressly authorizes and enables the snore playback function, only snore segments identified by the model will be retained for subsequent playback. Snore data is retained on the device for up to 7 days. Audio data is encrypted end-to-end (between the device and the mobile app) and will not circulate in plain text in the cloud. (The snore playback function has not yet been launched.). The cloud algorithm generates approximately 240 KB of derived analytical data per day.
Types and frequency of collection: During sleep, the device performs real-time signal processing to support the real-time generation of overnight continuous metric data, including heart rate, respiratory rate, body movement, sleep position, and environmental indicators.
Storage and retention:Data is retained locally on the device for up to 24 hours (except snore data, which may be retained on the device for up to 7 days upon user authorization), and is synchronized to AWS once the device is connected to the internet. The retention period in the cloud generally depends on the lifecycle of your Sleepal account, and data will be retained until the account is deleted or deactivated.
1.3 Third-Party Data
With your authorization, we will read relevant data from Apple Health (such as sleep, heart rate, HRV, respiration, and activity data) for the purpose of improving sleep analysis, scoring, and report display.
1.4 Usage and Device Information
We collect basic information generated during your use of the services (such as page views, click behavior, device model, operating system, and IP address) for the purposes of ensuring stable service operation, improving product experience, and maintaining system security.
We process your personal information only to the extent necessary to achieve the above purposes and take reasonable measures to protect the security of your data.
2. Data Sharing
We attach great importance to the protection of your personal data and do not sell your personal data. We will share your information only in the following limited and necessary circumstances:
2.1 Sharing Authorized by You
With your explicit authorization, SLEEPAL may write your sleep data to third-party health platforms (such as Apple Health or Google Health Connect), so that you can view and manage your health data across different devices or applications.
You may manage or withdraw such authorization at any time through system settings.
Where you request that SLEEPAL share relevant data with a third party designated by you, we will provide the relevant sharing arrangements on fair, reasonable, and non-discriminatory terms. In principle, no fee will be charged for data-sharing requests initiated by individual users. Where a fee is legally required, we will explain it to you in advance. Except where necessary for legal or security reasons, we will not obstruct your choice of third parties to receive your data by technical means.
In principle, no fees will be charged to individual users or third parties for data-sharing requests initiated by individual users.
SLEEPAL will not use product-generated data to infer users’ or authorized third parties’ economic status, assets, production methods, business operations, or other commercially sensitive information.
SLEEPAL will not use such data for competitive purposes or in any manner that could harm the commercial interests or market position of users or third parties.
2.2 Service Providers
To ensure the normal operation and continued optimization of our services, we may provide necessary information to trusted third-party service providers, including but not limited to:
• Cloud computing and storage services (such as AWS and GCP)
• Data processing and technical support services
These service providers process data only under our instructions and are required to comply with strict data protection obligations, including entering into data processing agreements (DPAs), implementing appropriate security measures, and fulfilling confidentiality obligations.
2.3 Legal and Compliance Requirements
We may disclose your information where required by laws and regulations or where necessary to protect legitimate rights and interests, including to:
• Comply with applicable laws, regulations, regulatory requirements, or judicial procedures
• Maintain system security and prevent fraud or abuse
• Protect the personal and property safety of SLEEPAL, users, or the public
2.4 Anonymized or De-identified Data
We may anonymize or de-identify data so that it cannot be used to identify a specific individual, and use such data for:
• Product and algorithm optimization
• Statistical analysis and research
• Service improvement and performance evaluation
Such data will not be used to identify you personally.
3. Your Rights and Control
We provide you with various account settings and tools to enable you to access and control your personal data, regardless of your location:
Access and view data:You may view your sleep data and related information in the app at any time.
Export data:You may export your personal metadata through account settings (such as sleep duration, sleep staging, sleep vital signs, and other data, in CSV format) for use in other services. Where technically feasible, you may access, in real time or near real time through the App, processed data that has been generated and synchronized, as well as related explanatory information, and view or export such data through the functions provided by the product.
Correct and delete data:You may modify or delete the personal information you have provided, or delete part or all of your sleep data. You may also apply to delete your account.
Withdraw authorization:You may withdraw authorization for third-party data (such as Apple Health) or device permissions at any time.
Restrict or object to processing:Under applicable law, you may restrict our processing of your data or object to certain uses (such as personalized recommendations).
When you request deletion of data or your account, most information will be deleted within 30 days. In some cases (such as system backups or legal requirements), complete deletion may take longer, but usually no more than 90 days.
You may also manage notifications, privacy permissions, and data visibility through the app settings to further control how your information is used.
Service Term and Termination: Your use of SLEEPAL services begins when you create an account, use a device, or subscribe to paid services, and continues until ended by you or us.
You may stop using the services or delete your account at any time through the app settings.
Paid subscriptions renew automatically unless canceled through your platform account settings.
We may suspend or terminate services where permitted by law, including for policy violations, legal obligations, or operational reasons.
After termination, your access to services may end, and your personal data will be handled in accordance with this Privacy Policy.
Trade Secret Statement:Data generated by Sleepal devices is mainly used for sleep metric analysis and personalized services. SLEEPAL is the lawful holder of the trade secret data related to its products. Certain data processing logic, algorithm models, and derived metrics constitute the company’s trade secrets and are used to protect research and development outcomes and the product’s technological advantages. Unless required by law or expressly authorized, such trade secret information will not be publicly disclosed.
While safeguarding your lawful rights to access, view, export, and share data, we will also take necessary and appropriate measures to protect trade secrets and other confidential information. Such protective measures will not be used to improperly restrict your lawful data rights. However, to the extent permitted by applicable law, where disclosure of relevant data is highly likely to cause serious harm to our trade secrets, we may lawfully adopt necessary restrictive measures. Where it can be objectively demonstrated that disclosure of confidential information is highly likely to result in serious economic loss, our company reserves the right to refuse the request. We will provide a written explanation and notify the competent authority of the relevant EU Member State in accordance with the law.
4. Data Security
We adopt:
• Encryption in transit (TLS)
• Encryption at rest
• Access controls
• The principle of data minimization
5. European Privacy (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we will process your personal data in accordance with the General Data Protection Regulation (GDPR).
5.1 The data we process may include:
• Account information (such as email address)
• Device and usage data
• Sleep- and health-related data
5.2 We process your personal data on the following legal bases:
• Your consent (Article 6(1)(a)andArticle 9(2)(a))
• Performance of a contract (Article 6(1)(b))
• Legitimate interests (Article 6(1)(f), such as product optimization and fraud prevention)
Health data is processed only with your explicit consent, and you may withdraw your consent at any time.
5.3 Under the GDPR, you have the following rights:
You have the right to access, correct, and delete your data, restrict or object to processing, and exercise your right to data portability and to withdraw consent. You may exercise the above rights through the app or by contacting us.
5.4 Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this Policy, or as required by law. You may delete data or delete your account at any time.
5.5 Data Security
We take reasonable technical and organizational measures to protect your data, including encryption, access controls, and data minimization principles.
5.6 Cross-Border Transfers
If your data is transferred to countries outside the EEA, we will protect the security of such data through the following mechanisms:
• Standard Contractual Clauses
• Other applicable legal safeguards
5.7 Data Protection Officer
If you have any questions regarding data protection, you may contact:
Email:
If you object to the data sharing terms, fees, or methods we provide, you have the right to file a complaint with a dispute resolution body designated by an EU Member State.
6. California Privacy Rights
If you are a California resident, under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), you have the following rights:
Right to Know
You have the right to know the categories and purposes of personal information we collect, use, and share.
Right to Access and Delete
You may request access to or deletion of your personal information, unless otherwise required by law.
Right to Correct
You have the right to request correction of inaccurate personal information.
Right to Limit Use of Sensitive Personal Information
For sensitive personal information such as health data, you have the right to limit the scope of its use.
Right to Opt Out
We do not sell your personal information. If such activities arise in the future, you will have a clear right to opt out.
Right to Non-Discrimination
We will not discriminate against you for exercising your privacy rights.
How to Exercise Your Rights
You may exercise the above rights through the in-app settings or by contacting us at
We use your personal information only to provide services, improve products, and fulfill legal obligations.
7. Policy Updates
If there are any material changes, we will notify you by email in advance.
8. Contact Us
Sleepal Privacy Team
www.sleepal.ai
Flat 08A, 19/F, China Shipbuilding Tower, 650 Cheung Sha Wan Road, Kowloon, Hong Kong
Data Protection Officer: dpo@sleepal.ai