Somnova Health ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process your personal information when you use our website, mobile application, and related services (collectively, the "Service").
Please read this Privacy Policy carefully. By accessing or using Somnova Health, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use our Service.
We collect information you voluntarily provide when you create an account, complete your sleep intake assessment, or interact with our Service. This includes:
Account Information: Name, email address, and date of birth. Payment processing is handled exclusively by Apple through In-App Purchase. We do not collect, store, or have access to your payment card details.
Sleep Diary Data: Your daily sleep entries, including bedtime, wake time, time awake during the night, sleep quality ratings, and related notes. This information is essential to our Service as it allows our AI coach to analyse your sleep patterns and personalise your CBT-I programme.
Chat Messages: All messages you exchange with our AI sleep coach are collected and retained. These conversations are used to provide coaching, analyse your progress, and improve the quality of our Service.
Health and Device Data: If you choose to connect Apple HealthKit or a wearable device (such as Oura Ring, Garmin, Fitbit, or Whoop), we collect sleep-related data including bedtime, wake time, sleep stages, and duration. This data is used solely to populate your sleep diary and personalise your CBT-I programme. We do not sell, share, or use health data for advertising or marketing purposes. You may disconnect these integrations at any time.
When you use our Service, we automatically collect certain information about your device and how you interact with our Service:
Device Information: Operating system, browser type, IP address, and unique device identifiers.
Usage Information: Pages visited, time spent on features, interactions with the app, and the sequence of actions you take.
Location Information: We do not intentionally collect precise geolocation data, though your IP address may indicate approximate location.
We use the information we collect for the following purposes:
Service Delivery: To provide, maintain, and improve our AI-powered CBT-I programme. Your sleep diary entries and chat messages are analysed by our self-hosted large language model to personalise your treatment programme and provide real-time coaching.
AI Processing: Your data is processed through our self-hosted artificial intelligence system to generate personalised sleep recommendations, adjust your sleep window, provide coaching feedback, and track your progress. This processing occurs entirely on our secure infrastructure and is not shared with third-party AI services or cloud-based AI providers.
Account Management: To create and manage your account, process payments, send transactional emails (such as password resets and receipt confirmations), and respond to your inquiries.
Service Improvement: To analyse usage patterns, identify technical issues, and enhance the quality, functionality, and user experience of our Service.
Legal Compliance: To comply with applicable laws, regulations, court orders, and other legal obligations.
Communications: With your consent, we may send you emails about updates, new features, or promotional information. You may opt out of marketing communications at any time by adjusting your preferences in your account settings.
Your personal information and sleep data are stored on secure servers hosted with Supabase, our database provider. We implement industry-standard security measures, including encryption in transit and at rest, to protect your data from unauthorised access, alteration, disclosure, or destruction.
However, no method of transmission over the Internet or electronic storage is completely secure. While we take reasonable precautions to protect your information, we cannot guarantee absolute security. You use our Service at your own risk.
Payment Processing: All subscription payments are processed by Apple through In-App Purchase. Apple's use of your payment data is governed by Apple's privacy policy and terms. We do not have access to your payment card information.
Database Services: Supabase provides database hosting and infrastructure services. Your data is stored within Supabase's secure environment.
Hosting and Infrastructure: Vercel hosts our website and certain Service infrastructure. Your usage data may be processed by Vercel's systems.
No Data Sales: We do not sell, rent, lease, or trade your personal information to third parties. Your sleep data, chat messages, and account information remain your own and are never monetised or shared for marketing or other commercial purposes.
Legal Requests: We may disclose your information if required by law, in response to a subpoena, court order, or other legal request, or if we believe such disclosure is necessary to protect our rights or the safety of our users.
Service Partners: We may share information with service providers who assist us in operating our Service, provided they are contractually obligated to maintain the confidentiality and security of your information and to use it only for the purposes we specify.
Our Service uses cookies and similar tracking technologies to enhance your user experience. Cookies are small data files stored on your device that help us remember your preferences and understand how you use our Service.
Essential Cookies: These are necessary for the Service to function properly, including session management and security.
Preference Cookies: These remember your choices, such as language settings and display preferences.
Analytics Cookies: These help us understand how users interact with our Service so we can improve it.
You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our Service.
You have the right to request access to the personal information we hold about you. You can download a copy of your data, including your sleep diary entries and chat history, at any time from your account settings.
You can export your sleep data and other personal information in CSV format directly from your account dashboard. This allows you to retain and analyse your information independently.
You have the right to request deletion of your account and associated personal information. You can delete your account from your account settings. Upon deletion, we will remove your data from our active systems within 30 days. Some information may be retained in backup systems for a limited period in accordance with our data retention policies and legal obligations.
You can update or correct your account information by logging into your account and editing your profile.
You may opt out of receiving promotional and marketing emails by clicking the "unsubscribe" link in any email we send or by adjusting your communication preferences in your account settings.
We retain your personal information and sleep data for as long as your account is active and for a reasonable period thereafter to fulfil the purposes described in this Privacy Policy. If you delete your account, we will retain your information only as long as necessary for legal compliance, fraud prevention, and the enforcement of our agreements.
Backup copies of your data may be retained for up to 90 days after deletion to ensure data integrity and recovery in case of emergency.
Somnova Health is not a medical service. While we process health-related sleep data, this information is not protected as medical records under regulations such as HIPAA in the United States. Your sleep data is protected under this Privacy Policy and our Terms of Service. If you have sensitive health concerns beyond insomnia treatment, please consult a healthcare provider.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated Privacy Policy on our website and updating the "Effective date" at the top of this policy. Your continued use of our Service after such modifications constitutes your acceptance of the updated Privacy Policy.
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your personal information, please contact us at:
Somnova Health
Email: privacy@somnovahealth.com
We will respond to your request within 30 days. If you are unsatisfied with our response, you may have the right to lodge a complaint with your local data protection authority.