CycleSleep Privacy Policy
Effective Date: 27 June 2025
Welcome to CycleSleep (“we,” “our,” or “the Site”). We respect and protect the privacy of everyone who uses the Site (“you”). This policy explains what information we collect, how we use it, and the rights you have.
1. Information We Collect
| Category | Specific Data | Purpose | Legal / Compliance Basis* |
|---|---|---|---|
| Technical & Device Data | Visit time, browser type & version, OS, screen resolution, truncated IP address | (1) Render pages correctly (2) Diagnose and fix technical issues | Legitimate interests |
| Anonymous Usage Analytics | Page views, session duration, click paths (generated by Plausible Analytics, aggregated & de-identified) | Improve features and user experience | Legitimate interests |
| Error Logs | JavaScript stack traces, network status codes (processed by Sentry; potential sensitive fields auto-stripped) | Quickly identify and fix bugs | Legitimate interests |
| Cookies / Local Storage | Language (locale), theme preference (theme) | Remember your settings so you don’t have to reselect them every visit | Consent (where required) |
* If you are in the EU/EEA, ‘Legitimate interests’ corresponds to GDPR Art. 6 (1)(f).
We do not collect: names, email addresses, phone numbers, precise geolocation, health data, or biometric identifiers.
2. How We Use the Information
- Provide Core Services
- Generate sleep-cycle results and deliver the corresponding page.
- Improve & Maintain Services
- Analyse anonymised statistics and error reports to understand devices, usage patterns, and issues.
- Legal Compliance & Security
- Disclose data when required to investigate fraud, abuse, or comply with legal obligations.
3. Third-Party Services
| Provider | Purpose | Data Shared | Safeguards |
|---|---|---|---|
| Plausible Analytics (EU-hosted) | Site analytics | De-identified visit events | No cookies; no personal identifiers |
| Sentry (USA) | Error monitoring | Error stack traces, URL, browser info | Masks query strings & storage fields that may contain PII |
We have data-processing agreements with these providers and require them to comply with relevant privacy laws (e.g., GDPR).
4. Cookies & Local Storage
- Essential: Store your language and light/dark mode preferences to ensure the site works properly.
- We do not use third-party advertising cookies or cross-site tracking.
- You can delete or block cookies in your browser, but some functions may break.
5. Data Storage & Security
- The Site is served as static files via NGINX.
- Logs and analytics data reside in encrypted storage managed by the respective third parties and are accessible only to operations personnel.
- All traffic between your browser and our server is encrypted with HTTPS / TLS 1.2+.
- We apply the principle of least privilege: each account has only the access it absolutely needs.
6. International Data Transfers
If you are in the EU/EEA, error logs may be transferred to the United States (Sentry servers). Such transfers rely on Standard Contractual Clauses (SCCs) approved by the European Commission.
7. Children's Privacy
CycleSleep is intended for users aged 13 and older. If we learn that a child under 13 has provided any information, we will delete it promptly. Please contact us if you believe this has occurred.
8. Your Rights
Depending on your location, you may have:
- Right of Access – Know whether we process your data and obtain a copy.
- Right to Rectification – Correct inaccurate or incomplete data.
- Right to Erasure – Request deletion under certain conditions.
- Right to Restrict Processing – Limit how we use your data in specific cases.
- Right to Data Portability – Receive data in a structured, machine-readable format.
- Right to Object / Withdraw Consent – Object to processing based on legitimate interests or withdraw consent at any time.
Contact us (Section 9) to exercise these rights; we will respond within 30 days.
9. Contact Us
Email: [email protected]
If you are dissatisfied with our handling of your information, you may complain to your local data-protection authority (e.g., CNIL, ICO, BfDI, EDPS).
10. Policy Updates
We may update this policy to reflect changes in our practices or legal requirements. The "Effective Date" will change accordingly. For material changes we will notify you via banner or, if feasible, email.
Last Updated: 27 June 2025
Questions? Just let us know at the email above.