Privacy Policy

This Privacy Policy describes how MoonSleeper ("we", "our", "the App") collects, uses, and shares information when you use our iOS application. It applies to all users of MoonSleeper.

1. Who we are

MoonSleeper is operated by Lin Quote, an independent developer.
Contact: [email protected]

2. Information we collect

We collect the following limited categories of data, described below with purpose and whether the data is linked to your identity.

3. How we use your information

We use the data described above only to:

• Provide core App functionality (account, sleep tracking, sleep aid library, reports)
• Authenticate you and secure your account
• Deliver push notifications you opt into
• Analyze product usage to improve features
• Diagnose crashes and performance issues
• Manage your subscription

We do not use your information for third-party advertising, marketing emails (we do not currently send any), profiling for ads, or selling data to data brokers.

Opt-out of analytics. You can disable Firebase Analytics collection at any time in Settings → Privacy → Share usage analytics. Crash reports and subscription/account activity remain active because they are required for app stability and service delivery.

3.1 Lawful basis (GDPR Art. 6 / Art. 9)

For users subject to the EU / UK GDPR, each processing purpose below relies on the lawful basis identified. Where processing is based on consent (Art. 6(1)(a) or Art. 9(2)(a)), you may withdraw consent at any time (see §7).

4. Third parties we share data with

We rely on the following service providers to operate MoonSleeper. Each receives only the minimum data needed for its function.

We do not share your data with any other party for any purpose other than what is described in this Policy.

5. Data handling — disclosure of limited collection

For transparency:

• Coarse location (WeatherKit) — used only at sleep start to fetch weather from Apple WeatherKit (see §2.9). Latitude / longitude is held in memory for the WeatherKit request and is never stored on your device or on our servers; only the resulting weather snapshot (temperature, humidity, condition code) is persisted with your sleep session. Permission is optional; denying it disables the Weather card but does not affect any other feature.
• No precise GPS coordinates — we never request precise (kCLLocationAccuracyBest) location; only reducedAccuracy (coarse, ~1–10 km) for WeatherKit. We derive coarse country-level location from your IP address only at authentication (see §2.10), and we do not store the IP itself.
• No contacts
• No browsing or search history
• No financial information (Apple processes payments)
• No raw audio recordings transmitted off-device

6. Data retention

• Account data: retained while your account is active.
• Health summaries: retained while your account is active.
• Anonymous diagnostics: retained for up to 90 days.
• Device telemetry (device model, iOS version, app version, coarse country code): retained while your account is active and deleted as part of account deletion within 30 days.
• On account deletion, we delete or anonymize your personal data within 30 days, except where retention is required by law.

7. Your rights

Everyone

You can:

• Access and edit your account information in the App's Profile screen.
• Disable HealthKit permissions at any time in iOS Settings → Privacy & Security → Health → MoonSleeper.
• Disable push notifications in iOS Settings → MoonSleeper → Notifications.
• Request deletion of your account via the in-app "Delete Account" option in Profile → Account, or by contacting [email protected].
• Request a copy of the personal data we hold about you.

EU / UK / EEA residents (GDPR / UK GDPR)

If you reside in the European Union, United Kingdom, European Economic Area, or Switzerland, you have the following rights under the EU General Data Protection Regulation (GDPR) and UK GDPR:

• Right of access (Art. 15) — obtain confirmation of whether we process your personal data, and a copy of that data.
• Right to rectification (Art. 16) — correct inaccurate or incomplete personal data.
• Right to erasure / "right to be forgotten" (Art. 17) — request deletion of your personal data.
• Right to restriction of processing (Art. 18) — request that we limit how we process your data in certain circumstances.
• Right to data portability (Art. 20) — receive your personal data in a structured, commonly used, machine-readable format, and transmit it to another controller.
• Right to object (Art. 21) — object to processing based on legitimate interests, including profiling.
• Right to withdraw consent (Art. 7(3)) — where processing is based on consent (e.g., HealthKit access), withdraw consent at any time; withdrawal does not affect the lawfulness of processing prior to withdrawal.
• Right to lodge a complaint with a supervisory authority (Art. 77) — file a complaint with your local data protection authority (e.g., CNIL in France, ICO in the UK, Datenschutzbehörde in Austria). A list of EU DPAs is available at edpb.europa.eu.

To exercise any of these rights, email [email protected]. We will respond within 30 days of receiving a verifiable request. There is no fee unless a request is manifestly unfounded or excessive.

California residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

• Right to Know — what categories and specific pieces of personal information we collect, the sources, the purposes, and the categories of third parties we share it with.
• Right to Delete — request deletion of personal information we have collected from you (subject to legal exceptions).
• Right to Correct — request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing — opt out of the sale or sharing of your personal information. We do not sell or share your personal information for cross-context behavioral advertising, and we have not done so in the preceding 12 months. Accordingly, no "Do Not Sell or Share My Personal Information" link is required.
• Right to Limit Use of Sensitive Personal Information — limit our use of sensitive personal information (e.g., health data) to purposes necessary to provide the service. We already restrict health data to core App functionality.
• Right to Non-Discrimination — we will not discriminate against you for exercising any CCPA right (no denial of service, different pricing, or reduced quality).

To exercise these rights, email [email protected]. You may designate an authorized agent to submit a request on your behalf, provided the agent supplies written permission and we can verify your identity. We will respond within 45 days (extendable once by another 45 days with notice) as required by the CCPA.

8. Children's privacy

MoonSleeper is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. International transfers

Our servers are operated by Railway in the United States. By using the App, you understand that your information may be processed in the United States or other countries with different data protection laws.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, transfers of your personal data to the United States are made under Standard Contractual Clauses (SCCs) as adopted by the European Commission (Decision 2021/914) and, where applicable, the UK International Data Transfer Addendum issued by the UK Information Commissioner's Office. These clauses provide contractual safeguards equivalent to GDPR protections. A copy of the SCCs is available on request by emailing [email protected].

10. Changes to this policy

We may update this Policy from time to time. The "Last updated" date at the top will reflect changes. Material changes will be communicated in the App or by email.

11. Contact

Questions about this Policy or your data?
Email: [email protected]