SleepWiz ("we", "us", "the platform") is the data controller responsible for your personal data. For any privacy-related questions or requests, contact us at: www.sleep-wiz.com.
We collect the following categories of personal data: (a) Account information: name, email address, profile picture (if using Google sign-in), and authentication credentials; (b) Child-related data: child's name, date of birth, sleep logs, feeding logs, daily routines, health questionnaires, and free-text notes; (c) Household information: household name, caregiver names and roles; (d) Communication data: messages exchanged with consultants through the platform; (e) Technical data: device type, browser type, IP address, push notification tokens (Firebase), and usage analytics; (f) Payment data: billing information processed through third-party payment providers (we do not store full payment card details).
We collect and process your data for the following purposes: (a) Providing the sleep consultation service, including personalized plans, insights, and AI-generated recommendations; (b) Enabling communication between parents and assigned consultants; (c) Managing your account, subscriptions, and preferences; (d) Improving and developing the platform, including AI/algorithm training and evaluation where permitted by law; (e) Sending service-related notifications (e.g., plan updates, consultation reminders); (f) Ensuring platform security, preventing abuse, and maintaining quality; (g) Complying with legal obligations.
We process your personal data based on: (a) Your consent, provided when you agree to these terms and use the service; (b) Performance of the service contract between you and SleepWiz; (c) Our legitimate interests in improving the service, ensuring security, and preventing fraud; (d) Legal obligations where applicable under Israeli or other relevant laws.
SleepWiz uses essential cookies and local storage to: (a) Maintain your authentication session; (b) Remember your language and display preferences; (c) Support Progressive Web App (PWA) functionality. We do not use third-party advertising cookies or cross-site tracking. Analytics data is collected for service improvement purposes only.
We use the following third-party services to operate the platform: (a) Google OAuth: for authentication and sign-in (subject to Google's Privacy Policy); (b) Firebase Cloud Messaging: for push notifications (subject to Google/Firebase Privacy Policy); (c) Vercel: for hosting and serverless infrastructure (subject to Vercel's Privacy Policy); (d) PostgreSQL database hosting: for secure data storage; (e) Payment processors: for handling subscription payments. These providers may process certain data on our behalf and are bound by their own privacy policies and data processing agreements.
We do not sell, rent, or trade your personal data to third parties. Your data is used solely to provide and improve the SleepWiz service as described in this policy. We may share data with the third-party service providers listed in Section 6 only as necessary to operate the platform.
Your data may be processed and stored on servers located outside of Israel, including in the European Union and the United States, through our hosting and infrastructure providers. Where data is transferred internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.
SleepWiz processes child-related data (name, age, sleep patterns, health information) as provided by parents or legal guardians. In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information directly from children under the age of 13. All child-related data is provided and managed by parents or legal guardians on behalf of their children. By using the service, you confirm that you are the parent, legal guardian, or authorized caregiver of the child whose data you provide, and that you have the legal authority to consent to the processing of this data. We apply heightened security measures to protect children's data and limit access to authorized personnel and assigned consultants only.
Subject to applicable law, you have the following rights regarding your personal data: (a) Right of access: request a copy of your personal data; (b) Right to rectification: correct inaccurate or incomplete data; (c) Right to deletion: request deletion of your personal data and account; (d) Right to restrict processing: limit how we use your data in certain circumstances; (e) Right to data portability: receive your data in a structured, machine-readable format; (f) Right to object: object to processing based on legitimate interests; (g) Right to withdraw consent: withdraw your consent at any time (this does not affect the lawfulness of prior processing). To exercise any of these rights, contact us at: www.sleep-wiz.com. We will respond within the timeframe required by applicable law.
We retain your personal data for as long as your account is active and as needed to provide the service. Upon account deletion: (a) Personal data and child-related data will be deleted within 30 days; (b) Aggregated and de-identified data (which cannot identify you or your child) may be retained for research and product improvement; (c) Certain data may be retained longer where required by law or for legitimate business purposes (e.g., billing records, legal compliance). Inactive accounts may be subject to data cleanup after an extended period of inactivity, with prior notice.
We implement appropriate technical and organizational measures to protect your personal data, including: (a) Encrypted data transmission (HTTPS/TLS); (b) Secure authentication mechanisms (including OAuth 2.0); (c) Access controls limiting data access to authorized personnel; (d) Regular security reviews of our infrastructure. While we strive to protect your data, no system is completely secure. You are responsible for maintaining the security of your login credentials.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will: (a) Notify the relevant supervisory authority within the timeframe required by law; (b) Notify affected users without undue delay where the breach is likely to result in a high risk to their rights; (c) Take immediate steps to contain and remediate the breach.
If you enable push notifications, we collect and store a Firebase Cloud Messaging token on your device. This token is used solely to deliver service-related notifications (e.g., consultant messages, plan reminders). You can disable push notifications at any time through your device settings or browser permissions. Disabling notifications will delete the stored token.
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the platform (e.g., a re-acceptance prompt) and update the "Last updated" date. Continued use of the service after notification constitutes acceptance of the revised policy.
For privacy-related inquiries, data access requests, or complaints, please contact us at: www.sleep-wiz.com. If you are unsatisfied with our response, you may file a complaint with the Israeli Privacy Protection Authority or the relevant supervisory authority in your jurisdiction.
This Privacy Policy is governed by the laws of the State of Israel, including the Protection of Privacy Law, 5741-1981, and related regulations. Jurisdiction shall be vested in the competent courts in Israel.
Contact us: www.sleep-wiz.com