Last updated · 19 May 2026

Privacy Policy

HighPER Sleep ("we," "our," or "us") is committed to protecting your privacy. This policy explains what data we collect when you use the HighPER Sleep mobile application, how we use it, and your rights.

Contents

Who we are
Data we collect
How we use your data
Third parties & data processors
Storage & security
Data retention
Your rights (GDPR & CCPA)
Children's privacy
Changes to this policy
Contact

1 · Who we are

HighPER Sleep is operated by Milan Zwiauer, based in Switzerland. You can reach us at support@gethighper.ch.

2 · Data we collect

2.1 Account information

Email address — from Apple Sign In, Google Sign In, or manual entry
Display name — what you tell us in onboarding (optional)
Authentication identifier — a unique ID issued by your sign-in provider
Profile photo — only if you choose to upload one

2.2 Sleep & routine data

Bedtime and wake time preferences
Sleep schedule (which nights of the week are tracked)
Morning recovery check-in scores (0–100, how rested you feel)
Habit completions (which routine habits you ticked off each evening)
Streak history

2.3 Cycle & symptom data (only collected if you enable the cycle tracker)

This is special category personal data under GDPR Article 9. We treat it with the strictest protections.

Period start dates you log
Symptom logs: flow, mood, energy level, cramps intensity, bloating, headache, acne, diarrhea, constipation, tender breasts, backache, insomnia, free-text notes
Cycle length and period length preferences
Reminder preferences (e.g., notify N days before predicted period)

2.4 Device & usage data

iOS device push notification token (so we can deliver sleep alarms and reminders)
App version and iOS version (for compatibility)
Time of day the app is opened (used by the time-of-day background)

2.5 App Blocker / Screen Time data

If you grant Family Controls / Screen Time permission, HighPER Sleep can schedule app blocks during your wind-down window. The list of apps you select is stored locally on your device in an encrypted system container controlled by Apple. We never see which specific apps you choose to block — Apple's Family Controls framework uses opaque tokens.

2.6 What we do not collect

Location data
Contacts, calendar events, photo library (beyond ones you explicitly pick as a profile avatar)
Browsing history
Advertising identifiers
Audio or microphone input

3 · How we use your data

To provide the service — sync your sleep schedule, cycle data, habits across devices
To personalise recommendations — phase-aware sleep tips, hormone-aligned focus modes, predictive notifications
To send notifications you opted into — bedtime alarms, period reminders, predictive pattern alerts
To deliver subscription services — verify your premium status with Apple, deliver paid features
To improve the app — aggregate, non-identifying signals about which features work

We never sell your data, and we never use your data for advertising or third-party tracking.

We share your data only with these specific processors, each bound by data-processing agreements:

Service	Purpose	Data
Supabase (EU region)	Database hosting, authentication, file storage	Account info, sleep, cycle, habits, profile photo
Apple	Sign in with Apple, push notifications, in-app purchases, Family Controls	Auth ID, device token, subscription receipts
Google	Sign in with Google (OAuth handshake only)	Email, name, Google user ID
RevenueCat	Subscription management (when enabled)	Auth ID, subscription status (no payment card details — those stay with Apple)

5 · Storage & security

Data is transferred over TLS / HTTPS only
Database is protected by row-level security policies — each user can only access their own data, enforced at the database layer
Passwords (if used) are never stored in plaintext
Sensitive cycle data is stored in an EU-region Supabase project (data residency in the European Union)
App Blocker selections stay on your iPhone in an Apple-controlled encrypted container — we never have access to it

6 · Data retention

We keep your data as long as your account is active. If you delete your account, all associated data is permanently erased within 30 days via Supabase's automatic cascade-delete on the auth.users row.

7 · Your rights (GDPR, nFADP & CCPA)

You have the right to:

Access — request a copy of all data we hold about you
Rectify — correct any inaccurate data
Erase — delete your account and all associated data
Restrict processing — pause our use of your data
Data portability — get your data in a machine-readable format (JSON export)
Object — opt out of any processing you don't want
Withdraw consent at any time
Lodge a complaint with your local data protection authority (in Switzerland, the Federal Data Protection and Information Commissioner; in the EU, your national DPA)

To exercise any of these rights, email support@gethighper.ch. We respond within 30 days.

8 · Children's privacy

HighPER Sleep is not intended for children under 16. We do not knowingly collect data from children under 16. If you believe we have, contact us and we will delete the data.

9 · Changes to this policy

We may update this policy occasionally. Material changes will be announced in-app and the "Last updated" date above will change. Continued use of HighPER Sleep after changes constitutes acceptance.

10 · Contact

Questions, requests, or complaints? support@gethighper.ch