Privacy Policy

Effective date: 21 March 2026 · Last updated: 18 April 2026 · Version 2.1

Short version: Your personal sleep data stays encrypted on your device. We cannot read it, sell it, or lose it in a breach — because personal sleep logs are not readable by us. The only data on our servers is the minimum needed to run your account.

1. Introduction

ShiftSlumber is a sleep-tracking app designed for shift workers. We are committed to protecting your privacy with the strongest architecture we know: one where we simply do not have access to your personal sleep data in the first place.

This Privacy Policy explains what data is collected, where it lives, and your rights under Australian law and international privacy frameworks. ShiftSlumber is published by ShiftSlumber , Queensland, Australia.

2. Zero-Knowledge Architecture

Your personal sleep data stays encrypted on your device. Here is how it works:

All your personal data lives on your device only. Sleep entries, bedtimes, wake times, sleep scores, notes, and health data are stored in an encrypted database on your phone. This database is protected by a key derived from your device credentials — we never hold that key.
Our servers are stateless AI endpoints. When you use the AI Sleep Coach, your device sends only an anonymised, session-scoped request. No user ID, no name, no sleep history travels to our server. The server processes the request and returns a response. It stores nothing.
We cannot read your data. Even if a court ordered us, even if a hacker breached our servers — we do not hold your sleep data. There is nothing to hand over.
Sync is encrypted end-to-end. If you enable optional backup via iCloud or Google Drive, your data is encrypted on your device before it leaves. We hold no encryption keys.

This is a technical reality enforced by design — not a marketing promise.

3. Data We Collect and Store

3.1 On-Device Data (Never Transmitted to Our Servers)

Sleep entries: bedtime, wake time, duration, sleep score, notes
Streak counts and historical sleep statistics
Notification preferences and scheduled reminders
App settings and personalisation choices
Wearable-synced sleep data (if you connect a compatible device)
Any health data imported from Apple Health or Google Health Connect

This data is never transmitted to ShiftSlumber servers. We have no access to it.

3.2 Data Transmitted to Our Servers

Data	When	Why	Stored?
Anonymous AI Coach request (no PII — e.g. "shift worker, Day 3 streak")	When you use AI Coach	To generate a response	No — discarded after response
Anonymous analytics event (e.g. "sleep_logged")	During app use	To understand feature usage	Yes — no PII attached
Push notification device token	When you enable push notifications	To send reminders	Yes — token only
Account email address	At account creation (optional)	For account recovery	Yes — encrypted at rest
Website waitlist: email, first name, last name, country, and city or region	When you submit the join-waitlist form on shiftslumber.com	To send launch and beta updates and for light-touch regional planning	Yes — in our secure database (encrypted at rest). Not used for AI Coach prompts and not sold to third parties
Subscription status (active/inactive)	Via RevenueCat/Apple/Google	To unlock premium features	No — RevenueCat is source of truth

3.3 Analytics

Analytics events contain: a random session identifier (not linked to your identity), event type, timestamp, device type and app version. They do not contain your name, email, sleep data, health data, location, or any personally identifiable information.

4. On-Device Storage and Encryption

Your sleep data is stored in an encrypted SQLite database using AES-256 encryption. The encryption key is held in your device's secure enclave (iOS) or Android Keystore (Android) and is never transmitted anywhere. If you delete the app, all on-device data is permanently deleted. We hold no copy.

5. Optional Encrypted Backup

ShiftSlumber offers an optional backup feature storing an encrypted copy of your data in your personal iCloud (iOS) or Google Drive (Android) account.

Backup is opt-in only — disabled by default
Your data is encrypted on your device before upload
We do not hold, access, or manage the encryption keys
Your backup is stored in your cloud account — Apple/Google privacy policies govern that storage
You can disable backup and delete your cloud backup at any time

6. AI Coach

The AI Sleep Coach feature is powered by the Anthropic API (Claude). When you interact with the AI Coach:

Your device sends only anonymous context: your role type (e.g. "shift worker"), a general phase indicator, and the anonymised text of your question
No personal identifiers are included: no name, email, user ID, sleep history, or health data
ShiftSlumber does not store the content of your AI Coach conversations
ShiftSlumber stores only a SHA-256 hash of each message for abuse detection — this hash cannot be reversed to recover the message

Anthropic's privacy policy: anthropic.com/privacy

7. Push Notifications

If you enable push notifications, we store your device push token to send reminders you have requested. Push tokens are not linked to your personal identity. You can disable push notifications at any time in your device Settings or within the app — disabling notifications triggers deletion of your push token from our servers.

8. Payments

8.1 Consumer Subscriptions

Consumer subscriptions are processed entirely through Apple App Store or Google Play, managed by RevenueCat. ShiftSlumber never sees or stores your payment card details.

Apple Privacy Policy: apple.com/legal/privacy
Google Privacy Policy: policies.google.com/privacy
RevenueCat Privacy Policy: revenuecat.com/privacy

8.2 B2B Organisation Billing

Business billing for organisational accounts is processed via Stripe. Stripe's Privacy Policy: stripe.com/au/privacy

9. Third-Party Services

Service	Purpose	Data Shared
Anthropic (Claude API)	AI Coach responses	Anonymised, non-identifying request text
Apple APNs	Push notifications (iOS)	Device push token
Google FCM	Push notifications (Android)	Device push token
RevenueCat	Subscription management	Anonymous user ID, subscription events
Apple App Store / Google Play	In-app purchases	Governed by Apple/Google policies
Stripe	B2B billing	Organisation billing contact and payment method
Resend	Transactional email (e.g. waitlist confirmation)	Your email address; standard template content only
Sentry	Error reporting	Anonymous error logs, stack traces (no PII)

10. Your Rights

Because your personal sleep data is stored exclusively on your device, you already have complete control. You can view, export, and delete all your sleep data directly within the app at any time.

For the minimal data we do hold on our servers, you have the following rights:

Australian Privacy Act 2024

Access: You may request a copy of personal information we hold
Correction: You may request correction of inaccurate personal information
Deletion: You may request deletion of your account and all associated server-side data
Complaint: You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

ShiftSlumber acknowledges the Privacy Act 2024 statutory tort for serious invasions of privacy. We are committed to handling all personal information in accordance with the Australian Privacy Principles (APPs).

GDPR (EU and UK users)

If you are located in the EU, UK, or EEA, you have additional rights under GDPR and UK GDPR including: access (Art. 15), rectification (Art. 16), erasure (Art. 17), data portability (Art. 20), restriction (Art. 18), and objection (Art. 21). Contact sleepportfolio@gmail.com — we respond within 30 days.

11. Right to Erasure — Account Deletion

To request deletion of your account and all server-side data:

Use the Delete Account option within the app (Settings → Account → Delete Account), or
Email sleepportfolio@gmail.com with the subject line "Deletion Request" and your account email address
For website waitlist data only, email sleepportfolio@gmail.com from the address you used on the form and ask to be removed from the waitlist.

We will process deletion requests within 30 days. On-device data is deleted immediately when you delete the app. Server-side data (account email, push token, waitlist entries where applicable, analytics) is permanently deleted from our systems. B2B financial records are retained for 7 years as required by Australian tax law.

12. Data Retention

Data Type	Retention Period
On-device sleep data	Indefinite — you control this; deleted when you delete the app
Account email	Until account deletion request
Website waitlist (email, name, country, city)	Until you request removal or unsubscribe from waitlist email; contact sleepportfolio@gmail.com
Push notification token	Until you disable notifications or delete your account
Anonymous analytics events	24 months (rolling), then automatically deleted
AI Coach message hashes	12 months, then automatically deleted
B2B organisation data	Until organisation closure + 7 years (Australian tax law)

13. Children

ShiftSlumber is designed for adult shift workers (18+). We do not knowingly collect personal information from individuals under 18. If you believe a person under 18 has created an account, please contact sleepportfolio@gmail.com and we will delete the account promptly.

14. Security

On-device: AES-256 encrypted SQLite; device secure enclave / Android Keystore
In transit: TLS 1.3 for all server communications
Server-side: Minimal data holdings; Row Level Security on all database tables
Annual third-party security review
Breach notification: Within 72 hours under the Privacy Act 2024 notifiable data breach scheme

15. Changes to This Policy

We will notify you of material changes via in-app notification at least 30 days before the change takes effect. The "Last updated" date at the top of this document reflects the most recent revision.

16. Contact

Privacy enquiries and rights requests:
sleepportfolio@gmail.com

Postal address:
ShiftSlumber Privacy Officer
Queensland, Australia

OAIC (Australian privacy regulator):
oaic.gov.au · 1300 363 992