Privacy Policy

1. Data Controller

• Controller: BEAST LABS, SLU
• NRT: L-718834-Y
• Registered Address: Avinguda Verge de Canòlich, núm. 124, 1r pis, 2a porta, despatx 12, Edifici La Freixera, Sant Julià de Lòria, AD600, Andorra
• Email: contact@beast-labs.com

2. Information We Collect

2.1 Nap and Sleep Session Data

When you use Smart Nap, the App collects and stores the following data locally on your device:

• Nap session start time, end time, and duration
• Sleep onset time (when you fall asleep)
• Wake time and cutoff time settings
• Sleep efficiency calculations
• Sleep timeline events (fell asleep / woke up timestamps)
• Nap session status (pending, in progress, completed, interrupted)
• Device origin (iPhone or Apple Watch)
• Alarm output settings (iPhone, Apple Watch, or both)

This data is stored entirely on your device using Apple's SwiftData framework. We do not transmit your nap session data to any external server.

2.2 Apple HealthKit Data

With your explicit permission, the App reads sleep analysis data from Apple HealthKit on your Apple Watch. Specifically, we request read-only access to:

• Sleep Analysis (HKCategoryTypeIdentifier.sleepAnalysis) — including sleep stages such as "in bed", "asleep (unspecified)", "asleep (core)", "asleep (deep)", "asleep (REM)", and "awake"

We use this data solely to detect sleep onset during nap sessions and to calculate optimal wake times. In accordance with Apple's HealthKit guidelines:

• HealthKit data is never shared with third parties
• HealthKit data is never used for advertising, marketing, or data-mining purposes
• HealthKit data is never sold to anyone
• HealthKit data is never transmitted to any external server or cloud service
• HealthKit data is never stored in iCloud or any cloud backup system
• HealthKit data is processed entirely on-device

You can revoke HealthKit access at any time in iOS Settings > Health > Data Access & Devices > Smart Nap.

2.3 User Preferences

The App stores your personalization settings on-device, including:

• Default nap duration and cutoff time
• Alarm output preference (iPhone, Apple Watch, or both)
• Alarm tone selection and volume settings
• Haptic feedback and sound alarm preferences
• Appearance mode (system, light, or dark)
• Session history limit

These preferences are stored using Apple's SwiftData and UserDefaults frameworks on your device only.

2.4 Subscription and Purchase Data

Smart Nap offers only auto-renewable subscriptions (Weekly and Yearly plans) to unlock Pro features ("Smart Nap Pro"). Smart Nap does not offer a lifetime purchase plan. Some plans may include a 3-day free trial. Payments are processed exclusively by Apple via In-App Purchase. We do not receive or store your payment card details, Apple ID password, or billing address.

To verify your subscription status and manage entitlements across devices, we use the following third-party services:

• RevenueCat — processes limited purchase-related and technical information including: product identifiers, entitlement status, purchase receipts or receipt-derived data, anonymous app user identifiers, and device/network metadata needed for fraud prevention and purchase validation. RevenueCat's privacy policy: https://www.revenuecat.com/privacy
• Superwall — used to present and manage paywall screens. Superwall may process limited technical device information and subscription status. Superwall's privacy policy: https://superwall.com/privacy

2.5 Analytics and Marketing Measurement (Meta/Facebook SDK)

The App includes the Meta/Facebook SDK (FBSDKCoreKit). We use it to measure marketing performance and understand whether app installs or purchases resulted from ad campaigns.

When required, we request permission using Apple's App Tracking Transparency (ATT) framework before any tracking occurs.

• If you allow tracking: the Meta/Facebook SDK may process identifiers such as the device advertising identifier (IDFA) and related device/network information. We may log certain in-app events for measurement and attribution, including: nap completion events, paywall views, checkout initiation, purchase events, content views, and app rating events.
• If you deny tracking: we disable advertiser identifier collection (IDFA) and auto-logging of app events for tracking purposes. We do not intentionally log marketing events. The SDK may still process limited device/network information necessary for basic SDK functionality, subject to Meta's policies.

Advertiser ID collection and auto-logging of app events are gated behind your ATT consent — the App only enables these features at runtime when you grant tracking permission. If you deny or later revoke ATT permission, these features are disabled.

2.6 Device Identifiers

• IDFA (Identifier for Advertisers): Only collected if you grant ATT permission. Used exclusively for marketing attribution via the Meta SDK.
• IDFV (Identifier for Vendors): May be used by RevenueCat and Superwall as an anonymous device identifier for subscription management.
• Anonymous RevenueCat App User ID: An anonymous identifier assigned by RevenueCat to manage your subscription status. This is not linked to your name, email, or Apple ID.

2.7 Notifications

Smart Nap uses Apple's AlarmKit framework for system-level alarms, as well as local notifications and audio, to deliver nap alarms and wake-up alerts. AlarmKit requires your explicit permission when first used. These alarms and notifications are created and processed entirely on your device. We do not use push notification services or remote servers for alarm delivery.

2.8 Apple Watch Data

If you use Smart Nap on Apple Watch, the Watch app syncs nap session data and preferences with the iPhone app using Apple's Watch Connectivity framework. This data transfer occurs directly between your paired devices over a secure local connection and does not pass through any external servers.

2.9 Diagnostics and Crash Reports

We do not integrate a third-party crash reporting SDK in the App. Apple may provide aggregated or device-level diagnostic information to developers depending on your device settings and Apple's diagnostic sharing policies.

2.10 What We Do NOT Collect

The App does not collect:

• Your name, email address, or other personal contact information (unless you email us directly)
• Location data
• Photos, contacts, or calendar data
• Microphone or camera data
• Browsing history
• User-generated content (the App has no social or sharing features)

3. How We Use Information

We use the information described above for the following purposes:

• Provide core functionality: Track nap sessions, detect sleep onset, calculate sleep efficiency, manage alarms, and display nap history
• Apple Watch integration: Sync nap sessions and preferences between iPhone and Apple Watch
• HealthKit integration: Read sleep data to enhance sleep detection accuracy (on-device only)
• Subscription management: Validate purchases, manage Pro feature access, and restore purchases across devices
• Marketing measurement: Measure advertising campaign effectiveness (only with your ATT consent)
• Improve the App: Understand feature usage patterns to improve the product
• Prevent fraud: Detect and prevent subscription fraud via purchase validation

4. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or United Kingdom, we rely on the following legal bases:

• Performance of a contract: To provide the App's features, process subscriptions, and manage Pro access
• Legitimate interests: Security, fraud prevention, and service improvement
• Consent: For HealthKit data access, App Tracking Transparency permission, and notification delivery
• Explicit consent (GDPR Article 9): HealthKit sleep analysis data is classified as special category data (health data) under GDPR Article 9. We process this data only with your explicit, informed consent, which you provide by granting HealthKit permissions. You may withdraw this consent at any time by revoking HealthKit access (see Section 8), and we will cease processing your health data immediately.

You may withdraw consent at any time (see Section 8).

5. Sharing and Third Parties

We do not sell your personal data. We share information only as needed to provide the App:

• Apple — App Store / In-App Purchase processing, HealthKit framework (on-device), Watch Connectivity (device-to-device), and diagnostics
• RevenueCat, Inc. — Subscription validation, entitlement management, and purchase receipt processing (Privacy Policy)
• Superwall, Inc. — Paywall presentation and configuration (Privacy Policy)
• Meta Platforms, Inc. (Facebook SDK) — Marketing measurement and attribution, subject to your ATT choice (Privacy Policy)

HealthKit data is never shared with any third party. It remains on your device at all times.

6. Data Retention

• Nap session data and preferences: Stored on your device until you delete it or uninstall the App. Data is permanently removed when the App is deleted from your device.
• HealthKit data: Managed by Apple's Health app. Smart Nap reads this data in real-time and does not maintain a separate copy. Retention is governed by your Apple Health settings.
• Subscription/purchase data: Retained by RevenueCat for the duration of your subscription plus up to 90 days after expiration for fraud prevention. Apple retains purchase records in accordance with its own data retention policies. See RevenueCat's privacy policy for details.
• Marketing/attribution data (Meta): Retention is governed by Meta's data retention policies (typically up to 2 years for ad attribution data); we do not separately retain this data on our servers.
• Anonymous identifiers (IDFV, RevenueCat user ID): Retained for the duration of your use of the App and deleted upon request or after 12 months of inactivity.
• Support communications: If you contact us via email, we retain communications for up to 12 months after resolution, then delete or anonymize them.

7. Data Security

We implement the following security measures:

• All nap session data and user preferences are stored in Apple's secure app sandbox on your device, protected by device-level encryption
• HealthKit data is protected by Apple's HealthKit security framework and device passcode encryption
• iPhone-to-Apple Watch communication uses Apple's encrypted Watch Connectivity framework
• Subscription data is transmitted to RevenueCat over HTTPS/TLS encrypted connections
• Analytics data is transmitted to Meta over HTTPS/TLS encrypted connections
• We do not operate backend servers that store your personal data

Data Breach Notification

In the event of a personal data breach that affects your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay, as required by GDPR Article 34.

8. Your Choices and Controls

• HealthKit access: You can grant or revoke HealthKit permissions at any time in iOS Settings > Health > Data Access & Devices > Smart Nap.
• Tracking (ATT): You can allow or deny tracking when prompted, or change your choice later in iOS Settings > Privacy & Security > Tracking.
• Ad Measurement Opt-Out: You can opt out of marketing measurement at any time by going to iPhone Settings > Apps > Smart Nap and deselecting "Allow Tracking".
• Notifications: You can enable or disable notifications in iOS Settings > Notifications > Smart Nap.
• Data deletion: You can delete all local App data by removing the App from your device. Nap session history and preferences will be permanently deleted.
• Subscription management: You can manage or cancel subscriptions in iOS Settings > [your name] > Subscriptions.
• Data portability: Your nap session data is stored locally on your device and accessible through Apple HealthKit (where applicable). If you require a copy of any personal data we process through third-party services, contact us at contact@beast-labs.com and we will provide it in a structured, commonly used, machine-readable format within 30 days.

9. International Transfers

Some of our third-party service providers (RevenueCat, Meta, Superwall) may process data outside your country of residence, including in the United States. Where required by applicable law, we rely on appropriate safeguards such as contractual protections (e.g., Standard Contractual Clauses) to protect your information during international transfers.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of access (GDPR Art. 15) — request a copy of the personal data we hold about you
• Right to rectification (GDPR Art. 16) — request correction of inaccurate personal data
• Right to erasure (GDPR Art. 17) — request deletion of your personal data ("right to be forgotten")
• Right to restrict processing (GDPR Art. 18) — request that we limit how we use your data
• Right to data portability (GDPR Art. 20) — receive your data in a structured, machine-readable format
• Right to object (GDPR Art. 21) — object to processing based on legitimate interests
• Right to withdraw consent — withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing
• Right not to be subject to automated decision-making (GDPR Art. 22) — Smart Nap does not make automated decisions with legal or significant effects based on your data. Sleep efficiency scores and recommendations are for informational purposes only.

EEA/UK users: You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state or the UK where you reside or work, or where the alleged infringement occurred.

GDPR Article 27 Representative: As we are established in Andorra (outside the EU/EEA), we are not required to appoint a representative under GDPR Article 27 at this time. If this changes, we will update this policy accordingly.

We will respond to all legitimate rights requests within 30 days. To exercise your rights, contact: contact@beast-labs.com

11. Children

Smart Nap is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to request deletion, the right to correct inaccurate data, and the right to opt out of "sales" or "sharing" of personal information.

We do not sell personal information as defined by the CCPA/CPRA. Marketing measurement data processed via the Meta/Facebook SDK may constitute "sharing" for cross-context behavioral advertising under CPRA; you can opt out via the App Tracking Transparency prompt or in iOS Settings.

Categories of personal information collected: Identifiers (device identifiers, anonymous user IDs), commercial information (subscription purchase history), sensitive personal information (sleep analysis/health data, with explicit consent), and internet/electronic network activity (app usage data).

Right to limit use of sensitive personal information: Sleep analysis data is classified as sensitive personal information under CPRA. You can limit our use of this data by revoking HealthKit permissions in iOS Settings. We only use sensitive personal information to provide the App's core features.

Do Not Sell or Share: We do not sell your personal information. To opt out of "sharing" for cross-context behavioral advertising (Meta SDK), deny tracking when prompted by App Tracking Transparency, or change your choice in iOS Settings > Privacy & Security > Tracking.

Global Privacy Control (GPC): We honor the Global Privacy Control opt-out preference signal. If your browser or device sends a GPC signal when visiting our companion website, we treat it as a valid opt-out request under CPRA.

Non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights. You will not receive different pricing, quality, or service levels based on exercising your privacy rights.

To exercise your California privacy rights, contact: contact@beast-labs.com

12A. Additional U.S. State Privacy Rights

If you reside in Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, or other U.S. states with comprehensive privacy laws, you may have similar rights including: the right to access, correct, and delete your personal data; the right to opt out of targeted advertising, sales of personal data, and profiling; and the right to data portability.

Right to appeal: If we deny a privacy rights request, you have the right to appeal our decision. To file an appeal, contact us at contact@beast-labs.com with the subject line "Privacy Rights Appeal." We will respond to appeals within 60 days.

To exercise your state privacy rights, contact: contact@beast-labs.com

13. Health Data — Special Protections

Smart Nap accesses Apple HealthKit sleep analysis data exclusively to provide its core nap tracking features. We adhere strictly to the following principles:

• HealthKit data is processed entirely on your device
• HealthKit data is never transmitted to our servers or any third-party service
• HealthKit data is never used for advertising, marketing, or data-mining
• HealthKit data is never sold, rented, or disclosed to third parties
• HealthKit data is never used to build user profiles for advertising
• Access to HealthKit data requires your explicit opt-in consent and can be revoked at any time

This section satisfies Apple's requirement that apps using HealthKit must clearly disclose their health data practices in their privacy policy.

14. Privacy by Design

Smart Nap is built on privacy-by-design principles. Data minimization is a core architectural decision:

• Health and sensor data is processed on-device wherever possible to minimize data exposure
• We do not operate backend servers that store your personal data — there is no database of user sleep records
• Tracking and analytics are disabled by default and require your explicit opt-in consent
• We collect only the minimum data necessary to provide the App's features
• Our App Store privacy labels (App Privacy "Nutrition Labels") accurately reflect our data practices as described in this policy

15. SKAdNetwork

The App registers with Apple's SKAdNetwork to allow ad networks to attribute app installations without revealing personally identifiable information. SKAdNetwork operates at the aggregate level and does not give advertisers access to individual user data.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post updates on this page and revise the "Last updated" date at the top. If we make material changes, we will provide notice through the App or by other means as required by law.

17. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

• Email: contact@beast-labs.com
• Address: BEAST LABS, SLU, Avinguda Verge de Canòlich, núm. 124, 1r pis, 2a porta, despatx 12, Edifici La Freixera, Sant Julià de Lòria, AD600, Andorra