Last updated:
Hello, we are Ipnos Software Inc. ("Ipnos" or "We")!
Respect for your privacy is important to you and to us. It’s essential that we earn your trust, and that Ipnos’ practices reflect our respect for your privacy. In this spirit, we created this policy to help you comprehend how we collect, use, disclose or otherwise process your personal data. We also cover information about your rights and other important details about your privacy, like how we secure your personal data. If you have any questions, please feel free to email our privacy support officer at privacy@ipnos.com. Where relevant, Ipnos is the Controller under this policy.
This privacy policy applies to all our mobile apps (our ‘Apps’) and to your use of our websites (‘Websites’ or ‘Web’):
This policy also applies to communications you may have with us via email, through live chat on our Apps or through social media.
When you click on links to third parties’ websites, or if you use a third party to create accounts on our Apps or websites, such as Google, Facebook or Twitter, this privacy policy does not apply to your sharing of personal data with these third parties. It’s always a good idea to read their privacy policies to understand what they do with your personal data.
Our Apps and Websites can be accessed and used from around the world. The laws that apply to the protection of your personal data may vary depending on where you reside. Ipnos strives to comply with all applicable laws – if you have questions based on your situation, feel free to contact privacy support at privacy@ipnos.com. To see the specific Privacy notice applicable to California residents, click here.
We reserve the right to and may change this Privacy Policy from time to time. Please review this policy regularly for the latest updates on our data privacy practices. If we make any material changes, we will notify you through the App, or by presenting you with a new version of this Privacy Policy. Your continued use of the App after the effective date of an updated version of the Privacy Policy will indicate your acceptance of the Privacy Policy as modified. In some cases, we will need to request that you accept changes to the Privacy Policy explicitly. In these cases where explicit acceptance is required, we will contact you to request your acceptance. If you do not accept the terms of the Privacy Policy, you may not use the App or Websites. Please exit the App and Websites immediately if you do not agree to the terms of this Privacy Policy.
We want to protect your privacy as much as possible, so we consider personal data to include any information which allows us to identify you directly or indirectly, including through cookies and other electronic tools.
Like many websites, our Websites and Apps use "cookies" to collect information. A cookie is a small data file that a website puts on your computer’s hard disk so that the website can remember something about you at a later time. If you are looking for more information on cookies, you can refer to websites such as http://www.cookiecentral.com/.
In this privacy policy, when we refer to "cookies" we include other technologies with similar purposes, such as pixels, tags, web beacons and the mobile identifiers which we collect from your cell phone (Android’s Advertising ID (AAID/IFA) or Apple’s Identifier for Advertising).
There are different types of cookies. Ipnos uses both first party and third party cookies:
Cookies can also be classified based on their roles. These are the types of cookies we use on our Websites and Apps:
If you are using one of our Websites, you can change your browser's settings so it will stop accepting cookies and web beacons or to prompt you before accepting a cookie or web beacon. Opt-out options for cookies and web beacons are located here.
General Information. When you sign up to use the App, we may collect Personal Data about you such as:
You can create an account on some of our Apps and Websites using your Facebook, Google, Apple or Twitter account (you should read the applicable third party privacy policy to see what other information those parties collect when you use their account to login to our Websites/Apps).
Sleep and Well-being. When you use the App, you may choose to provide personal information which might be considered related to your health and well-being such as:
You also may give us the ability to import into the App Personal Data about your health and activities from third-party services such as Apple HealthKit and Google Fit. Such imported Personal Data may include your sleep patterns/data. In order for us to process any Personal Data under this category we will explicitly ask your consent on the registration screen.
If you take our sleep “chronotypes” quiz, we will only temporarily collect your answers to those questions for the purposes of delivering your “sleep score” or chronotype number. We do not store your individual answers to the chronotypes quiz, but we may store your “sleep score” against your unique Ipnos client ID and you will be able to see your chronotype in your profile.
When you access or use the App or Web, we may automatically collect the following information:
Device Information:
Location Information:
We do not collect precise location data about you, although we are able to see in which city you are located, based on your IP address. We also collect information about the browser or device used to access the Website and App, such as the user’s mobile device ID (if you consent/opt in to tracking this) and IP address. This allows us to personalize your experience, and ensure that you are receiving relevant content and the right legal disclosures applicable to you based on your legal jurisdiction.
App usage data, including, among others:
To collect this information, we may send cookies to your mobile device or computer. Opt-out options for cookies and web beacons are located here.
Data from external sources. We may use third-party tools like AppsFlyer that provide us some of your attribution data (which basically means information about the ad that brought you to the website or App) that we may further utilize to customize and personalize your App experience. We may also use such data for statistical purposes and analytics.
We will not collect or process your Personal Data without having a reason and providing you with notice. So, for any processing of your Personal data we need to have some valid ground for conducting the processing, this is sometimes referred to as “legal basis”.
We process your Personal Data based on the following legal basis:
Here is the description of the main type of processing activities we conduct with your Personal data and related legal basis for that (with some basic examples which are not exhaustive):
Purpose of processing | Legal basis for processing | Example |
---|---|---|
to analyze, operate, maintain and improve the App, to add new features and services to the App, to support the existing functions of the App | Consent | We may use data about your sleep cycle to suggest a time that is best for you to go to bed or wake up |
to customize content and materials you see when you use the App | Consent | Based on your preferences and logged-in information we may provide you certain suggested sleep stories to listen to or meditations to try |
to customize product and service offerings and recommendations to you, including third-party products and offerings (excluding data from Apple HealthKit and Google Fit) | Consent | We may send you a discount offer for our Premium App options to your email. You can opt-out anytime by contacting us at privacy@ipnos.com. |
to provide and deliver the products and services you request, process transactions and send you related information, including confirmations and reminders | Contract | Using your device data we may send you a reminder to meditate, a mindfulness or sleep “tip”, or other suggestion. Disable this anytime in your phone settings. |
for billing (invoicing), account management and other administrative purposes, if applicable | Contract | We may send you an email with an invoice, if applicable. |
to respond to your comments, questions and requests and to provide customer service | Contract | We may process your name and email to reply to your support requests |
to send you technical notices, updates, security alerts and support and administrative messages | Legitimate interest | We may send you an email notification that contains a customer satisfaction survey You can opt-out anytime by contacting us at privacy@ipnos.com. |
to monitor and analyze trends, usage and activities in connection with our App | Consent | We may analyze your browsing activity in the App to understand what you like or dislike about it in order to improve your future experience |
solely with respect to information that you agree to share, for Company promotional purposes (except data from Apple HealthKit and Google Fit) | Consent | If you give your consent, we can post your review or comment on our website |
to comply with legal obligations and requests | Legal obligation | We may be required to process your personal data to comply with applicable laws and court orders. In this case, we make sure that our legal counsel assists us in ensuring that we only process your personal data as required by the law, or court orders. |
Data minimization and purpose limitation. We will not process Personal Data in a way that is incompatible with the purposes for which it has been collected unless subsequently authorized by you or collect any Personal Data that is not needed for the purposes. For any new purpose of processing we will ask your separate consent.
No sale of Personal Data. We will never sell, rent, or disclose your Personal Data. In some jurisdictions, sharing data can be considered a sale of data. We may share only some of your Personal Data to our service providers strictly limited to cases and purposes stipulated in this Privacy Policy and in accordance with agreements we have with them. We will also never use the information gained through your use of the HealthKit and Google Fit framework for advertising or similar services, or sell it to advertising platforms, data brokers, or information resellers.
Information about you may be disclosed to third parties for one or more of the following purposes:
We may share some of your non-health Personal Data (like your device ID, IDFA, IP address, version information) with AppsFlyer, a mobile marketing platform, that handles your Personal Data in accordance with our instructions. By using AppsFlyer and its integrated partners we are able to reach you and people like you on various platforms that might be interested in our products too. AppsFlyer also helps us to determine if our advertising campaigns are going well by providing advertising attribution services. If we need to share your Personal Data with other platforms for this purpose, except as defined herein, we will ask for your consent.
This is how we work the AppsFlyer/integrated ad platforms:
Read more about AppsFlyer here and its integrated partners here.
Opt-out options. You can withdraw your consent or opt-out, whatever applies in your case, from sharing of your Personal Data in accordance with this subsection anytime by using one of the following options:
You and others may see certain ads for our Apps or Websites on other websites because we participate in ad networks. Ad networks allow us to target our messaging to users through demographic, interest-based, and contextual means. These networks track individuals’ online activities over time by collecting information through automated means, including through the use of cookies, web server logs, and web beacons. The networks use this information to show advertisements that may be tailored to an individual’s interests. The information our ad networks may collect includes information about your visits to websites that participate in the relevant ad networks, such as the pages or advertisements you view and the actions you take on the websites. This data collection takes place both on our websites and on third-party websites that participate in the ad networks. This process also helps us track the effectiveness of our marketing efforts and assists other websites and advertising partners to find you or people like you on different platforms, including social media websites.
By way of example, if you use Web (only) we may use Facebook Conversion Tracking Pixel to record how efficient our advertisements are for statistical and market research purposes. Facebook may connect the data with your Facebook account and use the data for their own advertising purposes, in accordance with its current privacy policy, which you can find here. No direct Facebook tracking is enabled in the App.
Google Analytics offers a function about remarketing audiences. It allows us to create segments based on the analytics that we have obtained, and then use it as part of remarketing campaigns on our Google Ads account. Google Ads uses a different cookie than Google Analytics.s mentioned above, you can opt-out of cookies and web beacons by visiting this link here.
In addition to using AppsFlyer for analytics, we also use Iterable, Facebook SDK and Mixpanel to measure our performance and to help increase the performance of our ad campaigns. These third parties provide us with analytics for our Websites and Apps, which can then be used to segment users based on demographic information, custom events and user or session activity as part of our interest-based advertising activities. We also use analytics to learn about how we can improve our site and App and offer more services and functionality that may interest you.
We also use Google Analytics Demographics and Interest Reporting to better understand our websites’ performance. Google Analytics uses third party cookies to get information about how you arrived on our website, the search terms which were leveraged, the time of your visit, etc.
If you want to opt-out from Google Analytics Demographics and Interest Reporting, you can do so by clicking here.
Some of our pages, such as our blog posts, have an option allowing you to share the content on your social media. This occurs through a tool which can collect indirect data about you, like your IP address and information derived from your IP address (geographic location and information about your device like your preferred language). It may also collect the time and date that you visited the page for sharing.
If you connect to our Apps or websites through your social media, we receive the information which you accept to share with us to authenticate you.
Apple HealthKit and Android Sleep API offers its users a central repository for health and fitness data on iPhone and Android. If you authorize the use of Apple HealthKit or Android Sleep API, our Apps will communicate with Apple HealthKit/Android Sleep API to access and share your data. These kits are designed to manage and merge data from multiple sources – this means that with your permission, our data are merged with those of your other apps in HealthKit/Android Sleep API.
We only share your data with HealthKit/Android Sleep API based on your consent, such as the time spent meditating through meditation logs and your sleep data, if you enable this. Under no circumstances will we share the information collected via the HealthKit/Android Sleep API to any third party, except if such third party is already providing you health services with your prior consent.
We do not use the information collected via HealthKit/Android Sleep API for advertising purposes nor are we selling the data collected to any advertising platforms, data brokers or information resellers. Prior for disclosing your personal data to third parties, we ensure that:
We store your data on Google Cloud. We may change our hosting companies in the future, in which case, we will update this privacy policy.
Your personal information is stored inside and outside of Canada, including in the United States. In this situation, regarding personal data of European Union residents, we may transfer Personal Data to a Third Party outside the European Union after entering into a data transfer agreement with the other party/parties, based on standard contractual clauses adopted by the European Commission, or after adopting Binding Corporate Rules where necessary.
We strive to protect your personal data by implementing security features that are proportionate to the risks, such as unauthorized access or disclosure. Our Apps and websites use encryption, and access to your data is only granted on a need-to-know basis to individuals with a non disclosure agreement or similar confidentiality obligations.
If we learn of a security systems breach, we may either post a notice, or attempt to notify you by email and will take reasonable steps to remedy the breach as specified in applicable law and this Privacy Policy. If we learn of a potential Personal Data breach, together with other actions referred to in this Privacy Policy (such as notifying you in certain cases), we may also undertake particular actions to remedy the breach, including, but not limited to, logging you out from all the devices, resetting a password (sending a temporary password for you to apply) and performing other reasonably necessary activities and actions.
We keep your personal data as long as required to fulfill the purpose for which it was collected, or in accordance with the law (whichever is longer), for evidence and accounting purposes, for a period not exceeding the statutory limitation periods applicable. If you are using our Apps, we keep your profile information as long as your subscription is active.
You have the right to exercise your rights on your personal data, and we will try our best to help you. Your rights vary depending on the laws that apply to your situation, and the specific circumstances of the request. Some of the rights that may apply to you include the following rights:
If you want to exercise one of these rights and the situation allows for such exercise, we will generally help you without additional charges. If you request a transcription, reproduction or transmission of your personal information, we may have to charge a reasonable fee to process your request, subject to applicable laws. In this case, we will contact you about these charges before addressing your request.
For security reasons and to avoid any fraudulent request, we may be required to provide proof of identity with the request. After the request has been processed, this receipt will be destroyed.
If your request is denied, we will notify you in writing, provide you with detailed motives and information on how to contest our decision. We will keep the relevant personal data until you have exhausted your options. In any event, we will respond to your request within thirty (30) days, unless agreed otherwise.
To exercise your right, you can simply reach out to us at privacy@ipnos.com.
This Privacy Policy for California Residents (this “Policy”) supplements the information contained in Ipnos’ “core” policy above and applies solely to all visitors, users, and others who reside in the state of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Policy.
Where noted in this Policy, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication (“B2B personal information”) from some of its requirements.
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
Category | Collected | Disclosed for a business purpose |
---|---|---|
A. Identifiers. | Yes | Yes |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | Yes | Yes |
C. Protected classification characteristics under California or federal law. | No | N/A |
D. Commercial information. | Yes | Yes |
E. Biometric information. (for example your sleep data and meditation minutes) | Yes | Yes |
F. Internet or other similar network activity. | Yes | Yes |
G. Geolocation data. | Yes | Yes |
H. Sensory data. | No | No |
I. Professional or employment-related information. | Yes | Yes |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | No | No |
K. Inferences drawn from other personal information. | Yes | Yes |
We obtain the categories of personal information listed above from the following categories of sources:
We may use or disclose the personal information we collect for one or more of the following purposes:
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
None of our Apps currently sell advertising data. Our newest Apps, including BetterSleep, no longer contain any advertising-related code. The following Apps include legacy advertising code, but are no longer actively capable of displaying targeted ads:
iOS:
Android:
We may share your personal information by disclosing it to a third party for a business purpose. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the categories of third parties indicated in the chart below.
The CCPA defines "sale" broadly. It includes the sharing of personal information in exchange for anything of value. According to this broad definition, in the 12 months before this section was last updated, our use of analytics and targeting cookies and web beacons to deliver advertising tailored to individual interests may have been considered a "sale" of personal information.
In the preceding twelve (12) months, the categories of third parties listed may have received the following categories of personal information for the listed reasons. For more options, click here.
Personal Information Category | Category of Third-Party Recipients | Business Purpose Disclosures |
---|---|---|
A: Identifiers. | Data Analytics Providers; Operating Systems & Platforms; Ad Platform, Social Networks; Payment processing vendors, customer support vendors | |
B: California Customer Records personal information categories. | Payment processing vendors, customer support vendors | |
C: Protected classification characteristics under California or federal law. | None | |
D: Commercial information. | Payment processing vendors, customer support vendors | |
E: Biometric information. | Apple Kit/Google Fit | |
F: Internet or other similar network activity. | Data Analytics Providers; Operating Systems & Platforms; Ad Platforms, Social Networks; | |
G: Geolocation data. | Data Analytics Providers; Operating Systems & Platforms | |
H: Sensory data. | None | |
I: Professional or employment-related information. | None | |
J: Non-public education information. | None | |
K: Inferences drawn from other personal information. | Data Analytics Providers;Ad Platforms, Social Networks |
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the "right to know"). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:
We do not provide a right to know or data portability disclosure for B2B personal information.
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the "right to delete"). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
We do not provide these deletion rights for B2B personal information.
To exercise your rights to know or delete described above, please submit a request by either:
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You will not need to have an existing account with us to submit a request to know or delete. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in the request to verify the requestor's identity or authority to make it.
For instructions on exercising your sale opt-out or opt-in rights, click here.
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact privacy@ipnos.com .
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@ipnos.com.
While our website and services are not intended for anyone under the age of 18, if you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: privacy@ipnos.com. When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it.
We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the content or information. Removal of your content or information from our system does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.
We reserve the right to amend this Policy at our discretion and at any time. When we make changes to this Policy, we will post the updated notice on our website and update the notice's effective date. Your continued use of our website, App, products, and services following the posting of changes constitutes your acceptance of such changes.
If you have any questions or comments about this notice, the ways in which we collect and use your information described here and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Phone: (855) 213-6709
Email: privacy@ipnos.com
Postal Address:
Ipnos Software Inc.
Attn: Legal Department
1010-615 Boul Rene-Levesque
O Montreal, QC, H3B 1P5, CANADA