Privacy Policy

Shanghai Huanxiu Technology Co., Ltd. (“we”, “us”, “our”) believe that transparency is the key to any healthy relationship. We appreciate that you trust us with information about you, and we want to be transparent about how we use it.

This privacy policy (“notice”) describes how your personal data is processed by Sleep Brain (“the app”, “the services”) and us. You will learn about the data we collect, how we use it, your rights, and the measures we take to keep it safe. We always make sure that your data is protected in accordance with applicable legislation.

You own your personal data. Therefore, we offer you several ways to control the privacy of your personal information and we are constantly striving to improve the functions and features needed in order for you to be in control.

We will process your personal data only in accordance with your consent and applicable legislation, such as the CCPA and GDPR. We are not the data controller for personal data that is processed locally on your device.

If you have any questions, or feel you need any part of this notice explained, please contact us.

When using the app, you will enter certain personal data into the app (such as your email address, when you go to bed and wake up, etc.), some personal data will be collected through your device’s accelerometer (such as your movements), microphone (such as snoring or other noises), camera (pulse), flashlight, or device location (for weather and sleep location statistics), and some personal data will be derived (such as sleep efficiency and sleep quality).

Depending on what personal data you choose to provide, the data processed within the app may, alone or together with other data, indicate information about your health. Personal data, including health data, may also be collected from other sources. You have control over what data are stored and accessed between the different apps and you can modify these settings at any time.

Additionally, if you create or log into your account through a social media service account, we will have access to certain information from that account, such as your name and other account information, in accordance with the authorization procedures set by that social media service.

Please note that this notice does not apply to third party products or services or the practices of companies that we do not own or control, including other companies you might interact with, in or through the app, unless indicated otherwise. We will not be responsible or liable for: (i) the availability or accuracy of such third-party apps or sites (ii) the content, products or services on or availability of such third-party apps or sites; or (iii) your use of any such third-party apps or sites.

We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the app or the physical safety of any person. Use for this purpose is, by definition, compatible with the original purpose and no separate legal basis is required.

Furthermore, any health data covered by the request which is necessary to process in order to establish, exercise or defend legal claims or whenever a court is acting in its judicial capacity will also be processed (GDPR; art 9.2(f)). We will keep this data as long as we have to, in order to establish, exercise or defend the claim in question.

Here we explain all important permissions that our app requests. These permissions are necessary for our app to perform certain features.

Track your sleep status to generate your sleep curves.

Measure and record your pulse and heart rate variability.

To store your data locally on the device.

Used when measuring heart rate, and is only used to illuminate fingers so that the camera can capture the light reflected by fingers.

To provide service, we must process some information about you. The types of information we collect depends on how you use Sleep Brain. You can learn how to access and delete information we collect at contacting our feedback e-mail.

Your Account Information. Our agreement with you (GDPR art 6.1(b)). If you do not provide the data, you will not be able to create an account. You must provide your email address and basic information (including a profile name of your choice) to create a Sleep Brain account. If you don’t provide us with this information, you will not be able to create an account to use our Services. You can add other information to your account, such as a profile picture, gender, date of birth, weight and height, etc. We will keep this data up to one (1) year after your last activity.

Your usage. We collect information about how you use Sleep Brain, such as the types of content you listened; the features you use; the actions you take; and the time, frequency and duration of your activities. For example, we log when you’re using and have last used Sleep Brain, and what content you view on Sleep Brain. We also collect information about how you use features like our sleep tracker.

Information about transactions made on Sleep Brain. If you use Shaolin Zen for purchase, we collect information about the purchase or transaction. This includes payment information, such as your credit or debit card number and other card information; other account and authentication information; and billing, shipping and contact details.

Manage payments and returns. Our agreement with you (GDPR art 6.1(b)). Payments and returns are handled by iTunes and Google Play. If you have registered your email address in the app, we will receive information on your payments and returns. This data will also be kept for bookkeeping purposes. This data will be kept for one (1) plus seven (7) years.

Customer Support And Other Communications. Technical data is processed based on our agreement with you (GDPR, art 6.1(b)). In most cases, we need to process this data to be able to help you with your request. Health data is processed based on your consent (GDPR, art 6.1(a) and art 9.2(a)). Legitimate interest assessment (GDPR, art 6.1(f)). We assess that our legitimate interest to communicate with you outweighs the potential (but unlikely) impact this may have on your rights and freedoms. For more information on this particular balancing test, please contact us. When you contact us for customer support or otherwise communicate with us, you may provide us with information related to your use of our Services, including copies of your messages, any other information you deem helpful, and how to contact you (e.g., an email address). For example, you may send us an email with information relating to app performance or other issues We will delete or anonymize the data as soon as the support ticket is resolved.

As described below, we collect information from and about the phones and other web-connected devices you use that integrate with our Products, and we combine this information across different devices you use. For example, we use information collected about your use of our Products on your phone to better personalize the content or features you see when you use our Products on another device, such as your laptop or tablet.

Information we obtain from these devices includes

Device attributes: information such as the operating system, hardware and software versions, battery level, signal strength, available storage space.

Device operations: information about operations and behaviors performed on the device, such as whether a window is foregrounded or backgrounded.

Identifiers: unique identifiers, device IDs.

Device signals: Bluetooth signals, and information about nearby Wi-Fi access points, beacons, and cell towers.

Data from device settings: information you allow us to receive through device settings you turn on, such as access to your GPS location, camera or photos.

Network and connections: information such as the name of your mobile operator or ISP, language, time zone, mobile phone number, IP address, connection speed and, in some cases, information about other devices that are nearby or on your network, so we can do things like help you stream a audio from your phone to your TV.

Service Providers(like Facebook) can send us information through business tools we use, including our Facebook Login, our APIs and SDKs.

In certain circumstances we may provide your Personal Information to third parties without further notice to you, unless required by the law:

–Compliance with law: We may share your information with a court, a regulatory entity, law enforcement personnel, or pursuant to a subpoena, to comply with applicable law or any obligations thereunder.

–In the context of a transaction: We may share your information in connection with an asset sale, merger, bankruptcy, or other business transaction.

–Affiliates: We may disclose your information to our affiliates, meaning an entity that controls, is controlled by, or is under common control with us. Our affiliates may use the Personal Information we share in a manner consistent with this Privacy Policy.

–For other business reasons: We may share your information to enforce any applicable Terms and Conditions and Terms of Use, and to ensure the safety and security of the site and App and our users

Apple HealthKit and Android Sleep API offers its users a central repository for health and fitness data on iPhone and Android. If you authorize the use of Apple HealthKit or Android Sleep API, our Apps will communicate with Apple HealthKit/Android Sleep API to access your data. These kits are designed to manage and merge data from multiple sources – this means that with your permission, your step count data will be pulled from your other apps in HealthKit/Android Sleep API.

We only pull your data from HealthKit/Android Sleep API based on your consent if you enable this. Under no circumstances will we share the information collected via the HealthKit/Android Sleep API to any third party, except if such third party is already providing you health services with your prior consent.

We do not use the information collected via HealthKit/Android Sleep API for advertising purposes nor are we selling the data collected to any advertising platforms, data brokers or information resellers. Prior for disclosing your personal data to third parties, we ensure that:

–The personal data shared is limited to what is reasonably required for third parties to perform their services or functions as detailed in their applicable services terms;

–Our agreements with them include reasonable terms and conditions to protect your personal data;

–These third parties provide reasonable guarantees that they will protect your personal data and comply with applicable laws.

We store your data in the cloud. We may change our hosting companies in the future, in which case, we will update this privacy policy.

Your personal information is stored inside the United States. In this situation, regarding personal data of European Union residents, we may transfer Personal Data to a Third Party outside the European Union after entering into a data transfer agreement with the other party/parties, based on standard contractual clauses adopted by the European Commission, or after adopting Binding Corporate Rules where necessary.

We strive to protect your personal data by implementing security features that are proportionate to the risks, such as unauthorized access or disclosure. Most of your personal data, including your health data, is processed and stored locally only on your device. We only process and store personal data automatically from your use of the Services when you visit, use, or interact with the Services (“Technical Information”), such as log data, usage data, device information, etc. Our Apps and websites use encryption, and access to your data is only granted on a need-to-know basis to individuals with a non-disclosure agreement or similar confidentiality obligations.

If we learn of a security systems breach, we may either post a notice, or attempt to notify you by email and will take reasonable steps to remedy the breach as specified in applicable law and this Privacy Policy. If we learn of a potential Personal Data breach, together with other actions referred to in this Privacy Policy (such as notifying you in certain cases), we may also undertake particular actions to remedy the breach, including, but not limited to, logging you out from all the devices, resetting a password (sending a temporary password for you to apply) and performing other reasonably necessary activities and actions.

To protect your health data (i.e. sleep data) from loss you can choose to use our backup service by creating an account in the app. Then, we ensure that your health data are saved even if something would happen to the app on your device. We will store all the data available in the app on our secure servers, hosted by Alibaba Cloud.

We will keep your health data in the backup until you withdraw your consent by deleting your account in the app. If you withdraw your consent we will immediately delete or anonymize your health data. If you unsubscribe to the app, we will keep your data for up to one (1) year, in case you change your mind within this period of time and want to start a new subscription. We will delete or anonymize your data one (1) year after your un-subscription.

We keep your personal data as long as required to fulfill the purpose for which it was collected, or in accordance with the law (whichever is longer), for evidence and accounting purposes, for a period not exceeding the statutory limitation periods applicable. If you are using our Apps, we keep your profile information as long as your subscription is active.

You have the right to exercise your rights on your personal data, and we will try our best to help you. Your rights vary depending on the laws that apply to your situation, and the specific circumstances of the request. Some of the rights that may apply to you include the following rights:

Right to access your personal data;

Right to request additional information about how we process your personal data;

Right to rectify your personal data if incorrect, incomplete, invalid or ambiguous;

Right to object to the processing of your data in certain circumstances;

Right to request the erasure of your personal data;

Right to data portability of your personal data (Subscription and personal data automatically transferred from an iOS phone or tablet to an Android device or the opposite).

If you want to exercise one of these rights and the situation allows for such exercise, we will generally help you without additional charges. If you request a transcription, reproduction or transmission of your personal information, we may have to charge a reasonable fee to process your request, subject to applicable laws. In this case, we will contact you about these charges before addressing your request.

For security reasons and to avoid any fraudulent request, we may be required to provide proof of identity with the request. After the request has been processed, this receipt will be destroyed.

If your request is denied, we will notify you in writing, provide you with detailed motives and information on how to contest our decision. We will keep the relevant personal data until you have exhausted your options. In any event, we will respond to your request within thirty (30) days, unless agreed otherwise.

To exercise your right, you can simply reach out to us at compliance@shaolinzen.com

Our Service is not directed to children under the age of 18. We do not knowingly collect Personal Information from children under the age of 18. If you have reason to believe that a child under the age of 18 has provided Personal Information to us through the Service, please email us at compliance@shaolinzen.com. We will investigate any notification and if appropriate, delete the Personal Information from our systems.

This Privacy Policy for California Residents (this “Policy”) supplements the information contained in Sleep Brain’s “core” policy above and applies solely to all visitors, users, and others who reside in the state of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Policy.

Where noted in this Policy, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication (“B2B personal information”) from some of its requirements.

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:

Publicly available information from government records.

Deidentified or aggregated consumer information.

Information excluded from the CCPA’s scope, like:

health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;

personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

Directly from you. For example, from forms you complete or products and services you purchase and from the use of our mobile applications.

Indirectly from you. For example, from observing your actions while using our applications. From third-party business partners such as Apple Kit, Google Fit, Firebase, social media sites, ad networks, and analytics providers.

We may use or disclose the personal information we collect for one or more of the following purposes:

To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.

To provide, support, personalize, and develop our website, Apps, products, and services.

To create, maintain, customize, and secure your account with us.

To process your requests, purchases, transactions, and payments and prevent transactional fraud.

To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.

To personalize your app or website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through third-party sites, and via email or text message (with your consent, where required by law). to monitor and analyze trends, usage, and activities in connection with our App To help maintain the safety, security, and integrity of our website, products and services, databases and other technology assets, and business.

For testing, research and product development, including to develop and improve our website, Apps, products, and services.

To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

As described to you when collecting your personal information or as otherwise set forth in the CCPA.

To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred.

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:

The categories of personal information we collected about you.

The categories of sources for the personal information we collected about you.

Our business or commercial purpose for collecting or selling that personal information.

The categories of third parties with whom we share that personal information.

If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:

sales, identifying the personal information categories that each category of recipient purchased; and disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

The specific pieces of personal information we collected about you (also called a data portability request).

We do not provide a right to know or data portability disclosure for B2B personal information.

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.

Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

Debug products to identify and repair errors that impair existing intended functionality.

Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).

Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.

Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

Comply with a legal obligation.

Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

We do not provide these deletion rights for B2B personal information.

Exercising Your Rights to Know or Delete

To exercise your rights to know or delete described above, please submit a request by:

Emailing us at compliance@shaolinzen.com

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.

You may only submit a request to know twice within a 12-month period. Your request to know or delete must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:

Logging in to your Web/App account using your username and password;

Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

You will not need to have an existing account with us to submit a request to know or delete.

However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.

We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.

For instructions on exercising your sale opt-out or opt-in rights, please email us at compliance@shaolinzen.com

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact compliance@shaolinzen.com

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

Deny you goods or services.

Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

Provide you a different level or quality of goods or services.

Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to compliance@shaolinzen.com .

While our website and services are not intended for anyone under the age of 18, nor knowingly collect Personal Information from anyone under the age of 18, if you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: compliance@shaolinzen.com . When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the specific interface/function where the information was entered, so that we can find it.

We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the content or information. Removal of your content or information from our system does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.

We reserve the right to amend this Policy at our discretion and at any time. When we make changes to this Policy, we will post the updated notice on our website and update the notice’s effective date. Your continued use of our website, App, products, and services following the posting of changes constitutes your acceptance of such changes.

If you have any questions or comments about this notice, the ways in which we collect and use your information described here and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Email: compliance@shaolinzen.com

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact compliance@shaolinzen.com

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.