youSleep Portal Privacy Policy
1. Introduction
Welcome to youSleep.ai. This Privacy Policy outlines how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR). It applies to traffic and activity on the following websites:
https://portal.yousleep.ai
https://api.yousleep.ai
By using these websites, you agree to the terms of this policy.
Company Information
youSleep.ai
Danish Center for Sleep Medicine, Rigshospitalet, Denmark
For any queries regarding this Privacy Policy, please contact us at [email protected].
2. Data Controller
youSleep.ai is the data controller responsible for determining the purposes and means of processing your personal data, as per Article 4(7) of the GDPR.
3. Personal Data We Collect
We may collect and process the following categories of personal data:
3.1 Data Provided During Sign-Up
Email address: Users must sign up using their email address. We will only contact you via email if you opt-in to our newsletter during sign-up.
3.2 Uploaded Sleep Recordings
Sleep recordings: You may upload sleep recordings (e.g., EDF files). Please anonymize these files to the best of your ability by removing personal identifiers, such as names, ages, or any other information from the EDF headers. The uploaded sleep recordings are stored locally only and are not uploaded to third-party cloud providers. Users can delete these files at any time by utilizing the deletion feature in their account settings.
3.3 Usage Data
System activity: We collect data about your use of the platform, such as which files you analyze and when. This information is necessary to provide our services and improve the performance of the platform.
Traffic data (via Cloudflare): We track and monitor incoming requests, including location data and access times, using Cloudflare for security purposes. While we do not actively link nor analyse such data in relation to any individual accounts, but it may be retained to analyze traffic patterns and ensure website security & load balancing.
4. Purposes and Legal Basis for Processing
We process your personal data based on the following legal grounds under the GDPR:
4.1 Performance of a Contract (Article 6(1)(b))
Your email and sleep recordings are processed to provide the analysis services you have requested.
4.2 Consent (Article 6(1)(a))
If you subscribe to our newsletter, we will process your email for communication purposes based on your explicit consent.
We will not use your uploaded sleep recordings to train models or algorithms unless you provide explicit consent during upload.
4.3 Legitimate Interest (Article 6(1)(f))
We may process certain system activity logs for internal analysis and improvement of our services.
4.4 Legal Obligation (Article 6(1)(c))
We may process your data where necessary to comply with legal obligations (e.g., regulatory requests, security requirements).
5. Data Storage and Retention
5.1 Storage of Uploaded Data
Your uploaded sleep recordings are stored locally and are not shared with third-party cloud providers.
You can delete your uploaded data at any time by using the deletion features provided via the API and webservice frontend.
5.2 Retention of Logs and Analysis Events
We retain logs and events produced by sleep analysis for statistical and research purposes in aggregated form. This data is never deleted but is anonymized and does not contain personal identifiers.
5.3 Account Deletion
When you delete your account, all your uploaded sleep recordings will be permanently deleted. However, logs of analysis events (without personal data) will be retained as outlined above.
6. Data Subject Rights
Under the GDPR, you have the following rights regarding your personal data:
Right to Access (Article 15): You can request access to the personal data we hold about you.
Right to Rectification (Article 16): You can request correction of inaccurate or incomplete personal data.
Right to Erasure (Article 17): You can request deletion of your personal data, including your uploaded recordings, at any time.
Right to Restrict Processing (Article 18): You may request restriction of data processing under certain conditions.
Right to Data Portability (Article 20): You can request to receive your data in a structured, commonly used format.
Right to Object (Article 21): You can object to certain types of data processing, such as for direct marketing.
You may exercise these rights by contacting us at [email protected].
7. Data Security
We implement appropriate technical and organizational measures to ensure a high level of security to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption of data during transmission
Local storage of sensitive data without third-party access
Use of firewalls and access control mechanisms
Despite these measures, no system is completely secure. If a data breach occurs, we will notify affected users in accordance with GDPR requirements.
8. Cookies and Tracking
We use cookies and similar tracking technologies to monitor the use of our website and ensure its functionality. The types of cookies used may include:
Essential cookies: Necessary for basic website functionality
9. Data Sharing
We do not share your personal data with third parties, except under the following circumstances:
Legal compliance: If required by law, we may disclose your data to government authorities.
Service providers: We may use third-party service providers, such as Cloudflare, for purposes such as DNS resolution, DDoS protection, and security monitoring. These providers may process limited personal data, such as IP addresses, for the purpose of ensuring the availability and security of our websites.
We do not sell or rent your personal data to third parties.
10. Data Transfers
Your personal data is never processed outside the EU/EEA.
11. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated "Version" & "Valid from" tags. We encourage you to review this policy regularly for any updates.
12. Contact Us
If you have any questions about this Privacy Policy or your data, please contact us:
youSleep.ai
Danish Center for Sleep Medicine, Rigshospitalet, Denmark
Email: [email protected]