youSleep Portal Privacy Policy

Version 1 (latest)

Valid from 9/22/2024

1. Introduction
Welcome to youSleep.ai. This Privacy Policy outlines how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR). It applies to traffic and activity on the following websites:

https://portal.yousleep.ai
https://api.yousleep.ai

By using these websites, you agree to the terms of this policy.

Company Information
youSleep.ai
Danish Center for Sleep Medicine, Rigshospitalet, Denmark

For any queries regarding this Privacy Policy, please contact us at [email protected].

2. Data Controller
youSleep.ai is the data controller responsible for determining the purposes and means of processing your personal data, as per Article 4(7) of the GDPR.

3. Personal Data We Collect
We may collect and process the following categories of personal data:

3.1 Data Provided During Sign-Up
Email address: Users must sign up using their email address. We will only contact you via email if you opt-in to our newsletter during sign-up.

3.2 Uploaded Sleep Recordings
Sleep recordings: You may upload sleep recordings (e.g., EDF files). Please anonymize these files to the best of your ability by removing personal identifiers, such as names, ages, or any other information from the EDF headers. The uploaded sleep recordings are stored locally only and are not uploaded to third-party cloud providers. Users can delete these files at any time by utilizing the deletion feature in their account settings.

3.3 Usage Data
System activity: We collect data about your use of the platform, such as which files you analyze and when. This information is necessary to provide our services and improve the performance of the platform.
Traffic data (via Cloudflare): We track and monitor incoming requests, including location data and access times, using Cloudflare for security purposes. While we do not actively link nor analyse such data in relation to any individual accounts, but it may be retained to analyze traffic patterns and ensure website security & load balancing.

4. Purposes and Legal Basis for Processing
We process your personal data based on the following legal grounds under the GDPR:

4.1 Performance of a Contract (Article 6(1)(b))
Your email and sleep recordings are processed to provide the analysis services you have requested.

4.2 Consent (Article 6(1)(a))
If you subscribe to our newsletter, we will process your email for communication purposes based on your explicit consent.
We will not use your uploaded sleep recordings to train models or algorithms unless you provide explicit consent during upload.

4.3 Legitimate Interest (Article 6(1)(f))
We may process certain system activity logs for internal analysis and improvement of our services.

4.4 Legal Obligation (Article 6(1)(c))
We may process your data where necessary to comply with legal obligations (e.g., regulatory requests, security requirements).

5. Data Storage and Retention
5.1 Storage of Uploaded Data
Your uploaded sleep recordings are stored locally and are not shared with third-party cloud providers.
You can delete your uploaded data at any time by using the deletion features provided via the API and webservice frontend.

5.2 Retention of Logs and Analysis Events
We retain logs and events produced by sleep analysis for statistical and research purposes in aggregated form. This data is never deleted but is anonymized and does not contain personal identifiers.

5.3 Account Deletion
When you delete your account, all your uploaded sleep recordings will be permanently deleted. However, logs of analysis events (without personal data) will be retained as outlined above.

6. Data Subject Rights
Under the GDPR, you have the following rights regarding your personal data:

Right to Access (Article 15): You can request access to the personal data we hold about you.
Right to Rectification (Article 16): You can request correction of inaccurate or incomplete personal data.
Right to Erasure (Article 17): You can request deletion of your personal data, including your uploaded recordings, at any time.
Right to Restrict Processing (Article 18): You may request restriction of data processing under certain conditions.
Right to Data Portability (Article 20): You can request to receive your data in a structured, commonly used format.
Right to Object (Article 21): You can object to certain types of data processing, such as for direct marketing.

You may exercise these rights by contacting us at [email protected].

7. Data Security
We implement appropriate technical and organizational measures to ensure a high level of security to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data during transmission
Local storage of sensitive data without third-party access
Use of firewalls and access control mechanisms

Despite these measures, no system is completely secure. If a data breach occurs, we will notify affected users in accordance with GDPR requirements.

8. Cookies and Tracking
We use cookies and similar tracking technologies to monitor the use of our website and ensure its functionality. The types of cookies used may include:

Essential cookies: Necessary for basic website functionality

9. Data Sharing
We do not share your personal data with third parties, except under the following circumstances:

Legal compliance: If required by law, we may disclose your data to government authorities.
Service providers: We may use third-party service providers, such as Cloudflare, for purposes such as DNS resolution, DDoS protection, and security monitoring. These providers may process limited personal data, such as IP addresses, for the purpose of ensuring the availability and security of our websites.

We do not sell or rent your personal data to third parties.

10. Data Transfers
Your personal data is never processed outside the EU/EEA.

11. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated "Version" & "Valid from" tags. We encourage you to review this policy regularly for any updates.

12. Contact Us
If you have any questions about this Privacy Policy or your data, please contact us:

youSleep.ai
Danish Center for Sleep Medicine, Rigshospitalet, Denmark
Email: [email protected]

Privacy Policy Amendment: Closed BETA Program Registration

Version 1 (latest)

Valid from 9/22/2024

This section applies to users registering for the youSleep.ai closed BETA program. In addition to the personal data described in the latest main privacy policy, we collect and process additional information for the purpose of evaluating and improving our service during the BETA phase.

1. Additional Data Collected
When registering for the closed BETA program, you will be asked to provide the following additional information:

Research or commercial organization details: The name of the organization you are affiliated with and, if applicable, your position within that organization.
Interest in testing: Information about why you are interested in testing the service, including your expected use cases and how you plan to utilize the service once it goes live.
Feedback and expectations: Any feedback you provide regarding the service during the BETA phase and your expectations for its performance and features.

2. Purpose and Legal Basis for Processing
The additional data collected during closed BETA registration is processed for the following purposes:

2.1 Performance of a Contract (Article 6(1)(b))
The processing of this additional data is necessary to allow us to provide you access to the closed BETA program and evaluate your eligibility for participation.

2.2 Legitimate Interest (Article 6(1)(f))
We process the additional information to improve and refine our service based on feedback from BETA participants, as well as to understand potential user needs and expectations when the service goes live.

2.3 Consent (Article 6(1)(a))
By voluntarily providing information about your research or commercial organization, as well as your interest in the service, you consent to the processing of this information for the purposes outlined above.

3. Data Retention for BETA Program Participants
We will retain the additional information collected during the BETA phase for the duration of the BETA program and for a reasonable period afterward, to ensure we can properly analyze feedback and improve the service. Once the BETA phase is complete, the data will either be deleted or anonymized.

4. Data Sharing
We do not share the additional data collected during the closed BETA registration with third parties, except as required by law or in compliance with the main terms of our privacy policy.

5. Rights of BETA Program Participants
In addition to the rights outlined in our main privacy policy, participants in the closed BETA program have the right to:

Withdraw from the BETA program at any time and request the deletion of any additional data provided during registration.
Request that we anonymize any feedback or input you provided during the program if you choose to discontinue your participation.

To exercise any of these rights, please contact us at [email protected].

6. Changes to This Amendment
This amendment may be updated as the BETA program progresses. Any changes will be communicated to participants directly, and the "Version" & "Valid from" tags will be revised accordingly.