Skip to content
Snora

Privacy Policy

Your sleep, rhythm, and Wake Confidence data stay on your device. We keep only the minimal account data the Service needs — and we never sell it.

Version: 1.0 Effective date: [HITL: EFFECTIVE DATE, e.g. 2026-07-01] Last updated: [HITL: EFFECTIVE DATE] Applies to: the Snora mobile application (iOS and Android) and the Snora companion web application at snora.app (together, the "Service").

1. Who we are

Snora is operated by [HITL: LEGAL ENTITY NAME], a company established under the laws of the Republic of Korea, located at [HITL: REGISTERED ADDRESS] ("Snora," "we," "us," or "our"). We are the controller of the limited personal data described in this Policy.

For any privacy question or request, contact us at support@snora.app or through snora.app.

2. Our privacy approach in one paragraph

Snora is designed to keep your most personal information on your device. Your sleep logs, your wake/bedtime rhythm, your Wake Confidence status, and any condition tags you choose to add never leave your device and are never sent to our servers. We only store a minimal set of account-related data on our backend — and only if and when you use features that require it (such as syncing or a paid subscription). We do not use advertising trackers, we do not sell your data, and we do not build advertising profiles.

3. What stays only on your device (we never receive this)

The following data is created, processed, and stored locally on your device, in encrypted form, and is never transmitted to Snora's servers:

  • Sleep logs and timing data you record or that the app derives locally.
  • Rhythm / regularity data (your wake and bedtime patterns over time).
  • Wake Confidence computations — the Safe / Caution / Risk status and the inputs used to compute it.
  • Condition tags you optionally tap (for example, "stress" or "caffeine").
  • Any sound or voice analysis the app may perform in the future — if introduced, it is processed entirely on-device and is not transmitted to us.

Because this data is on-device only, we cannot access it, retrieve it, or provide a copy of it — it is under your control. You can erase all of it by deleting the app data or uninstalling the app (see Section 11).

4. What we collect on our backend (only as needed for the Service)

We use Supabase as our backend infrastructure provider. We collect and store the following limited data only when you sign in or use a feature that requires it:

DataWhat it isWhy we collect it
Account identifierAn anonymous user ID by default. You may optionally upgrade your account by adding an email address or signing in with a third-party OAuth provider.To create and identify your account so settings/entitlements can sync across the mobile and web apps.
Consent recordsAn append-only ledger recording which optional data permissions you granted and when (timestamps).To keep an accurate, auditable record of your choices and to honor them.
Subscription / entitlement statusYour tier (free / plus / pro) and whether an entitlement is active.To grant access to paid features (when paid tiers launch) and apply access control.

We do not collect or store, on our servers: your sleep logs, rhythm data, Wake Confidence data, condition tags, health data, precise location, contacts, browsing history, or advertising identifiers.

Anonymous accounts

If you never add an email or use OAuth, your account identifier is an anonymous ID that does not, by itself, identify you as a natural person. If you later add an email or use OAuth, that identifier becomes linked to you, and this Policy's rights and protections apply to it.

5. Permissions the app requests

Snora requests only the permissions it needs to function. All are optional except notifications:

  • Notifications — required to ring alarms. Without this, the core alarm function cannot work.
  • Exact alarm scheduling (Android) and battery-optimization exemption (Android) — requested so that alarms fire at the scheduled time and are not delayed or suppressed by the operating system's power-saving behavior.
  • Health-data consent (optional) — requested only if you choose to use optional condition tags. Any health-related input you provide is treated as on-device data (Section 3) and is not sent to our servers. You can decline this and still use the app's core features.

We do not request precise location, contacts, microphone for surveillance, or any advertising permission.

6. How we use data

We use the limited backend data in Section 4 only to:

  • create, authenticate, and operate your account;
  • sync your settings and entitlements between the mobile and web apps;
  • record and honor your consent choices;
  • determine and apply your subscription entitlements and access control;
  • detect, prevent, and address security issues, fraud, abuse, or technical problems;
  • comply with legal obligations.

We do not use any data for advertising, behavioral tracking, cross-app profiling, or to make automated decisions producing legal or similarly significant effects about you. We never sell your personal information.

7. Legal bases for processing (GDPR / EEA, UK)

Where the EU/UK General Data Protection Regulation applies, we rely on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)) — to create and operate your account, sync your settings/entitlements, and provide subscription access you request.
  • Consent (Art. 6(1)(a)) — for optional permissions and optional data (e.g., health-data consent for condition tags). You may withdraw consent at any time (Section 9); withdrawal does not affect processing already carried out.
  • Legitimate interests (Art. 6(1)(f)) — to keep the Service secure, prevent abuse, and maintain an accurate consent ledger, balanced against your rights.
  • Legal obligation (Art. 6(1)(c)) — where we must retain or disclose data to comply with law.

Optional health-related inputs, if any, are processed only on your device under your explicit consent and are not transmitted to us; we do not process special-category data on our servers.

8. Sharing and processors

We do not sell, rent, or trade your personal data, and we do not share it with advertisers or data brokers. We use the following service providers, who process data on our behalf and under contract, only to provide the Service:

  • Supabase — our backend infrastructure (database/auth) provider, acting as our processor. It hosts the limited account, consent, and entitlement data described in Section 4. It is contractually bound to process this data only on our instructions.
  • Apple (App Store) and Google (Google Play) — when paid tiers launch, in-app purchases are processed by the app stores' billing systems. We never receive your card or payment-method details. We receive only a store receipt / transaction identifier to grant your entitlement. Apple and Google process your payment data as independent controllers under their own privacy policies.

We may also disclose data if required by law, legal process, or a lawful government request, or to protect the rights, safety, or property of users, the public, or Snora.

9. Your rights

Subject to applicable law, you have the right to:

  • Access the backend data we hold about your account;
  • Correct inaccurate account data;
  • Delete your backend account data ("right to erasure");
  • Withdraw consent for any optional permission at any time;
  • Object to or restrict certain processing;
  • Data portability — receive your backend account data in a portable format, where applicable;
  • Lodge a complaint with your data protection authority (in Korea, the Personal Information Protection Commission (PIPC); in the EEA/UK, your local supervisory authority).

On-device data (Section 3) is under your direct control — you exercise your "delete" right over it by clearing app data or uninstalling, since we cannot access it.

California residents (CCPA/CPRA)

We do not sell or "share" (as defined under the CPRA) personal information, and we do not use it for cross-context behavioral advertising. California residents have the right to know, delete, correct, and to non-discrimination for exercising these rights. Because we do not sell or share, no "Do Not Sell or Share" action is required, but you may still contact us to exercise your rights.

To exercise any right, email support@snora.app. We will verify your request reasonably (for anonymous accounts, this may require information that links you to the account) and respond within the period required by applicable law.

10. International data transfers

Snora is operated from the Republic of Korea, and our processor (Supabase) may store and process backend data on servers located outside your country, including outside the EEA/UK. Where we transfer personal data internationally, we rely on appropriate safeguards, such as Standard Contractual Clauses or an equivalent lawful transfer mechanism, and we limit transferred data to the minimal account/consent/entitlement data described in Section 4. Your on-device data is not transferred because it never leaves your device.

<!-- [HITL: confirm Supabase hosting region + transfer mechanism] -->

11. Data retention

  • On-device data: retained on your device until you delete it. You can remove it by clearing app data or uninstalling the app; uninstalling deletes the locally stored, on-device data.
  • Backend account data (account identifier, consent records, entitlement status): retained while your account is active and as needed to provide the Service. When you request deletion, or after a reasonable period of inactivity, we delete or de-identify it, except where we must retain certain records to comply with legal obligations (for example, tax/transaction records related to subscriptions) or to resolve disputes. Consent records may be retained as a legal record of your prior choices for the minimum period required.

12. Security

We use reasonable technical and organizational measures appropriate to the limited data we hold, including:

  • On-device encryption of locally stored sleep/rhythm/Wake Confidence/condition data;
  • Row-Level Security (RLS) on our backend so that account, consent, and entitlement records are accessible only to the corresponding account;
  • access controls and transport encryption (TLS) for data in transit to our backend;
  • data minimization — we deliberately keep sensitive data off our servers.

No method of storage or transmission is completely secure, and we cannot guarantee absolute security.

Data protection officer / privacy contact (Korea, PIPA §31)

In accordance with the 개인정보보호법 (Personal Information Protection Act) §31, we have designated a person responsible for personal-information protection and for handling your privacy inquiries and complaints:

  • Privacy Officer: [HITL: NAME / TITLE]
  • Contact: support@snora.app (please mark your message "Privacy")

You may direct any question, request, or complaint about your personal data to this contact, and you may also lodge a complaint with the Personal Information Protection Commission (PIPC) (Section 9).

Security-incident notification (PIPA §34)

If we become aware of a breach affecting personal data we hold on our backend, we will notify affected users and report to the competent authorities (in Korea, the Personal Information Protection Commission and the Korea Internet & Security Agency (KISA)) within the time and in the manner required by applicable law. Because your sleep, rhythm, Wake Confidence, and condition data are stored only on your device and never sent to us, they are not affected by any breach of our backend.

13. Children

Snora is not directed to children. During onboarding, the app presents a self-attested age gate (14 or older). We do not knowingly collect personal data from anyone under the applicable minimum age (14 in Korea; 13 under COPPA in the United States; 16 or the lower age set by a member state under the GDPR). If you believe a child under the applicable age has provided us data, contact support@snora.app and we will delete it.

14. Changes to this Policy

We may update this Policy from time to time. If we make a material change, we will provide notice through the app or at snora.app at least 7 days before it takes effect, and where the change is unfavorable to you or where required by law, at least 30 days in advance. The "Last updated" date reflects the latest version. Continued use after the effective date constitutes acceptance, to the extent permitted by law.

15. Contact

[HITL: LEGAL ENTITY NAME] [HITL: REGISTERED ADDRESS] Email: support@snora.app Web: snora.app

If you are in the EEA/UK and we are required to designate a representative, that information will be provided here. [HITL: confirm whether an EU/UK Art. 27 representative is required given user base; add if so.]

Change history — v1.0 ([HITL: EFFECTIVE DATE]): Initial publication.