SLTR Digital LLC ("Company," "we," "us," or "our") operates the DriftLab mobile application (the "App" or "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. Please read this Privacy Policy carefully. By using DriftLab, you consent to the data practices described in this policy.
The short version: DriftLab never records, stores, or transmits raw audio. All audio processing happens on your device. We never sell your data. HealthKit data is never used for advertising. You control everything.
(a) Account Information: email address, name, and password when you create an account.
(b) Profile Preferences: bedtime goals, wake goals, temperature unit preference, thermostat setting, sensitivity level, partner presence default, and other sleep preferences.
(c) Experiment Data: configurations for sleep experiments you create or participate in.
(a) Audio Metering Data: ambient noise levels measured in decibels (dB), noise event timestamps, event duration, event severity, and detection confidence scores. NO raw audio is collected, stored, or transmitted. All audio processing occurs on your device.
(b) Sensor Data: ambient light levels (Android only), accelerometer readings for motion detection, barometric pressure readings.
(c) Device Information: device type, operating system version, app version, timezone, and general device identifiers necessary for service operation.
(d) Usage Data: app interaction patterns, feature usage, session start and end times, content played, and content completion rates.
If you choose to enable Apple HealthKit integration, we may access the following data types with your explicit per-type permission:
(a) Heart rate and heart rate variability (HRV)
(b) Blood oxygen saturation (SpO2)
(c) Skin temperature (wrist temperature deviation from baseline)
(d) Respiratory rate
(e) Sleep analysis data (sleep stages: awake, REM, core, deep)
(f) Wrist motion and movement data
(g) Sleep apnea events and hypertension alerts (where available on device)
(h) Additional health data types as they become available through Apple HealthKit, subject to your explicit approval
HealthKit data is NEVER used for advertising, marketing, or data mining purposes. This data is used exclusively to provide you with sleep insights and environment-to-body correlation analysis.
(a) Estimated Temperature: derived from device barometer sensor and/or user-provided thermostat settings. Clearly labeled as "Estimated" in the App.
(b) Estimated Humidity: derived from local weather API data for your general geographic area. Clearly labeled as "Estimated" in the App.
These estimates are approximations and may not reflect actual room conditions.
We use the information we collect to:
(a) Provide, maintain, and improve the Service, including generating sleep reports, Rest Scores, trends, patterns, and personalized recommendations.
(b) Correlate environment events (noise, light, motion) with body metrics (heart rate, sleep stages) when HealthKit data is available, to provide cause-and-effect sleep insights.
(c) Personalize your experience, including recommending wind-down routines based on your historical sleep data.
(d) Process subscription payments and manage your account.
(e) Send you service-related communications, including updates, security alerts, and support messages.
(f) Monitor and analyze usage trends to improve the App's functionality and user experience.
(g) Detect, investigate, and prevent fraudulent transactions and other illegal activities.
(h) Comply with legal obligations.
3.1 Audio Data. DriftLab processes audio exclusively on your device. Raw audio is never stored, transmitted, or accessible to SLTR Digital LLC or any third party. Only derived numeric data (dB levels, timestamps, event metadata) leaves your device.
3.2 HealthKit Data. HealthKit data is read locally on your device. Derived insights (correlations, summaries) may be transmitted to our servers for storage and trend analysis. Raw HealthKit samples are not transmitted unless necessary to provide the Service, and are always encrypted in transit.
3.3 Infrastructure. We use Amazon Web Services (AWS) for our backend infrastructure. Data is encrypted at rest using AWS Key Management Service (KMS) and encrypted in transit using TLS 1.3. Access to production databases is restricted through Virtual Private Cloud (VPC) configurations, AWS Identity and Access Management (IAM) policies, and Cognito-based authentication.
3.4 Data Retention. We retain your personal data for as long as your account is active or as needed to provide the Service. Sleep session data, environment events, and derived insights are retained for the duration of your account. Upon account deletion, we will delete or anonymize your personal data within thirty (30) days, except where retention is required by law.
We do not sell, rent, or trade your personal information to third parties. We may share your information in the following limited circumstances:
4.1 Service Providers. We may share information with third-party service providers who perform services on our behalf, including cloud hosting (AWS), payment processing, analytics, and customer support. These providers are contractually obligated to use your data only as directed by us and in accordance with this Privacy Policy.
4.2 Legal Requirements. We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
4.3 Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice within the App of any change in ownership or uses of your personal information.
4.4 Aggregated or De-identified Data. We may share aggregated or de-identified data that cannot reasonably be used to identify you for research, analysis, or business purposes.
You have the right to request access to the personal data we hold about you and to receive a copy of your data in a structured, commonly used, and machine-readable format.
You have the right to request correction of inaccurate personal data we hold about you.
You have the right to request deletion of your personal data. You may delete your account through the App or by contacting us at privacy@mydriftlab.com. Upon deletion, we will remove your data within thirty (30) days, except where retention is required by law.
You may opt out of non-essential communications by adjusting your notification preferences in the App or by contacting us.
You may revoke DriftLab's access to any or all HealthKit data types at any time through your device's Health settings (Settings > Health > Data Access & Devices). Revoking access will disable features that rely on that data but will not affect other App functionality.
You may revoke microphone access at any time through your device settings. Revoking microphone access will disable the sleep monitoring feature.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
(a) Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
(b) Right to Delete: You may request deletion of your personal information.
(c) Right to Correct: You may request correction of inaccurate personal information.
(d) Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
(e) Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
To exercise these rights, contact us at privacy@mydriftlab.com or through the App. We will respond within forty-five (45) days.
Your information may be transferred to and processed in the United States, where our servers are located. If you are located outside the United States, please be aware that data protection laws in the United States may differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States.
DriftLab is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe a child under 13 has provided us with personal information, please contact us at privacy@mydriftlab.com.
The App may contain links to third-party websites or services, including but not limited to app stores, payment processors, and analytics providers. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through the App.
The DriftLab mobile application does not use cookies. We may use mobile analytics tools (such as PostHog) to collect usage data for the purpose of improving the Service. These tools may use device identifiers but do not track you across other applications or websites.
We reserve the right to update this Privacy Policy at any time. We will notify you of material changes by posting updated policy within the App, updating the "Effective Date" above, and, where appropriate, sending you an email notification. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
SLTR Digital LLC
Email: privacy@mydriftlab.com
Website: https://mydriftlab.com
For California residents: You may also submit requests via the methods described in Section 6.