Risely Privacy Policy

1. Information We Collect

We collect several categories of information depending on how you interact with Risely. We have organized these into the categories below.

1.1 Account and Profile Information

When you create a Risely account, we collect the information necessary to set up and maintain your account:

• Email address (if you register via email)
• Display name and avatar (optional)
• Authentication tokens from Google Sign-In or Apple Sign-In (if you choose those methods)
• A unique user ID and friend code assigned to your account
• Subscription tier and purchase history (managed through RevenueCat)

You may also use Risely as a guest without creating an account. In that case, a temporary anonymous identifier is assigned.

1.2 Sleep and Health Data

Risely's core purpose is to help you wake up and track your sleep. When you enable sleep tracking, we collect:

• Accelerometer and motion data:Your device's accelerometer is sampled during sleep to classify sleep stages (awake, light, deep, REM) and detect movement patterns.
• Sleep reports:Sleep start and end times, total duration, sleep stage breakdown, sleep quality score, and any notes or factors you record (e.g., caffeine, stress, exercise).
• Snoring detection data:If you enable snoring detection, we use your device's microphone to analyze audio locally on your device using machine learning. We record snoring intensity, average and peak decibel levels, and short audio clips that are stored only on your device. Raw audio is never transmitted to our servers.
• Wearable health data:If you connect a wearable device (Fitbit, Samsung Health, Whoop, Apple Watch via HealthKit, or Health Connect), we read sleep sessions, heart rate, blood oxygen saturation (SpO2), and heart rate variability (HRV) from those services via their respective APIs.

1.3 Device and Technical Information

We automatically collect certain technical information about your device:

• Device brand, model, and operating system version
• App version and build number
• Screen resolution, font scale, locale, and timezone
• Available memory, storage, and battery level (for diagnostics)
• Network connection type
• Advertising identifier (Google Advertising ID on Android, IDFA on iOS), subject to your device settings

1.4 Location Data

Risely may request access to your approximate or precise location solely to provide weather information on your alarm and “My Day” screens. Location data (latitude and longitude) is sent to our weather data provider, WeatherAPI.com, to retrieve local forecasts. If you decline location permission, weather features may use IP-based geolocation as a fallback. We do not store your location on our servers.

1.5 Camera and Sensor Data

Risely requests camera and sensor access only for specific alarm dismissal challenges:

• QR Code scanning:The camera reads QR codes you have registered. No images are stored or transmitted.
• Photo verification:The camera captures a selfie to verify you are awake using on-device face detection (ML Kit). The photo is not stored or transmitted and is discarded immediately after verification.
• Shake and step detection:The accelerometer and activity recognition sensor are used to detect shaking and steps. This data is processed locally and not stored.
• Voice challenges:The microphone and speech recognition are used to verify spoken phrases. Audio is processed on-device and not stored.

1.6 Usage and Analytics Data

When our beta analytics feature is enabled, we collect anonymized usage events to improve the App, including:

• Screen views and navigation patterns
• Feature activations (e.g., enabling snoring detection, connecting a wearable)
• Session duration and event counts
• Platform, app version, and a randomly generated session ID

We also use Sentry for crash and error reporting, which captures exception data, device context, and your user ID to help us diagnose and fix bugs.

1.7 Alarm and App Configuration Data

We store your alarm settings (times, labels, repeat days, dismissal challenge configurations, sound selections), app preferences, and Rise Score statistics. This data is synced to the cloud if you have an account, to allow cross-device access and backup.

1.8 Social and Competitive Features

If you use Risely's social features (friends, buddy system, streak battles, weekly challenges, leaderboards), certain data may be visible to other users based on your privacy settings:

• Display name and avatar
• Current streak and Rise Score (if you enable sharing)
• Last alarm time (if you enable sharing)
• Leaderboard rankings and challenge performance

You control what is shared through in-app privacy settings. By default, detailed alarm information is not shared.

2. How We Collect Information

2.1 Directly From You

When you create an account, configure alarms, enter sleep notes, connect wearables, or adjust privacy settings.

2.2 Automatically From Your Device

Sensor data (accelerometer, microphone, camera) is collected only when you actively initiate the relevant feature (sleep tracking, snoring detection, alarm dismissal challenges). Device and technical information is collected automatically to ensure app functionality.

2.3 From Third-Party Services

When you connect external services, we receive data from those providers:

• Fitbit, Whoop, Samsung Health, Apple HealthKit, Health Connect:Sleep, heart rate, SpO2, HRV data
• Google, Apple:Authentication tokens and basic profile information
• Google AdMob:Ad interaction and impression data
• RevenueCat:Subscription status and purchase verification

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide core functionality:Schedule and trigger alarms, process dismissal challenges, track sleep, and generate sleep reports and Rise Scores.
• Personalize your experience:Offer AI-powered sleep coaching (via Google Gemini, premium feature), display weather, daily horoscope, and tailored wellness tips.
• Cloud sync and backup:Synchronize your alarms, settings, sleep reports, and statistics across devices.
• Social features:Enable friends, buddy systems, streak battles, leaderboards, and shared sleep sound mixes.
• Improve the App:Analyze usage patterns, diagnose crashes, and fix bugs through analytics and error reporting.
• Display advertising:Serve ads to free-tier users through Google AdMob. Premium subscribers do not see ads.
• Process payments:Manage subscriptions and in-app purchases through RevenueCat and platform billing (Google Play, App Store).
• Smart home integration:Communicate with connected smart lights (Philips Hue, LIFX, Govee) and IFTTT webhooks to automate your wake-up routine.
• Communicate with you:Respond to support requests and send important service-related notices.

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

4.1 Service Providers

We engage trusted third-party companies to perform services on our behalf (hosting, analytics, crash reporting, payment processing, ad serving). These providers access your data only to perform tasks for us and are contractually obligated to protect it.

4.2 Third-Party Integrations You Authorize

When you connect wearables, smart home devices, or sign in with Google/Apple, data flows between Risely and those services as described in Section 5. These integrations are always initiated by you and can be disconnected at any time.

4.3 Social Features

If you participate in friends, buddy, or competitive features, certain data (display name, avatar, streak, Rise Score) may be visible to other Risely users, subject to your privacy settings.

4.4 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

5. Third-Party Services and SDKs

Risely integrates with the following third-party services. Each has its own privacy policy governing its use of data. We encourage you to review them.

6. Data Retention

We retain your information for the periods outlined below, unless a longer retention is required by law:

When data is no longer needed, we delete or anonymize it. Local data stored on your device is under your control and can be cleared by uninstalling the App or clearing app storage.

7. Data Security

We implement industry-standard measures to protect your information:

• All network communications use HTTPS/TLS encryption in transit.
• Sensitive tokens (OAuth, API keys) are stored using the device's secure keychain (iOS Keychain, Android Keystore).
• Our backend enforces Row Level Security (RLS), ensuring users can only access their own data.
• Audio data from snoring detection is processed entirely on-device and is never transmitted over the network.
• Photo verification images are discarded immediately after on-device face detection and are never stored or uploaded.

While we strive to use commercially acceptable means to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

8.1 Access and Portability

You may request a copy of the personal information we hold about you. Sleep reports and alarm data are accessible directly through the App.

8.2 Correction

You may update your display name, avatar, and other profile information directly within the App.

8.3 Deletion

You may request deletion of your account and associated data by contacting us at [email protected]. Upon deletion, we will remove your data from our active systems within 30 days, except where retention is required by law.

8.4 Opt-Out of Advertising Tracking

You can limit ad personalization through your device settings:

• Android: Settings > Privacy > Ads > Delete advertising ID
• iOS: Settings > Privacy & Security > Tracking > Disable “Allow Apps to Request to Track”

8.5 Withdraw Consent

You may withdraw consent for optional data collection (location, microphone, camera, wearables) at any time by revoking the relevant permissions in your device settings or disconnecting integrations within the App.

8.6 Manage Social Visibility

In-app privacy settings allow you to control whether your streak, Rise Score, last alarm time, and other data are visible to friends or on leaderboards.

9. International Data Transfers

Two Player Labs LLC is based in the United States. If you use Risely from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate. By using the App, you consent to the transfer of your information to the United States and other jurisdictions that may not have equivalent data protection laws.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms, to ensure adequate protection for cross-border data transfers.

10. Children's Privacy

Risely is not directed at children under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children under these ages. If we learn that we have collected personal information from a child under the applicable minimum age without verified parental consent, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] so we can take appropriate action.

11. California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.

11.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

11.2 Your CCPA/CPRA Rights

• Right to Know:You may request details about the categories and specific pieces of personal information we have collected.
• Right to Delete:You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct:You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing:We do not sell your personal information. We share information with advertising partners (Google AdMob) for cross-context behavioral advertising. You may opt out of this sharing via device ad tracking settings.
• Right to Limit Use of Sensitive Data:You may limit our use of sensitive personal information (health data, precise geolocation) to what is necessary to provide the services.
• Right to Non-Discrimination:We will not discriminate against you for exercising any of these rights.

To exercise these rights, contact us at [email protected]. We will verify your identity before fulfilling your request.

12. European Economic Area, UK, and Switzerland (GDPR)

12.1 Data Controller

Two Player Labs LLC is the data controller for the personal data processed through Risely. Contact: [email protected].

12.2 Legal Bases for Processing

We process your personal data on the following legal bases:

12.3 Your GDPR Rights

If you are located in the EEA, UK, or Switzerland, you have the following rights:

• Access:Request a copy of your personal data.
• Rectification:Request correction of inaccurate data.
• Erasure (“Right to be Forgotten”):Request deletion of your data in certain circumstances.
• Restriction:Request that we limit processing of your data.
• Data Portability:Receive your data in a structured, machine-readable format.
• Object:Object to processing based on legitimate interests, including profiling.
• Withdraw Consent:Withdraw consent at any time without affecting the lawfulness of prior processing.
• Lodge a Complaint:File a complaint with your local Data Protection Authority.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (extendable by 60 days for complex requests).

12.4 Special Category Data

Sleep and health-related data (sleep stages, heart rate, SpO2, HRV, snoring data) may constitute special category data under GDPR Article 9. We process this data only with your explicit consent, which you provide by enabling sleep tracking, snoring detection, or connecting a wearable device. You may withdraw consent at any time.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the App's features. When we make material changes, we will notify you by posting the updated policy within the App and updating the “Last Updated” date at the top. For significant changes, we may also provide additional notice, such as an in-app notification. Your continued use of Risely after the effective date of the updated policy constitutes acceptance of the changes.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact your local Data Protection Authority.

End of Privacy Policy