1. Who we are

Somnaro is a sleep therapy application developed and operated by Somnaro Pty Ltd ("Somnaro," "we," "us," or "our"). We are based in Australia. This Privacy Policy applies to the Somnaro iOS application and the website somnaro.com.

If you have questions about this policy, contact us at privacy@somnaro.com.

2. The short version

• We collect only the data needed to make the app work for you
• Your sleep diary entries are encrypted on your device
• We never sell your personal data or health data to anyone
• We never use your data for advertising purposes
• We never share your health data with third parties except as required to operate the service (listed below)
• You can export or delete all your data at any time from within the app
• We do not use third-party advertising trackers inside the app

3. Data we collect

3.1 Account data

When you create a Somnaro account, we collect your first name and email address. This is used to identify your account, send you important service notifications, and enable account recovery.

3.2 Sleep diary data

The core of Somnaro is your sleep diary. This includes: bedtime, lights-out time, sleep onset time, number of night wakings, time awake during wakings, final wake time, out-of-bed time, subjective sleep quality, restedness, night sweat severity, hot flash count, and optional free-text notes.

This data is stored in your account on our secure servers (Supabase, hosted on AWS) and is used solely to power your CBT-I programme, AI coaching, and GP-ready reports. It is never used for advertising or shared with third parties for marketing.

3.3 Evening check-in data

Your evening check-in captures: daytime hot flash count, anxiety level, energy level, stress level, alcohol consumption (yes/no), caffeine after 2pm (yes/no), exercise (yes/no), HRT adherence (yes/no), and an optional note.

3.4 Hormonal profile data

During onboarding and in Settings, you provide your hormonal context: menstrual cycle status, HRT status, and sleep problem type. This is used to personalise the CBT-I programme and AI coaching.

3.5 ISI questionnaire data

Your Insomnia Severity Index (ISI) scores — collected at onboarding, week 4, and week 7 — are stored and used to track your progress through the programme.

3.6 Apple Health data (optional)

If you grant permission, Somnaro reads sleep analysis, heart rate variability, and resting heart rate data from Apple Health. This data is used only to pre-fill portions of your morning diary and is never stored on our servers — it is processed on-device only. You can revoke this permission at any time in your iPhone's Health app settings.

3.7 Subscription data

Subscription purchases are processed entirely by Apple through the App Store. We receive a subscription status confirmation from Apple but never see your payment card details, billing address, or financial information.

3.8 Technical data

We collect basic technical data for app stability: app version, iOS version, crash reports, and anonymised usage analytics (which screens are visited, how long sessions last). This data is not linked to your identity and is used solely to improve the app.

4. How we use your data

• To provide and operate the Somnaro sleep therapy service
• To personalise your CBT-I programme based on your diary data
• To generate AI coaching notes using your sleep patterns
• To generate your GP-ready sleep progress report
• To calculate your sleep efficiency and track your ISI score
• To send service notifications (diary reminders, programme session unlocks)
• To improve app stability and fix bugs
• To comply with legal obligations

We do not use your data for: advertising, profiling, sale to third parties, or any purpose not listed above.

No tracking: Somnaro does not track you across other companies' apps or websites. We do not use your data for cross-app advertising, and we do not share your data with data brokers, advertising networks, or any third party for marketing or tracking purposes. Apple's App Tracking Transparency framework is not triggered by Somnaro because we do not engage in tracking as defined by Apple.

5. AI coaching and data processing

Somnaro's AI coaching features use your sleep diary data to generate personalised coaching notes, weekly insights, and monthly summaries. This processing involves sending your anonymised diary data to our AI provider (Anthropic) via a secure API. Anthropic processes this data only to generate the coaching response and does not retain it for training or any other purpose under our enterprise data processing agreement.

Your name and email address are never sent to the AI provider. Only anonymised sleep metrics are used.

AI-generated content disclosure: All coaching notes, weekly insights, and monthly summaries delivered within Somnaro are generated by an artificial intelligence model and are clearly labelled as AI-generated within the app. These responses are not reviewed by a human before delivery and do not constitute medical advice. Somnaro does not use AI to make automated decisions that have legal or similarly significant effects on users.

6. Data sharing

We share your data with the following service providers, solely to operate Somnaro:

• Supabase (database hosting) — Your account and diary data is stored on Supabase infrastructure hosted on AWS in the United States. Supabase is GDPR-compliant and operates under appropriate data transfer safeguards.
• Anthropic (AI processing) — Anonymised diary data is sent to Anthropic's API to generate coaching responses. No personally identifiable information is shared.
• Apple (App Store, subscriptions, notifications) — Apple processes subscription payments and delivers push notifications. Apple's Privacy Policy applies to their processing.

We do not share your data with any other third parties. We do not sell your data. We do not use advertising networks or data brokers.

7. Health data — special protections

Sleep diary data, hormonal health information, and ISI scores constitute health data under applicable privacy laws. We apply the following additional protections to this data:

• Health data is never used for advertising purposes
• Health data is never sold to third parties under any circumstances
• Health data is never shared with insurance companies, employers, or government entities except as required by law
• Sleep diary entries are encrypted at rest
• Access to health data is restricted to Somnaro personnel who require it to operate the service

8. Data retention

We retain your account and diary data for as long as your account is active. If you delete your account, all associated data is permanently deleted from our systems within 30 days. Anonymised, aggregated analytics data (which cannot be linked to you) may be retained for up to 24 months.

9. Your rights

You have the following rights regarding your personal data:

• Access — You can export all your data at any time from Settings → Data & Privacy → Export data
• Deletion — You can delete your account and all associated data from Settings → Data & Privacy → Delete account
• Correction — You can update your personal information in the app at any time
• Portability — Your data export is provided in a machine-readable format
• Objection — You can contact us to object to any processing of your data

For data subject requests, contact us at privacy@somnaro.com. We respond within 30 days.

10. Children's privacy

Somnaro is designed for adults aged 18 and over and is specifically targeted at women experiencing perimenopause and menopause. We do not knowingly collect data from anyone under 18. If you believe a child has created an account, contact us at privacy@somnaro.com and we will delete it immediately.

11. International users

Somnaro is operated from Australia and primarily serves users in Australia, the United States, and the United Kingdom. By using Somnaro, you consent to the transfer and processing of your data in Australia and the United States. We apply appropriate data transfer safeguards for users in the European Economic Area and the United Kingdom, including Standard Contractual Clauses where required.

12. Security

We implement industry-standard security measures including: encryption of data at rest and in transit (TLS 1.3), access controls limiting who can access your data, regular security reviews, and incident response procedures. However, no system is completely secure. In the event of a data breach affecting your personal data, we will notify you in accordance with applicable law.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Continued use of Somnaro after changes take effect constitutes acceptance of the revised policy.

14. App Store privacy nutrition label

Apple requires us to disclose our data practices in the App Store. The following summarises what is declared in our App Store privacy label:

• Data linked to your identity: Name, email address, sleep diary data (sleep times, efficiency, night sweats, hot flashes), hormonal health information (cycle status, HRT status), ISI questionnaire responses, evening check-in data, optional diary notes — used for app functionality and product personalisation
• Data not linked to your identity: Crash data, anonymised usage analytics (screens visited, session duration) — used for app stability and improvement
• Data used for tracking: None. Somnaro does not use any data for tracking purposes.
• Apple Health data: Processed on-device only if permission is granted. Sleep analysis, heart rate variability, and resting heart rate are read from HealthKit to pre-fill diary fields. This data is never uploaded to our servers.

The full App Store privacy label is visible on Somnaro's App Store product page.

15. Apple HealthKit

If you grant permission, Somnaro accesses the following Apple HealthKit data types: Sleep Analysis (HKCategoryTypeIdentifierSleepAnalysis), Heart Rate Variability SDNN (HKQuantityTypeIdentifierHeartRateVariabilitySDNN), and Resting Heart Rate (HKQuantityTypeIdentifierRestingHeartRate).

This data is accessed solely to pre-fill portions of your morning sleep diary and is processed entirely on your device. HealthKit data is never transmitted to Somnaro's servers, never shared with third parties, and never used for advertising or marketing purposes. You can revoke HealthKit access at any time in iPhone Settings → Privacy & Security → Health → Somnaro.

In accordance with Apple's HealthKit guidelines, Somnaro does not use HealthKit data for any purpose other than providing the sleep diary pre-fill functionality described above.