Section 01
Introduction and scope
REMdi is a consumer iOS sleep optimization app designed to help users wake at a more optimal point in their sleep cycle using sleep and wellness data. REMdi is a general wellness product. It is not a medical device and is not intended to diagnose, treat, cure, monitor, or prevent any disease or medical condition.
This Privacy Policy explains how REMdi collects, uses, stores, protects, and deletes personal data when you use the REMdi app, create an account, connect supported wearables or accounts, visit remdiapp.com, contact us, or otherwise interact with REMdi.
This Privacy Policy applies to the REMdi iOS app, remdiapp.com, and related customer support communications. It does not govern the privacy practices of Apple, Google, Oura, WHOOP, or other third parties that have their own privacy notices.
Section 02
Who controls your data
REMdi is operated by the REMdi team. You can reach us at hello@remdiapp.com.
You can contact us about privacy, data rights, or complaints at hello@remdiapp.com. Under certain laws, you may also have the right to complain to your local data protection or privacy regulator. EEA users may lodge a complaint with the supervisory authority in the Member State of their habitual residence, place of work, or the place of the alleged infringement.
Section 03
The data we collect
Account and identity data. We collect your first name, email address, account identifiers, and sign-in credentials or tokens needed to operate Sign in with Apple or, if you choose it, Sign in with Google.
Sleep and wellness data. Depending on the features you use and the connections you enable, we collect or process sleep stages, HRV, heart rate, readiness scores, alarm interaction history, and chronotype information that REMdi derives from sleep-related data.
Device and technical data. We collect your device type and limited technical and account data needed to provide, secure, and troubleshoot the app.
Onboarding and user-provided data. We collect information you enter directly during onboarding or later in the app.
Subscription and support data. Your subscription is purchased through Apple's in-app purchase system. We may receive limited subscription-status or transaction-related information needed to confirm your entitlement, provide support, and maintain your account. We do not receive or store your full payment card number.
Sensitive data. Some data processed by REMdi — including sleep, heart rate, HRV, readiness, and similar wellness signals — may be considered health or other sensitive personal data under certain laws. We treat that data with heightened care.
Section 04
How we collect your data
We collect data in four main ways:
- Directly from you, including when you create an account, complete onboarding, contact support, or adjust settings.
- From Apple sign-in services, if you use Sign in with Apple.
- From connected third-party services you choose to link, including the Oura API and the WHOOP API, which connect through OAuth 2.0 and only after you authorize the connection.
- From Apple HealthKit on your device, if you grant HealthKit permission. REMdi's HealthKit access is designed to operate on-device only.
We also create limited derived information — such as chronotype, readiness-related outputs, and alarm optimization signals — from the data you provide or authorize us to access. REMdi does not use this analysis to make legal decisions or similarly significant decisions about you.
Section 05
Why we use your data
We use personal data only for the following purposes:
- To provide the REMdi service, including sleep-cycle analysis, alarm timing, chronotype estimation, readiness-related features, and account functionality.
- To authenticate you and maintain the security of your account.
- To import data from Oura or WHOOP when you choose to connect those services.
- To process onboarding inputs and personalize the app experience.
- To confirm your subscription status and provide customer support.
- To protect the app, investigate bugs, prevent abuse, maintain service integrity, and comply with applicable law.
We do not use your personal data for advertising, targeted advertising, brokered data products, or cross-context behavioral advertising. We do not sell your personal data.
Section 06
Legal bases for processing
If you are in the EEA, UK, or another jurisdiction that requires a legal basis for processing, REMdi relies on the following bases, as applicable:
- Consent. We rely on your consent, and where required your explicit consent, to access and process sleep and wellness data, including connected-wearable data and other health-related data, and to process optional integrations you choose to enable.
- Contract. We process account, authentication, support, and service-operation data as necessary to provide REMdi to you and perform our contract with you.
- Legitimate interests. Where permitted by law, we process limited data for security, fraud prevention, debugging, abuse detection, and service reliability, provided those interests are not overridden by your rights and interests.
Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect processing that already occurred before withdrawal. If you withdraw consent for data that is necessary to REMdi's core operation, some features may stop working.
Section 07
HealthKit-specific notice
If you grant REMdi access to Apple HealthKit, REMdi uses that HealthKit data only to provide REMdi's sleep and wellness features to you.
- REMdi does not use HealthKit data, or information obtained through HealthKit, for advertising, marketing, or use-based data mining.
- REMdi does not sell, rent, broker, or share HealthKit data with advertising platforms, data brokers, or information resellers.
- REMdi does not disclose HealthKit data to third parties without your prior express consent, and then only to provide health or fitness-related services you request or enable.
Based on REMdi's current design, HealthKit access is on-device only. If that design changes in the future, REMdi will obtain any required permissions and update this Privacy Policy before the change takes effect.
Section 08
Who we share your data with
REMdi does not sell your personal data and does not share personal data with third parties for their own advertising or marketing purposes.
REMdi does disclose data in the following limited situations:
- Service providers acting on our behalf. We use Supabase hosted on AWS for backend hosting, storage, and database services. These providers process data only to provide infrastructure and related services to REMdi.
- Identity providers you choose. If you use Sign in with Apple or Sign in with Google, the relevant provider processes the authentication information needed to sign you in.
- Connected integrations you choose. If you connect Oura or WHOOP, the relevant provider will send REMdi data and connection information that you have authorized.
- Apple subscription processing. Apple processes your in-app purchases under Apple's own terms and privacy practices.
- Legal reasons. We may disclose limited data if required by law, court order, or binding legal process, or where necessary to protect rights, security, or the integrity of REMdi.
We require processors and service providers to protect personal data and use it only for the services they provide to REMdi, not for their own unrelated purposes.
Section 09
How we store and protect your data
REMdi stores server-side data using Supabase hosted on AWS. We use encryption in transit and at rest, account authentication controls, and user-level access restrictions intended to prevent one user from accessing another user's data.
We apply the principle of data minimization and privacy by design, meaning we try to collect only the data needed for the features you choose to use and to restrict access by default.
No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If REMdi experiences a breach that triggers legal notice obligations, we will provide notice as required by applicable law.
Section 10
International transfers
REMdi operates internationally. Depending on where you are located, your data may be processed in the United States and other countries where REMdi or its service providers operate infrastructure.
Where applicable law requires safeguards for international transfers, REMdi will rely on an appropriate transfer mechanism and technical and organizational safeguards.
If you are in Brazil, international transfers are subject to the LGPD and ANPD's transfer rules. If you are in Canada, cross-border transfers remain subject to applicable Canadian privacy obligations.
Section 11
Data retention
REMdi keeps personal data only for as long as reasonably necessary to provide the service, fulfill the purposes described in this Privacy Policy, resolve disputes, enforce agreements, protect the service, and comply with legal obligations.
- Account profile data is kept while your account is active.
- Sleep and wellness data stored in REMdi's backend is kept while your account is active so the app can provide history, patterns, and alarm optimization.
- OAuth connection data and tokens are kept until you disconnect the integration, revoke access, or delete your account.
- Security logs and abuse-prevention records may be retained for up to 12 months.
- Limited billing, tax, accounting, and legal-compliance records may be retained for longer where required by law.
If you delete your account, REMdi will delete or de-identify your personal data from active systems within 30 days. Data may remain in encrypted backups for up to 90 days before routine overwrite or deletion.
If an account remains inactive for 24 months and there is no active subscription or legal need to retain the data, REMdi may delete or de-identify associated data after giving notice where reasonably feasible.
Section 12
Your rights and choices
Depending on where you live, you may have the right to request access to your personal data, correct inaccurate data, delete data, withdraw consent, restrict or object to certain processing, and request a portable export of data you provided to us.
GDPR and similar-law rights. If you are in the EEA or another jurisdiction with similar rights, you may request access, rectification, erasure, restriction, and portability of eligible data, and you may object to processing based on legitimate interests where applicable. You also have the right to lodge a complaint with a supervisory authority.
California rights. If you are a California resident and the CCPA applies to REMdi, you may have rights to know, delete, correct, and receive information about categories of data collected. We do not sell or share personal information as those terms are used in the CCPA.
Integration choices. You may disconnect Oura or WHOOP inside REMdi, by revoking the connection with the provider, or by deleting your REMdi account.
To exercise your rights, email hello@remdiapp.com. Where applicable, you may also initiate account deletion inside the app.
Section 13
Children's privacy
REMdi is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you are under 13, you may not use REMdi.
If we learn that we collected personal data from a child under 13 without the authorization required by law, we will delete that information. Parents or guardians who believe a child provided personal data to REMdi may contact us at hello@remdiapp.com.
If you are in a country where the age required to consent to online data processing is higher than 13, you may use REMdi only if you meet the age required by local law.
Section 14
California-specific disclosures
The categories of personal information collected by REMdi have included: identifiers and account data; health and wellness data; inferences such as chronotype and readiness-related outputs; device and technical data; app interaction data such as alarm interaction history; and limited subscription and account-status information.
REMdi collects personal information directly from you, from your chosen sign-in provider, from connected wearable providers you authorize, and from your device when you grant permission.
REMdi uses these categories to provide and secure the service, personalize functionality, maintain your account, support subscription access, troubleshoot issues, and comply with law.
REMdi has not sold or shared personal information for cross-context behavioral advertising and does not do so. Because REMdi does not sell or share personal information, REMdi is not required to provide a "Do Not Sell or Share" notice or link.
Section 15
Biometrics and wellness data
REMdi processes sleep and wellness information that may be considered sensitive personal data or health data under various laws. REMdi does not use your sleep, HRV, heart-rate, or readiness data as a biometric template to uniquely identify you.
If REMdi later introduces features that use face geometry, voiceprints, fingerprints, retina or iris scans, or other identifier templates for recognition or authentication, REMdi will provide any notices and obtain any consents required by applicable biometric laws before those features become active.
Section 16
Cookies, website technologies, and tracking
The REMdi iOS app does not use advertising cookies. REMdi does not use third-party advertising SDKs or cross-context behavioral advertising trackers.
The website at remdiapp.com may use basic technical measures such as standard server logs and strictly necessary site technologies needed for security, performance, or page delivery. REMdi does not use those technologies for advertising or data-broker purposes.
If REMdi later adds optional analytics or advertising technologies to the website, REMdi will update this Privacy Policy and, where required, request consent before using them.
Section 17
Changes to this Privacy Policy
REMdi may update this Privacy Policy from time to time to reflect changes in the app, integrations, legal requirements, or data practices. If we make a material change, we will update the effective date and post the new version at remdiapp.com and, where appropriate, inside the app.
If a change materially affects how we process data for which consent is required, we will seek any additional consent required by law before the change takes effect.
Section 18
Contact us
If you have questions, concerns, or privacy requests, please reach out:
REMdi Privacy
Email: hello@remdiapp.com
Website: remdiapp.com