Privacy Policy

1. Information We Collect

We collect information to provide and improve Malu (“the Services”). Below is a summary of the types of information we collect:

Information You Provide

Account Information

Email address and authentication credentials.

Quiz & Onboarding Data

Sleep quiz responses including bedtime preferences, wake time, sleep struggles, and goals.

Sleep Check-in Data

Daily sleep quality ratings, time-to-sleep estimates, and morning mood assessments.

Payment Information

Processed by Apple (in-app purchases) or Stripe (web). We do not store full payment card details.

Communications

Support requests and feedback you send to us.

Preferences

Technique preferences, notification settings, soundscape choices, and app configuration.

Information Collected Automatically

Usage information (features accessed, session duration)
Device information (model, OS version)
Log information (error reports, crash logs)
Performance data (app load times, responsiveness)

Information from Third Parties

Payment processor confirmations (Apple, Stripe)
Aggregated analytics data

2. How We Use Your Information

Provide and maintain Services — including personalized sleep technique recommendations based on your quiz responses and check-in history
Process transactions — manage subscriptions through Apple App Store and web (Stripe)
Personalize your experience — tailor content based on sleep patterns, mind state, and historical data
Generate sleep insights — create trends and recommendations from your check-in history
Send notifications — bedtime reminders, wind-down alerts, and morning check-ins (only if you opt in)
Communicate — respond to support requests and send service-related messages
Improve and develop — analyze usage patterns to enhance the Services
Detect and prevent fraud
Comply with legal obligations

✕We do NOT use your data for behavioral advertising
✕We do NOT sell personal information

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your data:

Servers located in the European Union (Frankfurt, Germany) via Supabase
Encryption in transit (TLS/HTTPS) and at rest
Auth tokens stored in iOS Keychain (secure storage)
Row-level security on database — users can only access their own data

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

5. Data Retention

Data Type	Retention Period
Account data	Until account deletion
Sleep check-in data	Until account deletion or deletion request
Usage data	Aggregated and anonymized for improvement
Payment records	As required by tax and financial regulations

Upon account deletion, your data will be removed within 30 days, except where retention is required by law.

6. Your Privacy Rights

You have the following rights regarding your personal data:

Access — Request a copy of the personal data we hold about you
Correction — Request correction of inaccurate or incomplete data
Deletion — Request deletion of your personal data
Data Portability — Request your data in a structured, machine-readable format
Objection — Object to the processing of your data
Restriction — Request that we limit how we use your data
Withdraw Consent — Withdraw your consent at any time where processing is based on consent

How to exercise your rights:

Delete Account in app settings
Email privacy@opalno.com

We will respond to your request within 30 days.

7. Information for EEA, UK, and Swiss Residents

Data Controller: Opalno, Netherlands.

We process your personal data on the following legal bases:

Contract Performance — Processing necessary to provide the Services you have subscribed to
Legitimate Interests — Analytics and service improvement, where our interests do not override your rights
Consent — For notifications and optional data processing you have opted into
Legal Obligations — Where we are required to process data by law

Your data is stored within the EU (Frankfurt, Germany). You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

8. Information for California Residents

Under the California Consumer Privacy Act (CCPA), California residents have additional rights:

Right to Know — Request information about the categories and specific pieces of personal data we have collected
Right to Delete — Request deletion of personal data we have collected
Right to Opt Out of Sale — We do not sell your personal information
Non-Discrimination — We will not discriminate against you for exercising your CCPA rights

Contact: privacy@opalno.com

9. Children's Privacy

Malu is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal data, please contact us at privacy@opalno.com and we will promptly delete it.

10. Health Information Disclaimer

Malu provides wellness tools only and is not a medical device or service. Specifically:

We do not infer medical conditions from sleep data
Malu is not intended to diagnose, treat, cure, or prevent any medical condition
Sleep insights and recommendations are for general wellness purposes only
Consult a healthcare provider for medical questions about your sleep

11. Contact Us

If you have questions about this privacy policy or your data:

Opalno

The Netherlands

Email: privacy@opalno.com

Website: opalno.com

1. Information We Collect

We collect information to provide and improve Malu (“the Services”). Below is a summary of the types of information we collect:

Information You Provide

Account Information

Email address and authentication credentials.

Quiz & Onboarding Data

Sleep quiz responses including bedtime preferences, wake time, sleep struggles, and goals.

Sleep Check-in Data

Daily sleep quality ratings, time-to-sleep estimates, and morning mood assessments.

Payment Information

Processed by Apple (in-app purchases) or Stripe (web). We do not store full payment card details.

Communications

Support requests and feedback you send to us.

Preferences

Technique preferences, notification settings, soundscape choices, and app configuration.

Information Collected Automatically

Usage information (features accessed, session duration)
Device information (model, OS version)
Log information (error reports, crash logs)
Performance data (app load times, responsiveness)

Information from Third Parties

Payment processor confirmations (Apple, Stripe)
Aggregated analytics data

2. How We Use Your Information

Provide and maintain Services — including personalized sleep technique recommendations based on your quiz responses and check-in history
Process transactions — manage subscriptions through Apple App Store and web (Stripe)
Personalize your experience — tailor content based on sleep patterns, mind state, and historical data
Generate sleep insights — create trends and recommendations from your check-in history
Send notifications — bedtime reminders, wind-down alerts, and morning check-ins (only if you opt in)
Communicate — respond to support requests and send service-related messages
Improve and develop — analyze usage patterns to enhance the Services
Detect and prevent fraud
Comply with legal obligations

✕We do NOT use your data for behavioral advertising
✕We do NOT sell personal information

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your data:

Servers located in the European Union (Frankfurt, Germany) via Supabase
Encryption in transit (TLS/HTTPS) and at rest
Auth tokens stored in iOS Keychain (secure storage)
Row-level security on database — users can only access their own data

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

5. Data Retention

Data Type	Retention Period
Account data	Until account deletion
Sleep check-in data	Until account deletion or deletion request
Usage data	Aggregated and anonymized for improvement
Payment records	As required by tax and financial regulations

Upon account deletion, your data will be removed within 30 days, except where retention is required by law.

6. Your Privacy Rights

You have the following rights regarding your personal data:

Access — Request a copy of the personal data we hold about you
Correction — Request correction of inaccurate or incomplete data
Deletion — Request deletion of your personal data
Data Portability — Request your data in a structured, machine-readable format
Objection — Object to the processing of your data
Restriction — Request that we limit how we use your data
Withdraw Consent — Withdraw your consent at any time where processing is based on consent

How to exercise your rights:

Delete Account in app settings
Email privacy@opalno.com

We will respond to your request within 30 days.

7. Information for EEA, UK, and Swiss Residents

Data Controller: Opalno, Netherlands.

We process your personal data on the following legal bases:

Contract Performance — Processing necessary to provide the Services you have subscribed to
Legitimate Interests — Analytics and service improvement, where our interests do not override your rights
Consent — For notifications and optional data processing you have opted into
Legal Obligations — Where we are required to process data by law

Your data is stored within the EU (Frankfurt, Germany). You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

8. Information for California Residents

Under the California Consumer Privacy Act (CCPA), California residents have additional rights:

Right to Know — Request information about the categories and specific pieces of personal data we have collected
Right to Delete — Request deletion of personal data we have collected
Right to Opt Out of Sale — We do not sell your personal information
Non-Discrimination — We will not discriminate against you for exercising your CCPA rights

Contact: privacy@opalno.com

9. Children's Privacy

10. Health Information Disclaimer

Malu provides wellness tools only and is not a medical device or service. Specifically:

We do not infer medical conditions from sleep data
Malu is not intended to diagnose, treat, cure, or prevent any medical condition
Sleep insights and recommendations are for general wellness purposes only
Consult a healthcare provider for medical questions about your sleep

11. Contact Us

If you have questions about this privacy policy or your data:

Opalno

The Netherlands

Email: privacy@opalno.com

Website: opalno.com

1. Information We Collect

Information You Provide

Account Information

Quiz & Onboarding Data

Sleep Check-in Data

Payment Information

Communications

Preferences

Information Collected Automatically

Information from Third Parties

2. How We Use Your Information

3. How We Share Your Information

Service Providers

Legal Compliance

Business Transfers

With Your Consent

4. Data Storage and Security

5. Data Retention

6. Your Privacy Rights

7. Information for EEA, UK, and Swiss Residents

8. Information for California Residents

9. Children's Privacy

10. Health Information Disclaimer

11. Contact Us

Privacy Policy

1. Information We Collect

Information You Provide

Account Information

Quiz & Onboarding Data

Sleep Check-in Data

Payment Information

Communications

Preferences

Information Collected Automatically

Information from Third Parties

2. How We Use Your Information

3. How We Share Your Information

Service Providers

Legal Compliance

Business Transfers

With Your Consent

4. Data Storage and Security

5. Data Retention

6. Your Privacy Rights

7. Information for EEA, UK, and Swiss Residents

8. Information for California Residents

9. Children's Privacy

10. Health Information Disclaimer

11. Contact Us