Privacy Policy

Effective Date: July 1, 2025

WHOOPSLEEP ("we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our service to sync your WHOOP sleep data to your calendar applications.

1. Information We Collect

1.1 WHOOP Data

When you connect your WHOOP account, we collect and store:

• Sleep data including sleep duration, stages, efficiency, and quality metrics
• Recovery data including heart rate variability, resting heart rate, and sleep performance
• Nap data when available
• Basic account information from WHOOP (user ID, timezone preferences)

1.2 Authentication Data

To maintain your connection to WHOOP, we store:

• OAuth access tokens and refresh tokens
• Token expiration dates
• Your unique WHOOP user identifier

1.3 Usage Analytics

We use PostHog to collect anonymous usage analytics, including:

• Page views and navigation patterns
• OAuth connection events (success/failure)
• Calendar link usage
• Feature usage statistics

2. How We Use Your Information

We use your information to:

• Generate and maintain your personalized iCalendar feed
• Sync your sleep and recovery data in real-time via webhooks
• Provide you with access to your calendar subscription link
• Improve our service through usage analytics
• Communicate with you about service updates or issues
• Process payments for premium features (when available)

3. Data Storage and Security

Your data is stored securely using industry-standard practices:

• All data transmission is encrypted using HTTPS
• Access tokens are stored securely and used only for authorized API calls
• We use HMAC verification for all incoming webhook data
• Your calendar feed uses an obfuscated, non-guessable URL with a 256-bit random hash
• Data is stored on secure cloud infrastructure with regular backups

4. Data Sharing and Third Parties

We share your data only in the following limited circumstances:

4.1 Service Providers

• WHOOP: We connect to WHOOP's API to retrieve your sleep data
• PostHog: Anonymous analytics to improve our service
• Payment Processors: Stripe or similar services for premium features (when available)
• Hosting Providers: Secure cloud infrastructure for data storage and processing

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation.

5. Your Rights and Controls

You have full control over your data:

• Access: View and copy your calendar link anytime on your account page
• Disconnect: Disconnect your WHOOP account at any time
• Delete: When you disconnect, all your data is permanently deleted from our systems
• Regenerate: Get a new calendar link if you reconnect after disconnecting

6. Data Retention

We retain your data only as long as your account is connected:

• Sleep data is stored to generate your calendar feed
• We automatically fetch up to 365 days of historical sleep data when you first connect
• New sleep data is added via real-time webhooks
• When you disconnect, ALL data is immediately and permanently deleted
• Anonymous usage analytics may be retained for service improvement

7. International Data Transfers

Your data may be processed and stored in countries other than your own. We ensure appropriate safeguards are in place to protect your data during any international transfers.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the effective date.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Telegram: @usualguy
• Website: whoopsleep.com

10. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.