DriftSleep Privacy Policy

Last updated · May 18, 2026

DriftSleep is a private sleep tracker. Audio analysis for snore detection happens on your iPhone — no recording is ever made. Your sleep sessions live on your device and, if you turn on iCloud sync, in your own iCloud account. We never see what you slept like.

01Who we are

DriftSleep is built and operated by Blossomn, a small software studio in India. Under India's Digital Personal Data Protection Act, 2023 (DPDP Act), Blossomn is the data fiduciary for the limited personal data described below; for users in the EEA / UK, we are the data controller for the same.

Questions, requests, or concerns? Email info@blossomn.com. A real person reads every message.

02The short version

• Sleep sessions, scores, snore counts, timeline events, and alarm settings are stored locally on your iPhone.
• If you enable iCloud sync, sessions are stored in your own iCloud account using Apple's CloudKit private database. Blossomn cannot read them. Apple cannot read them when Advanced Data Protection is enabled.
• Snore detection runs on-device. The microphone is processed in real time by a small audio classifier — no audio is recorded, written to disk, or uploaded. Only the timestamp and duration of detected snore episodes are saved.
• We do not run a DriftSleep server that stores your sleep data.
• We do not use your sleep data to train AI models — ours or anyone else's.
• We do not sell, rent, or share your data with advertisers. DriftSleep contains no ad SDKs, no tracking pixels, no Facebook SDK.

03What data DriftSleep processes

Sleep content (stays on-device / in your iCloud)

• Session start/end timestamps, total sleep duration, derived sleep score, sleep-stage estimates (light / deep / REM / awake), and movement intensity samples derived from the accelerometer.
• Snore-episode metadata: timestamp, duration in seconds, and a coarse loudness bucket. No audio waveform is saved.
• Alarm settings, wind-down preferences, target bedtime, reminders, and notification preferences.
• Coaching tips you've seen (so we don't repeat the same one every night).

None of this is transmitted to Blossomn. It moves only between your iPhone and your own iCloud (if you enabled sync) over Apple's encrypted infrastructure.

Microphone access

DriftSleep requests microphone permission so it can listen for snore patterns during a tracked session. The audio buffer is analyzed by an on-device classifier and immediately discarded — it is never written to a file, never uploaded, and never used for any purpose other than snore detection. You can deny or revoke the permission in iOS Settings → Privacy & Security → Microphone; DriftSleep will continue working without snore detection.

HealthKit (optional)

If you grant access, DriftSleep can write your sleep sessions (start, end, and stage classification) into Apple Health using HealthKit's HKCategoryTypeIdentifierSleepAnalysis. We do not read other Health data unless you explicitly turn on a feature that requires it. Per Apple's HealthKit policy, we never use Health data for advertising, never sell it, and never share it with third parties — including subprocessors.

Subscription & receipt data (handled by Apple)

• DriftSleep Pro is sold through Apple's In-App Purchase system. Your card and billing address are handled by Apple — we never see them.
• Apple shares with us an opaque receipt token so we can verify your Pro entitlement on a new device. The token does not identify you personally.

Diagnostic data (opt-in only)

• If you opt in to "Share crash reports" in DriftSleep Settings, the app sends crash stack traces with PII scrubbed. Crash reports never contain sleep sessions, snore data, or microphone buffers.
• If you opted in to Apple's system-level "Share with App Developers" we may also receive Apple's aggregated crash reports through App Store Connect.
• Both can be disabled in Settings → Privacy & Security → Analytics & Improvements (system) and in DriftSleep → Settings → Privacy (app).

Support correspondence

• If you email us at info@blossomn.com, we keep the thread so we can help. We never ask you to share session details. If you do voluntarily paste a snippet to describe a bug, we delete it once the issue is resolved.

Website analytics

• The DriftSleep marketing site uses a privacy-preserving, cookieless analytics tool that records page views and approximate country. It does not set cookies, does not fingerprint you, and does not track you across sites.

04iCloud sync, in detail

When sync is on, DriftSleep writes your sessions, snore metadata, and preferences to your private CloudKit container. Apple encrypts the data in transit and at rest. If you have Advanced Data Protection turned on for your Apple ID (Settings → [your name] → iCloud → Advanced Data Protection), CloudKit data is end-to-end encrypted — even Apple holds no key.

Disabling sync from DriftSleep → Settings → iCloud removes the data from CloudKit. Local sessions on the device are not affected.

05On-device intelligence

Some DriftSleep features run small models locally on your iPhone:

• Snore classifier: a Core ML audio model that runs in real time on the microphone buffer. Audio is never persisted.
• Sleep-stage estimator: derived from motion and (optionally) heart-rate samples already on the device.
• Coaching tips: the nightly tip is chosen from a fixed catalogue bundled inside the app, based on patterns DriftSleep computed locally. We don't fetch tips from a server and we don't know which one you saw.

06Why we process the little data we do (legal bases)

• Performance of the contract we have with you to operate DriftSleep Pro (entitlement verification).
• Legitimate interests in fixing bugs (crash reports, when opted in) and answering support requests.
• Consent for microphone access, HealthKit access, notifications, and any optional analytics or diagnostic feature you turn on.
• Legal obligation for tax record retention and lawful disclosure requests.

07Retention

• Sleep sessions and snore metadata: on your device for as long as you keep them. iCloud copies live in your Apple ID until you delete the session or disable sync.
• Opaque receipt tokens: kept while your DriftSleep Pro subscription is active, plus 90 days for refund/dispute handling.
• Crash reports (opt-in): 90 days, then deleted.
• Support emails: 24 months, then deleted unless an open issue or legal hold requires longer.
• Tax / payment records: 7 years, as required by Indian tax law.

08Subprocessors

Because DriftSleep is local-first, the list is short. Each of these is bound by a data-processing agreement where applicable:

• Apple Inc. — App Store distribution, In-App Purchase, CloudKit (your iCloud), HealthKit, Sign in with Apple, push notifications. Apple is the merchant of record for DriftSleep Pro.
• Amazon Web Services (ap-south-1, Mumbai) — hosts the marketing website and the receipt-verification endpoint.
• Sentry — opt-in crash reporting with PII scrubbed.
• Postmark — transactional email (the occasional support reply).

We will post a notice on this page at least 30 days before adding any new subprocessor that processes personal data. Per Apple's policy, no subprocessor ever receives HealthKit data.

09International transfers

Marketing-site infrastructure runs in AWS Mumbai (ap-south-1). Apple's CloudKit infrastructure spans the US, EU and other regions per Apple's published privacy practices. Where personal data moves out of India or the EEA, we and our subprocessors rely on the appropriate contractual safeguards (Standard Contractual Clauses for EEA data; equivalent safeguards under DPDP rules for Indian data).

10Security

On-device data inherits iOS file-system encryption (full-disk encryption, Data Protection class enabled). DriftSleep also lets you set an app-level lock — Face ID, Touch ID, or a separate passcode — which keeps your sleep history sealed even if your phone is unlocked.

iCloud sync uses Apple's end-to-end CloudKit private database. All traffic to our receipt-verification endpoint uses TLS 1.2+.

If you discover a vulnerability, email info@blossomn.com with "Security" in the subject. We read these within one business day and follow a coordinated-disclosure policy. If a personal-data breach ever affects you, we'll notify you and the Data Protection Board of India within 72 hours of becoming aware.

11Your rights

Wherever you live, you can ask us to:

• Confirm what limited personal data we hold (in practice: support emails and any opaque subscription token associated with your contact email).
• Correct anything that's wrong.
• Delete that data.
• Withdraw consent for any optional feature (microphone, HealthKit, notifications, crash reports, support correspondence).
• Nominate another person to exercise these rights on your behalf in case of incapacity or death (DPDP Act §14).

For the sleep sessions themselves — which are stored locally on your iPhone and in your own iCloud — you control them directly: delete inside the app, or remove from iCloud via Settings → [your name] → iCloud → Manage Account Storage. Health data written through HealthKit can be deleted from Apple Health → Browse → Sleep. We have no copy to delete on our end.

Email info@blossomn.com. We respond within 7 business days and complete most requests within 30 days. If you believe we've mishandled your data, you may complain to the Data Protection Board of India or, for EU/UK residents, your local supervisory authority.

12Children

DriftSleep is rated 4+ on the App Store and isn't designed for or directed at children under 13. We don't knowingly collect personal data from children. Under India's DPDP Act, processing children's data requires verifiable parental consent, which we don't solicit. If you believe a child has paid for Pro on a managed Family Sharing account and you'd like the receipt token removed, email us and we'll handle it.

13Changes

If we make a material change to this policy we'll post a notice at the top of this page and surface a notice inside DriftSleep at least 14 days before it takes effect. Smaller corrections (typo fixes, clarifications) will just bump the "Last updated" date above.

14Contact

Grievance Officer: Blossomn Team · info@blossomn.com · Operated from India. We aim to acknowledge every privacy request within one business day.