Live Now Nooze Alarm is finally here — wake up smarter starting tonight. Get it on Google Play
Your data, your control

Privacy Policy

What we collect, what stays on your device, and your rights under the GDPR.

Privacy Policy for Nooze Alarm

Last updated: April 11, 2026

Your privacy matters to us. This Privacy Policy explains what data the Nooze Alarm application (“App”) collects, how we use it, and your rights under Regulation (EU) 2016/679 (GDPR) and applicable Bulgarian law.

1. Data Controller

Nooze Alarm
Contact: noozesupport@gmail.com

2. Data We Collect

2.1. Data you provide:

  • Email address and password (on registration);
  • Username and avatar (optional).

2.2. Data generated during use:

  • Sleep data (bedtime, wake time, duration, quality score);
  • Sensor data from accelerometer and microphone for sleep detection (processed on-device, never uploaded);
  • Health data from Health Connect (heart rate, HRV, SpO2, sleep stages) if you grant access (stays on-device, never uploaded);
  • Snore recordings (stored on-device only, never uploaded);
  • Journal entries (mood, energy, notes, tags);
  • Alarm settings;
  • Gamification progress (level, XP, achievements, quests, streak);
  • Social data (friends, wake duels, activity feed).

2.3. Technical data:

  • Device identifier (Firebase Installation ID);
  • Operating system version;
  • Firebase Authentication identifier.

3. What Stays On Your Device

The following data never leaves your device:

  • All sensor data (accelerometer, microphone levels);
  • All health biometrics (heart rate, HRV, SpO2);
  • Snore recordings;
  • Journal entry content (notes, dreams, tags);
  • Alarm sounds.

Only sleep session metadata (times, duration, quality score) and journal stubs (date, mood, energy) are synced if you create an account.

4. Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR): providing App features, managing your account;
  • Legitimate interests (Art. 6(1)(f) GDPR): improving the App, fixing errors;
  • Consent (Art. 6(1)(a) GDPR): microphone access for sleep detection.

Health-related data is processed with your explicit consent (Art. 9(2)(a) GDPR).

5. Third-Party Services

  • Google Firebase (Authentication, Firestore, Analytics, Crashlytics) for account management, cloud sync, usage analytics, and crash reporting. Google LLC is certified under the EU-US Data Privacy Framework.
  • Google Play Billing for subscription payments. Google does not receive your health or sleep data.
  • Smart home platforms (Home Assistant, webhooks) only if you configure them. Only event triggers you set up (e.g. alarm fired) are sent.

We do not use advertising networks. We do not sell your data.

6. Transfers Outside the EU/EEA

Google Firebase servers may be located outside the EU/EEA. Google provides safeguards through Standard Contractual Clauses (SCCs) under Art. 46 GDPR.

7. Retention

  • Account data: retained until you delete your account;
  • Sleep and journal data: retained until you delete it or your account;
  • Payment records: 5 years (legal requirement);
  • Anonymised analytics: indefinitely.

8. Your Rights (GDPR)

You can:

  • Access your data (Art. 15);
  • Correct inaccurate data (Art. 16);
  • Delete your data (Art. 17);
  • Restrict processing (Art. 18);
  • Export your data (Art. 20);
  • Object to processing (Art. 21);
  • Withdraw consent at any time.

Contact noozesupport@gmail.com to exercise your rights. We respond within 30 days.

9. Complaints

You may lodge a complaint with the Bulgarian supervisory authority:

Commission for Personal Data Protection (CPDP)
2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria
www.cpdp.bg | kzld@cpdp.bg

10. Data Security

  • On-device database encryption (SQLCipher AES-256);
  • Passwords hashed with bcrypt (never stored in plain text);
  • All network traffic encrypted (TLS 1.2+);
  • Cloud data accessible only to authenticated users.

11. Changes

We will notify you of material changes via the App or email. The latest version is always available in App Settings.