Privacy

Your sleep stays on your phone.

Last updated: April 22, 2026

This page explains what Nightpenny reads, where that data lives, and what — if anything — ever leaves your device. The short answer: your sleep numbers never do.

What the app reads

Nightpenny reads the following from Apple HealthKit, on your device, with your explicit permission:

  • Sleep analysis (asleep / in-bed / awake segments)
  • Heart-rate variability (SDNN), when available
  • Resting heart rate, when available

Heart data is optional and used only to refine the sleep-quality signal. If you deny it, the app still works from sleep duration alone.

Where your data lives

On your phone. We don't sync to any cloud. CloudKit is explicitly disabled to satisfy App Store §5.1.3. If you delete Nightpenny, every night the app tracked goes with it.

Apple Health continues to hold the underlying sleep records — Nightpenny is a reader, not a writer. Revoke access anytime in iOS Settings → Health → Data Access & Devices → Nightpenny.

What leaves your phone

By default, nothing about your sleep. Two opt-in signals can leave the device:

Analytics (opt-in, off by default)

If — and only if — you flip on Anonymous analytics in Settings, the app sends event names (e.g., “home.opened”, “ritual.completed”) to TelemetryDeck. Event names only. No numbers, no durations, no balance values. Our taxonomy is enforced at the type level — the app literally cannot send a sleep quantity because the analytics API refuses to accept them.

We use TelemetryDeck because it is GDPR-native and stores nothing that identifies you — not an IP address, not an IDFA, not a device ID.

Crash reports (opt-in, off by default)

When opted in, crashes are sent to Sentry. Our beforeSend scrubber drops any breadcrumb or event whose text contains sleep-related substrings (hours, minutes, balance, debt, etc.) before the payload leaves the device.

What we never do

  • We don't sell data. We don't have data to sell.
  • We don't build advertising profiles. No ATT prompt, no IDFA use.
  • We don't share data with third parties for their marketing.
  • We don't use your HealthKit data to train machine-learning models.

Third parties you'll see

  • Apple — for HealthKit access, EventKit (calendar), notifications, In-App Purchase, and — if you opt in to analytics — Apple's own App Store Connect analytics.
  • RevenueCat — handles subscription state on-device. It sees your Apple transaction receipt and a random app-scoped user ID. No sleep data.
  • TelemetryDeck — product analytics, opt-in only. Event names + country code.
  • Sentry — crash reports, opt-in only. Sleep values scrubbed before send.

Your rights

You can disable analytics, crash reports, or both at any time in Settings. You can revoke HealthKit access at any time in iOS Settings. You can delete the app and every record it kept goes with it. Under GDPR / CCPA we will honour any deletion or data request at privacy@foxtaming.com, though in almost every case there's nothing for us to delete — we never had it.

Children

Nightpenny is not directed at children under 13. If you are a parent or guardian and believe a child under 13 has provided us with information, contact us and we will promptly delete it.

Changes to this policy

Material changes trigger an in-app notice on next launch. The Last updated date at the top always reflects the current policy. The full edit history of this page is in the project's public git repository.

Contact

Privacy questions: privacy@foxtaming.com. General support: hello@foxtaming.com.