Privacy

Your sleep stays on your phone.

Last updated: May 9, 2026

This page explains what Nightpenny reads, where that data lives, and what (if anything) ever leaves your device. The short answer: your sleep numbers never do.

What the app reads

Nightpenny reads the following from Apple HealthKit, on your device, with your explicit permission:

  • Sleep analysis (asleep / in-bed / awake segments)
  • Heart-rate variability (SDNN), when available
  • Resting heart rate, when available

Heart data is optional and used only to refine the sleep-quality signal. If you deny it, the app still works from sleep duration alone.

Where your data lives

Your sleep data lives on your phone. Sleep records, heart-rate samples, balance calculations, ledger history, weekly statements, repayment plans — all of it stays on device. None of it is synced to any cloud, ever. App Store §5.1.3 prohibits storing HealthKit-derived data in iCloud, and we comply: nothing health-related leaves your phone.

Apple Health continues to hold the underlying sleep records. Nightpenny is a reader, not a writer. Revoke access anytime in iOS Settings → Health → Data Access & Devices → Nightpenny.

If you delete Nightpenny, every night the app tracked goes with it.

What leaves your phone

By default, nothing about your sleep. Two opt-in signals can leave the device:

Analytics (opt-in, off by default)

If you flip on Anonymous analytics in Settings (and only then), the app sends event names (e.g., “home.opened”, “ritual.completed”) to TelemetryDeck. Event names only. No numbers, no durations, no balance values. Our taxonomy is enforced at the type level. The app literally cannot send a sleep quantity because the analytics API refuses to accept them.

We use TelemetryDeck because it is GDPR-native and stores nothing that identifies you: no IP address, no IDFA, no device ID.

Crash reports (opt-in, off by default)

When opted in, crashes are sent to Sentry. Our beforeSend scrubber drops any breadcrumb or event whose text contains sleep-related substrings (hours, minutes, balance, debt, etc.) before the payload leaves the device.

What we never do

  • We don't sell data. We don't have data to sell.
  • We don't build advertising profiles. No ATT prompt, no IDFA use.
  • We don't share data with third parties for their marketing.
  • We don't use your HealthKit data to train machine-learning models.

Third parties you'll see

  • Apple, for HealthKit access, EventKit (calendar), notifications, In-App Purchase, and (if you opt in to analytics) Apple's own App Store Connect analytics.
  • RevenueCat, which handles subscription state on-device. It sees your Apple transaction receipt and a random app-scoped user ID. No sleep data.
  • TelemetryDeck, product analytics, opt-in only. Event names + country code.
  • Sentry, crash reports, opt-in only. Sleep values scrubbed before send.

Your rights

You can disable analytics, crash reports, or both at any time in Settings. You can revoke HealthKit access at any time in iOS Settings. You can delete the app and every record it kept goes with it. Under GDPR / CCPA we will honour any deletion or data request at contact@nightpenny.com, though in almost every case there's nothing to delete. We never had it.

About this website

Separate from the iOS app: nightpenny.com uses Vercel Analytics and Vercel Speed Insights to collect aggregate, cookieless web traffic data. No cookies are set. No personal identifiers (IP address, IDFA, device ID) are stored. The data is not joined to any individual and is used only to understand which pages are read and how fast they load. There is nothing to opt out of because there is nothing identifying you in the first place.

Children

Nightpenny is not directed at children under 13. If you are a parent or guardian and believe a child under 13 has provided us with information, contact us and we will promptly delete it.

Changes to this policy

Material changes trigger an in-app notice on next launch. The Last updated date at the top always reflects the current policy. The full edit history of this page is in the project's public git repository.

Contact

Privacy questions: contact@nightpenny.com. General support: contact@nightpenny.com.