Privacy Policy

1 Information We Collect

We collect various types of information to provide and improve our sleep therapy services. The information we collect falls into several categories, each serving a specific purpose in delivering personalized care and maintaining our service quality.

When you book our sleep therapy services (such as CBT-I therapy sessions, Anxiety Therapy, or children's sleep coaching) or contact us for inquiries, we collect personal information that allows us to identify and communicate with you. This includes your full name, email address, phone number. This information is essential for scheduling your therapy sessions, responding to your inquiries, and communicating about your sleep therapy appointments and progress.

To provide effective CBT-I therapy, mindfulness coaching, and anxiety sleep therapy, we collect detailed information about your sleep patterns and health. This sensitive information includes your sleep history and current sleep patterns, specific sleep problems (insomnia, sleep anxiety, difficulty falling or staying asleep), medical conditions that may affect your sleep quality, medications you are currently taking, lifestyle factors such as diet, exercise habits, and work schedule, stress levels and anxiety related to sleep, sleep diary entries and nightly tracking data, and responses to therapy exercises and homework assignments. All health information is treated with the highest level of confidentiality and is used solely to provide you with personalized sleep therapy and evidence-based treatment.

When you purchase our sleep therapy packages, individual CBT-I sessions, or enroll in our corporate wellness programs, we collect necessary financial information. This includes credit/debit card information (processed securely through our payment processor), billing address, payment history and transaction records for therapy sessions, and information about purchased therapy packages or ongoing programs. We do not store complete credit card numbers on our servers; this information is securely handled by our PCI-compliant payment processor.

We automatically collect certain information when you access our Services to improve functionality and user experience. This includes your IP address and geolocation data, browser type and version, device information (type, operating system, unique device identifiers), pages visited and time spent on pages, clickstream data and navigation patterns, referral source and exit pages, date and time stamps of visits, and error logs and debugging information.

We maintain records of your communications with us for quality assurance and continuity of care. This includes email correspondence with our sleep therapy team through our contact form, phone call records for consultation scheduling and inquiries (with your consent), detailed session notes from your CBT-I therapy sessions, progress reports and therapy outcomes, feedback and survey responses about your sleep improvement, booking confirmations and appointment reminders, and testimonials or reviews you provide about your experience with our sleep therapy programs.

2 How We Use Your Information

We use the information we collect for specific, legitimate purposes that benefit you and allow us to provide high-quality sleep therapy services. Your data is never used for purposes beyond what is described here without your explicit consent.

Your personal and health information is primarily used to deliver personalized sleep therapy services. We use your data to schedule and confirm CBT-I therapy sessions, mindfulness coaching appointments, or children's sleep coaching sessions, respond to your inquiries submitted through our contact form, develop customized sleep therapy programs based on your specific insomnia patterns or anxiety-related sleep issues, track your sleep improvement progress and adjust treatment protocols accordingly, assign appropriate therapy exercises and homework based on your sleep challenges, communicate important information about your treatment plan and session schedules, send therapy session reminders and follow-up sleep diary prompts, and provide ongoing clinical support and guidance throughout your journey to better sleep.

We use your contact information to maintain effective communication with you. This includes responding to your questions about CBT-I therapy techniques or treatment progress, sending notifications about upcoming sleep therapy sessions, providing educational content about sleep hygiene, insomnia management, and anxiety reduction techniques, notifying you about new sleep therapy programs or wellness workshops we offer, sending newsletters with sleep science research and tips for better sleep (which you can opt out of at any time), and conducting surveys to gather feedback on your therapy experience and sleep improvement outcomes.

Your payment information is used exclusively for financial transactions related to our sleep therapy services. This includes processing payments for individual CBT-I therapy sessions, multi-session sleep therapy packages, corporate wellness program enrollments, managing ongoing therapy program subscriptions, generating invoices and receipts for your therapy purchases, handling refunds for cancelled sessions according to our cancellation policy, and preventing fraudulent transactions to ensure secure payment for your sleep therapy services.

We analyze usage data to continuously improve our sleep therapy services and treatment outcomes. This includes analyzing how clients interact with our therapy programs and resources, identifying technical issues with our session booking or therapy delivery platform, understanding which CBT-I techniques and mindfulness exercises are most effective for different sleep issues, developing new sleep therapy programs based on client needs and emerging sleep science research, conducting outcome research to improve our insomnia treatment success rates, and creating aggregate statistics (always anonymized) about sleep improvement trends to contribute to sleep health knowledge.

We may use your information when necessary to comply with legal obligations and protect safety. This includes complying with applicable laws and regulations, responding to legal requests from authorities, enforcing our Terms and Conditions and other policies, protecting our rights, property, and safety, preventing fraud, abuse, and illegal activities, and resolving disputes and addressing complaints.

3 Data Sharing and Third Parties

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. However, we may share your information with carefully selected third parties under specific circumstances and with appropriate safeguards in place.

We work with trusted third-party service providers who help us deliver our sleep therapy services. These include payment processors who handle secure payment transactions for therapy sessions, cloud hosting providers who securely store your sleep therapy records and session notes, email service providers who help us send therapy reminders and educational content about sleep health, video conferencing platforms for virtual CBT-I therapy sessions, analytics providers who help us understand therapy program effectiveness, and scheduling tools for managing therapy appointments. All service providers are bound by strict confidentiality agreements and HIPAA-compliant standards, and are only permitted to use your health data for the specific sleep therapy services they help us provide.

In certain situations and only with your explicit written consent, we may share relevant sleep therapy information with your healthcare providers. This might include sharing CBT-I therapy progress reports with your primary care physician, coordinating insomnia treatment with your psychiatrist or mental health therapist, or providing sleep diary data and therapy outcomes to sleep medicine specialists involved in your care. For our anxiety sleep therapy program, we may collaborate with your anxiety treatment team. You always have complete control over what information is shared and with whom.

We may disclose your information to legal and regulatory authorities when required by law or when necessary to protect rights and safety. This includes complying with court orders, subpoenas, or other legal processes, responding to requests from law enforcement or government agencies, protecting against fraud, security breaches, or illegal activities, enforcing our legal rights and defending against legal claims, and protecting the safety and well-being of our users and staff.

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the new owner. We will notify you via email and prominent notice on our website before your information is transferred and becomes subject to a different privacy policy. You will have the opportunity to delete your account before such a transfer if you do not agree to the new arrangements.

4 Your Privacy Rights and Choices

You have important rights regarding your personal information. We are committed to honoring these rights and making it easy for you to exercise them. Depending on your location, you may have additional rights under laws such as GDPR (Europe), CCPA (California), or other privacy regulations.

You have the right to access the personal information we hold about you. You can request a copy of your data at any time, and we will provide it to you in a structured, commonly used, and machine-readable format. This includes all personal information, health data, communication records, and usage information associated with your account.

If you believe any information we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it. You can update most of your personal information directly through your account settings, or you can contact us to make changes to information you cannot edit yourself.

You have the right to request that we delete your personal information under certain circumstances. This includes situations where the data is no longer necessary for the purposes it was collected, you withdraw consent and there is no other legal basis for processing, you object to processing and there are no overriding legitimate grounds, or the data has been unlawfully processed. Please note that we may need to retain certain information for legal or legitimate business purposes even after a deletion request.

You have the right to receive your personal data in a portable format and to request that we transmit it directly to another service provider where technically feasible. This allows you to move, copy, or transfer your data easily between different service providers.

You have the right to object to certain types of processing of your personal information, particularly for direct marketing purposes. You can also request that we restrict how we process your data in certain situations, such as when you contest the accuracy of the data or object to processing.

Where we process your data based on your consent (such as for marketing communications or certain uses of health data), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

5 Data Security Measures

Protecting your personal information, especially sensitive health data, is our top priority. We implement industry-leading security measures to safeguard your data against unauthorized access, alteration, disclosure, or destruction.

We employ comprehensive technical safeguards including encryption of data in transit using TLS/SSL protocols, encryption of data at rest using AES-256 encryption, secure socket layer (SSL) certificates for all web communications, regular security audits and penetration testing, intrusion detection and prevention systems, secure backup systems with encrypted backups, multi-factor authentication for account access, and automated monitoring for suspicious activities and security threats.

Beyond technical measures, we maintain strict organizational policies and procedures. All employees and contractors with access to personal data undergo background checks and sign confidentiality agreements. We provide regular security awareness training to all staff members. Access to personal information is strictly limited on a need-to-know basis with role-based access controls. We maintain detailed logs of data access and processing activities. We have incident response procedures in place to quickly address any security breaches. Regular security policy reviews and updates ensure we stay current with best practices.

Our data centers and office facilities are secured with restricted physical access, 24/7 security monitoring and surveillance, biometric access controls, secure server rooms with environmental controls, and visitor logging and escort requirements.

We carefully vet all third-party service providers to ensure they meet our security standards. All vendors must demonstrate compliance with industry security standards, undergo regular security assessments, maintain appropriate insurance coverage, and sign data processing agreements that include strict security requirements.

6 Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. We have established clear data retention policies that balance your privacy interests with our business and legal requirements.

While you are actively receiving our sleep therapy services, we retain all data necessary to provide effective treatment. This includes your contact information, sleep health data, CBT-I therapy session notes, sleep diary entries, mindfulness exercise progress, communication history with your sleep therapist through emails and booking forms, and records of completed therapy homework assignments. This data is securely stored and used to provide personalized sleep therapy, track your insomnia improvement over time, and maintain continuity of care across therapy sessions.

If you have not engaged with our services for 24 consecutive months (no bookings, sessions, or contact), we will send you reminder emails before taking any action. After 30 months of inactivity, we may anonymize or delete certain data that is not required for legal or business purposes. Essential records such as financial transactions and legal compliance data may be retained longer as required by law.

When you request deletion of your personal information, we will permanently delete most of your data within 30 days. However, some information may be retained for longer periods when required by law, including financial records (retained for 7 years for tax purposes), legal documentation and compliance records, aggregated and anonymized data for research purposes, and data necessary to prevent fraud or enforce our legal rights. Any retained information will be securely stored and access will be strictly limited.

• Personal contact information: Retained while you are an active client, deleted within 30 days of deletion request (except where legally required)
• Sleep therapy and health data: Retained during active treatment plus 3 years after last therapy session to ensure continuity of care if you return for additional treatment
• CBT-I session notes and treatment plans: Retained for 3 years after final session in accordance with healthcare record retention requirements
• Payment records for therapy sessions: Retained for 7 years after transaction for accounting and tax purposes
• Communication logs from contact and booking forms: Retained for 2 years for quality assurance and clinical purposes
• Website usage data: Retained for 26 months in identifiable form, then anonymized
• Marketing and newsletter preferences: Retained indefinitely to honor opt-out requests and prevent unwanted sleep health communications

7 Children's Privacy

Sleeping Easy is committed to protecting the privacy of children. While we do offer sleep coaching services for children through our Children's Sleep Coaching program, these services are always provided with appropriate parental involvement and consent.

Our general Services, including our website contact and booking forms, are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18 without verified parental consent. If you are under 18, bookings and contact forms must be completed by a parent or legal guardian.

Our Children's Sleep Coaching program is designed specifically for parents and guardians seeking professional help with their children's sleep problems, including bedtime resistance, night wakings, sleep anxiety, and establishing healthy sleep routines. All bookings and contact forms are completed by parents or guardians. All sleep coaching sessions and communications are conducted with the parent or guardian, not directly with the child. Any information about the child's sleep patterns, behaviors, and health is provided by the parent or guardian through our booking and contact forms, and is treated with the same confidentiality and security measures as all other health information in our practice.

Parents and guardians have full control over their children's information in our system. You can review the information we have collected about your child, request corrections or updates to that information, request deletion of your child's information (subject to legal retention requirements), and withdraw consent for future collection or use of your child's information at any time.

If we discover that we have inadvertently collected personal information from a child under 18 without proper parental consent, we will take immediate steps to delete that information from our systems. If you believe we have collected information from a child without proper consent, please contact us immediately at hello@sleepingeasy.net

8 International Data Transfers

Sleeping Easy is based in Chennai, India, and our primary data storage and processing facilities are located in India. However, we may transfer and process your personal information in other countries where our service providers operate. When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information.

When transferring personal data outside of India or across international borders, we use legally recognized transfer mechanisms including Standard Contractual Clauses (SCCs) approved by relevant data protection authorities, adequacy decisions where the destination country has been deemed to provide adequate data protection, and binding corporate rules for transfers within our corporate group or with service providers who have implemented such rules.

Regardless of where your data is processed, we maintain the same high standards of data protection and security. All our service providers are contractually required to provide the same level of data protection that we do, ensure appropriate technical and organizational security measures, only process data according to our documented instructions, and allow for audits and inspections of their data protection practices.

9 Third-Party Websites and Links

Our website and Services may contain links to third-party websites, applications, or services that are not owned or controlled by Sleeping Easy. This Privacy Policy applies only to our Services, and we are not responsible for the privacy practices of any third-party sites.

We may provide links to external websites for your convenience and education about sleep health. These links might include peer-reviewed sleep research articles and studies, resources from sleep medicine organizations and sleep science institutes, recommended sleep hygiene products or tools (we do not receive commissions), evidence-based mental health resources for anxiety and stress management, social media platforms where we share sleep tips and education, or secure payment processors for therapy session payments. When you click on a link to an external website, you will be leaving our Services and will be subject to that website's privacy policy and terms of use.

Our website may include social media features and plugins (such as Facebook Like button, Twitter Share button, or LinkedIn Share button). These features may collect your IP address, track which page you are visiting, and set cookies to enable the feature to function properly. Social media features and plugins are hosted by the respective social media companies and are governed by their privacy policies.

We encourage you to carefully review the privacy policies and terms of service of any third-party websites you visit. We do not endorse, screen, or approve, and are not responsible for the privacy practices or content of such websites. Providing personal information to third-party websites is at your own risk.

10 Contact Us About Privacy

We are committed to addressing your privacy concerns and questions promptly and transparently. If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please do not hesitate to contact us.

Email: hello@sleepingeasy.net (for all privacy-related inquiries and data requests)

Phone: +919384968787 (Monday to Friday, 9:00 AM to 6:00 PM IST)

Postal Address: Sleeping Easy Privacy Team, 13W, Chowthri Nagar, Valasaravakkam, Chennai.

For privacy matters requiring escalation or for complaints about our data handling practices, you can contact our Data Protection Officer:

Email: hello@sleepingeasy.net

We aim to respond to all privacy inquiries within 2 business days for initial acknowledgment and within 30 days for complete resolution. For complex requests, we may need additional time and will keep you informed of our progress. We will always strive to resolve your concerns as quickly and thoroughly as possible.

If you are not satisfied with our response to your privacy concerns, you have the right to file a complaint with your local data protection authority or supervisory authority. For users in India, you can contact the Ministry of Electronics and Information Technology. For EU users, you can contact your local Data Protection Authority. We encourage you to contact us first so we can attempt to resolve your concerns directly.