Privacy policy.

• We use Plausible and Vercel Web Analytics — both cookieless, no personal identifiers, and only loaded after you accept.
• If you sign up for the newsletter, we collect your email and (optionally) a source label.
• If you create an account to save tool results, we collect your email and the saved results.
• If you buy the toolkit, Stripe handles payment (we never see your card).
• We do not sell user data. Period.
• You can delete your data any time by emailing [email protected].

2.1 Analytics (only after consent)

We use two privacy-respecting analytics tools — but only after you click “Accept analytics” on the consent banner. Neither loads if you choose “Essential only”.

• Plausible — cookieless, no fingerprinting, no personal identifiers. Aggregate page views, referrer, country, device class only. plausible.io/privacy.
• Vercel Web Analytics — cookieless, no third-party trackers. Page views and route performance only. Vercel hashes the visitor IP and rotates the hash daily so visits cannot be linked across days. vercel.com/docs/analytics/privacy-policy.

2.2 Newsletter subscribers

When you subscribe to the newsletter, we collect your email address and (optionally) a source label that tells us which page you subscribed from. We use Resend to deliver emails. Resend's privacy policy: resend.com/legal/privacy-policy.

2.3 Account holders (saved tool results)

If you create an account to save tool results, we use Supabase to authenticate you (magic link via email) and to store your saved results. We collect: your email address, your authentication metadata, and the input + output data of any tool result you choose to save. Supabase's privacy policy: supabase.com/privacy.

2.4 Toolkit buyers

If you buy the SleepyHero Toolkit, payment is handled by Stripe. Stripe collects your payment information directly — we never see your full card number. We receive an order ID, your email, and the amount. Stripe's privacy policy: stripe.com/privacy.

2.5 Error reporting

We use Sentry for error reporting on the production site. Sentry may collect your IP address and user agent when an error occurs in your browser. We do not associate Sentry data with newsletter subscribers or account holders. Sentry's privacy policy: sentry.io/privacy.

We use the minimum cookies necessary for the site to function. Specifically: an authentication cookie if you create an account, a theme preference cookie (dark/light), and Stripe's checkout cookies during checkout flow. We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

A cookie banner with consent management lands at Gate B per GDPR requirements. EU visitors will be asked to consent before any non-essential cookie is set.

4.1 GDPR (EU residents)

You have the right to access, correct, delete, or export your personal data. You also have the right to object to processing and to lodge a complaint with your supervisory authority. To exercise any of these rights, email [email protected]. We respond within 30 days.

4.2 CCPA (California residents)

California residents have the right to know what personal information we collect, to delete it, to correct it, and to opt out of sale (we do not sell user data, so this last one is automatic). To exercise these rights, email the same address.

4.3 Children

SleepyHero is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us and we'll delete it.

• Newsletter subscriber emails: retained until you unsubscribe.
• Account data: retained until you delete your account.
• Saved tool results: retained until you delete the result or your account.
• Stripe order data: retained for 7 years (tax/legal requirement).
• Sentry error logs: retained for 90 days.
• Plausible analytics: aggregate only; retained indefinitely.

Our hosting (Vercel), database (Supabase), email (Resend), and payment (Stripe) providers may store data in the United States. For EU residents, we rely on Standard Contractual Clauses (SCCs) with these providers per Article 46 GDPR.

We update this policy when our data handling changes. The "last updated" date at the top reflects the most recent change. Material changes are notified via the newsletter and (where applicable) by a banner on the site.

For any privacy question or to exercise your rights, email [email protected]. We aim to respond within 5 business days.