Wakeproof

Privacy Policy

Last updated: May 30, 2026

This Privacy Policy explains how Guse LTDA (CNPJ 47.758.713/0001-82, Brazil) collects, uses, shares, and protects your information when you use the Wakeproof iOS app and website (getwakeproof.com).

1. Who We Are

The data controller is Guse LTDA, CNPJ 47.758.713/0001-82, Brazil. Contact: contact@guseapp.com

2. Information We Collect

Account data: name, email, locale preference.

Optional profile: job title, location, bio, avatar photo.

Alarm data: alarm labels, times, repeat schedules, challenge types, sound names.

Session data: IP address, user agent — collected on each authenticated server request.

Challenge history: timestamps and duration of completed alarm challenges.

Push notification token: APNs device token (if you grant permission).

Subscription data: App Store transaction ID, product ID, subscription status.

Website: IP address, pages viewed, cookie data (analytics only with your consent via the cookie banner).

3. What We Do NOT Collect

  • Audio from the Sound challenge (on-device only)
  • Motion data from the Shake/Steps challenge (on-device only)
  • Your Apple Music library content (iOS plays it locally)
  • Face ID / biometric data (processed by iOS on-device)
  • Precise or approximate location
  • Contacts or calendar data
  • Health or medical data
  • Payment card details (handled entirely by Apple)

4. How We Use Your Information

We use your data to: provide and maintain your account; sync your alarms; process your subscription; send transactional emails (verification, password reset, renewal reminders); send push notifications (with your permission); detect crashes and improve the app; ensure security and prevent fraud; and comply with legal obligations.

We do not use your data for advertising, or sell it to third parties.

5. How We Share Your Information

We share data only with service providers acting on our instructions:

  • Cloudflare, Inc. (USA) — backend compute, database, file storage, CDN
  • Resend, Inc. (USA) — transactional email delivery
  • Google LLC (USA) — Firebase Analytics/Crashlytics (optional, if enabled)
  • Apple Inc. — subscription billing and App Store notifications
  • Google LLC (USA) — Google Analytics via GTM (website only, with your consent)

We also share data when required by law or to protect our rights.

We do not sell your personal information. We do not share it for cross-context behavioral advertising.

6. How Long We Keep Your Data

  • Account data — until you delete your account, then deleted within 30 days
  • Alarm and challenge data — until you delete your account
  • Subscription records — 7 years (legal/tax obligation)
  • Server logs (IP) — 30 days via Cloudflare
  • Analytics/crash data — per Firebase retention settings (2–14 months)

8. International Data Transfers

We are based in Brazil. Our infrastructure providers are primarily in the USA. For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) under GDPR Art. 46. For Brazilian users, we ensure contractual protections per LGPD Art. 33.

9. Cookies (Website)

The Website uses: cc_cookie (necessary — stores your consent preferences) and, with your consent, Google Analytics cookies (_ga, _gid) to understand website traffic. You can manage preferences via the cookie banner. The App does not use cookies.

10. Push Notifications

If you grant notification permission, we store your APNs device token to deliver alarm alerts. You can disable this at any time: iOS Settings → Notifications → Wakeproof.

11. Account Deletion

Delete your account within the App: Settings → Account → Delete Account. We delete your data within 30 days, except data required by law. You can also email contact@guseapp.com with subject 'Delete My Account.'

12. Your Rights

Depending on where you live, you may have the right to: access your data; correct inaccuracies; request deletion; restrict or object to processing; receive your data in portable format; withdraw consent; and lodge a complaint with your local data protection authority.

To exercise any right, email contact@guseapp.com. We respond within 30 days (EEA/UK), 45 days (US), or 15 business days (Brazil).

13. Children's Privacy

The Service is not directed at children under 13 (or the minimum age in your country, if higher). We do not knowingly collect data from children under this age. If you believe a child has provided us their data, contact contact@guseapp.com and we will delete it promptly.

14. Security

We protect your data with: HTTPS/TLS for data in transit; hashed password storage; JWT authentication with token expiry; Cloudflare infrastructure security. No method is 100% secure. Report security vulnerabilities to contact@guseapp.com.

15. Notice to California Residents (CCPA/CPRA)

California residents have rights under the CCPA/CPRA: to know, delete, correct, opt out of sale/sharing, limit sensitive PI, and non-discrimination. We do not sell or share personal information for advertising. We collect: identifiers, account data, commercial information (subscriptions), internet activity (website, with consent). Exercise rights: contact@guseapp.com.

16. Notice to EEA, UK, and Swiss Residents

Guse LTDA is the data controller. Legal bases: contract, legitimate interests, and consent (see Section 4). We use SCCs for transfers to the USA. You may lodge a complaint with your local supervisory authority. EU DPA list: edpb.europa.eu. UK: ico.org.uk. We do not make solely automated decisions with significant effects.

17. Aviso aos Residentes no Brasil (LGPD)

A Guse LTDA é a controladora de dados. Bases legais: execução de contrato, interesse legítimo e consentimento (ver Seção 4). Seus direitos incluem: confirmação, acesso, correção, anonimização, bloqueio, eliminação, portabilidade e revogação do consentimento. Para exercer: contact@guseapp.com. Reclamações: ANPD (gov.br/anpd).

18. Changes to This Policy

We will notify you of material changes at least 14 days in advance by email and/or in-app notice. Continued use after changes take effect constitutes acceptance.

19. Contact Us

Guse LTDAcontact@guseapp.comgetwakeproof.com
Subject: 'Privacy Request' or 'Privacy Question'

⚠️ This Privacy Policy is a carefully-researched draft and does not constitute legal advice. Have a qualified attorney review it before publishing — especially regarding AI photo analysis (potential biometric data), LGPD compliance, GDPR transfer mechanisms, and App Store Privacy Manifest requirements.