Privacy Policy

CPAP Analysis is operated by Fellbeck Ltd (Company No. 16944419). This policy describes how we handle your data. The short version: your health data never leaves your device.

Data Controller

Fellbeck Ltd is the data controller for any personal data processed in connection with CPAP Analysis.

• Company: Fellbeck Ltd (Company No. 16944419)
• Contact: [email protected]

Health Data — On-Device Only

CPAP Analysis reads therapy data from your CPAP device's SD card — including AHI scores, respiratory events, pressure, flow rate, and SpO2/pulse oximetry readings. All of this data is processed and stored entirely on your device.

• Your health data is never uploaded to any server
• We cannot see, access, or retrieve your health data
• Your health data is never used for advertising, marketing, or data mining

Subscription Management

We use RevenueCat to manage in-app purchases. When you make a purchase, RevenueCat processes the following data:

• Purchase history and subscription status
• Anonymous app user identifier
• Device type and operating system version
• Country/region (derived from IP address for fraud prevention)

No health data is shared with RevenueCat. RevenueCat acts as a data processor under our instruction and does not sell personal data. RevenueCat is SOC2 Type 2 compliant.

For details, see RevenueCat's Privacy Policy and Data Processing Addendum.

International Data Transfers

RevenueCat processes subscription data on servers in the United States (AWS). These transfers are governed by Standard Contractual Clauses and the EU-US Data Privacy Framework.

No Tracking or Analytics

CPAP Analysis does not include any analytics SDKs, advertising identifiers, or usage tracking. We do not track which screens you visit or how you use the app. RevenueCat's SDK contacts its servers to verify subscription status, which means it is aware when the app is opened. We do not sell or share any data with third parties for advertising or marketing purposes.

Do Not Track

CPAP Analysis does not track users across websites or apps. We honour Do Not Track browser signals.

Data Retention and Deletion

• On-device data: Deleting the app removes all therapy data from your device.
• Subscription records: RevenueCat retains purchase records in accordance with their retention policy. Contact us at [email protected] to request deletion.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Under GDPR (EEA/UK)

• Right of access, rectification, and erasure
• Right to restriction of processing and data portability
• Right to object to processing
• Right to lodge a complaint with your supervisory authority (in the UK, the Information Commissioner's Office)

Under CCPA/CalOPPA (California)

• Right to know what personal information is collected
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to non-discrimination for exercising your rights

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Children's Privacy

CPAP Analysis is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at [email protected].

Security

Your therapy data is stored only on your device, protected by your iPhone's built-in security.

Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will notify the relevant supervisory authority within 72 hours (GDPR) and affected individuals within 60 days (FTC Health Breach Notification Rule), as applicable.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through app update notes. The "Last updated" date at the top of this page will always reflect the most recent revision.

Contact

If you have questions about this privacy policy or your data, contact us:

• Fellbeck Ltd (Company No. 16944419)
• Email: [email protected]