Privacy Policy

Who we are

WakeWin is operated by Tim Leonsteyn (sole trader, Munich, Germany). When we say "we" or "us" in this policy, that is who we mean. When we say "you", we mean the person using the WakeWin iOS app or wakewin.app website.

What we collect and why

We collect the minimum data needed to run the app. Everything below is tied to your account unless noted otherwise.

• Account info. Email address, encrypted password, and a user ID. If you sign in with Apple or Google we also receive your name (first time only) and a provider-specific user identifier.
• Profile preferences. Username, country, age range, gender, interests, and any profile details you enter yourself. Used to personalise the app.
• Alarm and challenge data. Your alarms, puzzle results, completion times, streaks, tickets earned, motion-verified and photo-verified flags per alarm, and Perfect Month progress.
• Sleep data. If you connect Apple Health, we read sleep records (total duration, sleep phases) to compute sleep-vs-performance insights. Premium users with wake verification enabled also have HealthKit re-read roughly 30 minutes after each alarm to confirm you actually stayed awake. Stored on our servers (Supabase, EU region) and never shared with any third party.
• Photo Verify images (Premium).When Photo Verify is active, the app asks you to photograph a specific household object that the app selects after the puzzle phase. The image is sent to Anthropic's Claude API — operating under a zero-data-retention agreement — only for AI verification, then discarded. Neither we nor Anthropic store the image. Only the verdict (matched / not matched) is logged to your account.
• Motion data.When the motion gate is active, your iPhone's pedometer is read on-device to confirm you walked at least 1 metre or 3 steps before the alarm can be dismissed. Raw step counts and distance never leave the device; only a binary verified / not-verified flag is logged.
• Subscription status. If you purchase Premium, RevenueCat tells us whether your subscription is active, expired, or cancelled. We never receive your payment card.
• Communications. If you enable push notifications, we store your device push token. If you opt in to marketing emails (separate toggle), we use your email address to send product updates. Both are revocable at any time.
• Device + crash data. Basic device information and anonymised crash / performance telemetry so we can fix bugs.

Third parties we share data with

We use a small number of service providers. Each one processes data on our behalf under a data processing agreement.

• Supabase (EU region). Database, authentication, backend edge functions.
• Apple / Google. When you sign in with Apple or Google, they authenticate you and share the data above with us.
• RevenueCat. Processes subscription state from the App Store.
• Anthropic PBC (USA). AI verification for Photo Verify images only. Operates under a zero-data-retention agreement — no image is ever stored by Anthropic. Only the verdict is returned to us.
• Brevo (France). Delivers transactional and marketing emails.
• PostHog (EU region). Anonymised product analytics so we know which features work.
• Vercel. Hosts the wakewin.app website you are reading right now.

We never sell your data and never share it with advertisers.

Your rights

Under GDPR and equivalent laws you have the right to access, correct, export, and delete your data.

• Delete your account. In the app, go to Profile → Delete account. Your data is wiped within 30 days.
• Export your data. Email support@wakewin.app with the account email you use; we will send a copy within 30 days.
• Unsubscribe from email. Every email we send has an unsubscribe link at the bottom. You can also revoke the marketing-email consent in app settings at any time.

Data retention

We keep your data for as long as your account is active. If you delete your account, all associated data is wiped within 30 days. Anonymised aggregate statistics (e.g. total puzzles solved across all users) may be retained indefinitely.

Cookies and local storage

wakewin.app uses local storage only for technically-necessary preferences (language, theme, dismissed banners). No tracking cookies, no advertising cookies, no third-party analytics cookies on the website.

Children

WakeWin requires users to be at least 18 years of age. If you believe a minor has created an account, email us and we will remove it.

Changes

If we materially change how we handle your data, we will notify you in-app and by email before the change takes effect.

Contact

For all privacy and data questions: support@wakewin.app