← Back

Privacy Policy

Last updated: 13 March 2026

1. Introduction

Moment Apps ("we", "us", "our") operates the Circadian app ("App"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.

We are committed to protecting your privacy and processing your data lawfully, fairly and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

The data controller for information collected through the App is:

Moment Apps
Email: contact@momentapps.co.uk

3. Information We Collect

3.1 Information you provide

• Sleep preferences and schedule: When you set up the App, you provide your preferred wake-up times, sleep goals, schedule preferences, and responses to onboarding questions (such as symptoms you experience and their impact on your day). This data is stored locally on your device.
• Feedback: If you choose to submit feedback through the App, we collect the text you provide along with your anonymous user ID, app version and device model. This is sent to our servers.

3.2 Health and motion data

• HealthKit (Apple Health): If you grant permission, the App reads your sleep data (up to 14 nights of history) from Apple Health to personalise your sleep plan. This data is processed on your device and is not transmitted to our servers. The App does not write data to HealthKit. In accordance with Apple's requirements, HealthKit data is never used for advertising or shared with third parties.
• Motion and fitness data: If you grant permission, the App uses your device's motion sensors (via Core Motion) to estimate when you go to bed and wake up. This data is processed and stored locally on your device.

3.3 Wake-up mission photos

The App uses your device camera to photograph evidence that you have completed your morning wake-up mission (a photo of the sky, your made bed, or you brushing your teeth).

Important: These photos are not processed solely on your device. To verify mission completion, the photo is:

1. Converted to a compressed image on your device.
2. Transmitted via an encrypted connection to a server-side function hosted on Supabase (our backend provider).
3. Forwarded to OpenAI's Vision API for automated analysis to determine whether the mission criteria are met.
4. A verification result (accepted/rejected) is returned to the App.

Photos are not stored by us after verification is complete. They are transmitted solely for the purpose of real-time verification and are not used for training AI models, marketing, profiling, or any other purpose. OpenAI's data handling is governed by their API data usage policy, which states that API inputs are not used to train their models. See: https://openai.com/policies/api-data-usage-policies.

3.4 Automatically collected information

• Analytics data: We collect anonymised usage data such as which screens you view, alarm completion rates, mission completion rates, onboarding progress, feature usage, and conversion events. This data is collected via PostHog (see Section 6) and is associated with an anonymous device identifier, not your name or email.
• Device information: Device type, operating system version and app version, collected for analytics and crash reporting purposes.
• Crash reports: If the App crashes, anonymised crash logs may be collected via PLCrashReporter (a Microsoft open-source library) to help us diagnose and fix issues.
• First-open date: We record when you first open the App (stored locally on your device) to calculate metrics such as days since installation.

3.5 Subscription information

Payment processing is handled entirely by the Apple App Store and RevenueCat (see Section 6). We do not collect or store your payment card details, billing address, or other financial information. RevenueCat provides us with anonymised subscription status information (e.g., whether you have an active subscription or trial).

3.6 Anonymous account

When you first use the App, an anonymous account is created automatically via Supabase Auth. This generates a unique anonymous user ID that is used to associate feedback submissions and authenticate requests to our server-side functions (such as photo verification). No email address, password or personally identifiable information is collected as part of this process.

4. How We Use Your Information

We use collected information for the following purposes:

• Providing the App's core functionality: Generating personalised sleep schedules, scheduling alarms, verifying wake-up missions, and tracking your wake-up consistency.
• Improving the App: Anonymised analytics help us understand how features are used, identify issues, and prioritise improvements.
• Customer support: Feedback submissions allow us to understand and respond to user issues.
• Subscription management: Determining whether you have an active subscription or trial to enable or restrict access to premium features.

We process your data on the basis of: (a) contractual necessity (providing the service you signed up for); (b) legitimate interests (improving the App, ensuring security); and (c) your consent (where applicable, e.g., HealthKit access, camera access, motion data).

5. Camera Access

The App requests camera access solely for wake-up mission verification. As described in Section 3.3, photos are transmitted to a server-side service for AI-powered verification and are not stored after processing. You can revoke camera permission at any time in your device Settings. If camera access is unavailable, missions are automatically accepted.

6. Third-Party Services

We use the following third-party services to operate the App. Each processes data as described and is bound by its own privacy policy:

Service	Provider	Purpose	Data shared
PostHog	PostHog Inc.	Product analytics	Anonymised usage events, device type, OS version, anonymous device identifier
RevenueCat	RevenueCat Inc.	Subscription management	Anonymous app user ID, subscription status, purchase events
Supabase	Supabase Inc.	Authentication, feedback storage, server-side functions	Anonymous user ID, feedback text, device model, app version
OpenAI	OpenAI LLC	Wake-up mission photo verification	Compressed mission photos (not stored after verification)
PLCrashReporter	Microsoft Corporation	Crash reporting	Anonymised crash logs, device info

We do not sell, rent or trade your personal information to any third party. These services are used solely to operate and improve the App.

7. Notifications

The App uses push notifications to deliver bedtime reminders, alarm alerts and occasional trial/subscription reminders. You can manage notification preferences in your device Settings at any time.

8. Data Storage and Security

• Local data: Your sleep schedule, preferences, plan state and alarm configurations are stored locally on your device using on-device storage.
• Server-side data: Feedback submissions and anonymous account data are stored on Supabase servers. Data is encrypted in transit (TLS) and at rest.
• Photos: Mission photos are transmitted over encrypted connections and are not persisted on our servers after the verification response is returned.

We implement appropriate technical and organisational measures to protect your information against unauthorised access, alteration, disclosure or destruction. However, no method of transmission over the internet or electronic storage is 100% secure.

9. Data Retention

• Local data: Retained on your device until you delete the App or clear its data.
• Feedback data: Retained on our servers for as long as reasonably necessary to address the feedback and improve the App, and deleted within 30 days of a deletion request.
• Analytics data: Retained by PostHog in accordance with their data retention policy. We configure retention periods appropriate to our analytics needs.
• Anonymous account data: Retained until you request deletion or we determine the account has been inactive for an extended period.

If you delete the App or request data deletion, we will remove your server-side data within 30 days.

10. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Portability: Request a copy of your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent (e.g., HealthKit, camera, motion data), you may withdraw consent at any time by revoking the relevant device permission or contacting us.

To exercise any of these rights, contact us at contact@momentapps.co.uk. We will respond within one month. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk.

11. International Data Transfers

Some of our third-party service providers (PostHog, RevenueCat, OpenAI, Supabase) may process data outside the United Kingdom. Where data is transferred internationally, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or the provider's participation in recognised data protection frameworks, to provide a level of protection consistent with UK data protection law.

12. Children's Privacy

The App is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at the address below.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by other reasonable means. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the App after changes are posted constitutes acceptance of the updated policy.

14. Contact

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your data is handled, please contact us at:

Moment Apps
Email: contact@momentapps.co.uk