Privacy Policy

1. Sources of Personal Data

We collect personal data about you from the following sources:

• Directly from you. We collect personal data you provide to us directly, such as when you create an account, complete a sleep assessment quiz, schedule a telehealth consultation, fill out insurance information, communicate with us, or interact with our AI chatbot assistant (AVA).
• Data collected automatically and through cookies. We automatically collect information about you through cookies, pixels, tags, session replay tools, and other tracking technologies when you interact with our Digital Properties. This may include information about how you use our website, your device, and your internet connection. See Section 6 (Tracking Technologies & Cookies) for details.
• From healthcare providers. We may receive health information from sleep specialists, dentists, physicians, and other healthcare providers involved in your care.
• From third parties. We may collect personal data from third parties, such as insurance companies, service providers, analytics providers, advertising partners, and other parties who interact with us.
• From publicly available sources. We may collect personal data from publicly available sources, such as public profiles and websites.

We may combine information that we receive from the various sources described in this Privacy Policy, including third-party sources, and use or disclose the combined information for the purposes identified below.

2. Types of Personal Data We Collect

Depending on your interactions with us, we may collect the following types of personal data:

2.1 Identifiers

Such as your name, email address, physical address, phone number, unique personal identifier, and device identifiers (e.g., cookie IDs and IP address).

2.2 Records About You

Such as signatures, financial information (e.g., payment card number or insurance account information), the content and timing of communications you have with us (including online chats with our AI assistant AVA, calls, and emails), and information you share with or upload to our Digital Properties.

2.3 Demographic Information

Such as age, gender, marital status, and information about your lifestyle and circumstances relevant to sleep health.

2.4 Commercial Information

Such as information related to your transactions, products or services purchased or considered (including sleep test kits, oral appliances, and telehealth consultations), and other purchasing histories.

2.5 Internet or Other Electronic Network Activity Information

Such as your browsing history, search history, preference information, account settings, and other information regarding your interactions with our Digital Properties (including inferences about your health derived from your activities, usage information, and the pages you visit).

2.6 Non-Precise Geolocation Data

Such as your approximate location as derived from your IP address.

2.7 Audio, Electronic, Visual, or Other Sensory Information

Such as photographs, audio/video recordings from telehealth consultations (with your consent), and dental impressions or scans.

2.8 Inferences

Drawn from any of the information we collect about your preferences or behavior, including assessments about your sleep health risk level based on quiz responses and website interactions.

2.9 Protected Health Information (PHI)

In connection with providing our sleep apnea diagnostic and treatment services, we collect PHI as defined under the Health Insurance Portability and Accountability Act (HIPAA), such as:

• Medical history and conditions
• Sleep apnea symptoms and sleep habits
• Sleep test results and diagnostics
• Treatment plans and oral appliance records
• Communications with healthcare providers
• Insurance claims and billing records

Our use and disclosure of PHI are governed by our HIPAA Notice of Privacy Practices.

2.10 Sensitive Personal Information

We may collect the following categories of sensitive personal information:

• Social Security number, driver's license number, or government-issued ID (for insurance verification)
• Financial account information and payment card numbers
• Information about your health (such as medical conditions, diagnoses, sleep study results, or information that could result in an inferred health status)
• Racial or ethnic origin (if voluntarily provided for treatment purposes)

3. How We Use Your Information

We may use personal data for the following purposes:

3.1 To Provide You Products and Services

• Creating and managing your account
• Processing and fulfilling your orders for sleep tests and oral appliances
• Facilitating telehealth consultations with sleep specialists
• Providing AI-powered assistance through our chatbot (AVA), including answering questions about sleep apnea, our services, and treatment options
• Communicating with you about your care, services, and account
• Processing payments and insurance claims
• Verifying your identity and insurance eligibility

3.2 For Internal Business Purposes

• Day-to-day operation of our business
• Maintaining internal business records, accounting, and document management
• Enforcing our policies and terms
• Staff training on privacy, security, and clinical procedures
• Auditing and quality assurance
• IT security and administration

3.3 For Research and Improvement

• Improving our products, services, and Digital Properties, including our AI tools
• Designing new products and services
• Evaluating the effectiveness of our marketing efforts
• Analyzing usage patterns and trends
• Conducting research and analysis to improve sleep health solutions
• Debugging and repairing errors with our systems

3.4 For Legal, Safety, or Security Reasons

• Complying with legal and reporting requirements
• Investigating and responding to claims
• Protecting our rights, your safety, and the safety of others
• Detecting, preventing, and responding to security incidents
• Protecting against malicious, deceptive, fraudulent, or illegal activity

3.5 For Marketing and Targeted Advertising

• Sending promotional emails about new products, special offers, or other information we think you may find interesting
• Delivering targeted advertisements on our Digital Properties and third-party sites
• Personalizing advertising to you based on your interactions with us
• Communicating about changes to our policies or services
• Responding to your inquiries and providing customer support

3.6 In Connection with a Corporate Transaction

Such as if we acquire assets of another business, or sell or transfer all or a portion of our business or assets, including through a sale in connection with bankruptcy and other forms of corporate change.

We may use anonymized or de-identified information for any purpose permitted by law.

4. How We Disclose Your Information

We may disclose personal data to third parties, including the categories of recipients described below:

4.1 Healthcare Providers, Pharmacies, and Laboratories

We share your health information with healthcare providers involved in your care (such as sleep specialists and dentists), oral appliance laboratories, and with your insurance company for billing purposes, as permitted by HIPAA and with your consent where required.

4.2 Service Providers

We may share your information with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf, such as:

• Payment processors
• Sleep test device manufacturers
• Oral appliance laboratories
• Technology, cloud, and web hosting providers
• AI service providers (for powering our chatbot AVA)
• Analytics and data analysis providers
• Email marketing providers
• Customer service vendors

These third parties are contractually obligated to keep personal information confidential and use it only for the purposes for which we disclose it to them.

4.3 Professional Consultants

Such as accountants, lawyers, financial advisors, and audit firms.

4.4 Business Partners

Business partners that may use personal data for their own purposes, such as:

• Advertisers, ad platforms and networks, and social media platforms
• Third parties whose cookies we use as described in Section 6 (Tracking Technologies & Cookies), including data analytics providers

Where required by law, we will obtain your consent prior to disclosing your personal data to our business partners. Where recipients use your personal data for their own purposes independently from us, we are not responsible for their privacy practices. You should consult the privacy notices of those third-party services for details.

4.5 Law Enforcement and Government Agencies

We may disclose your information when required by law, such as to comply with a subpoena, court order, or similar legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

4.6 In Connection with a Corporate Transaction

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.

4.7 With Your Consent

We may disclose your personal data to other entities to which you have consented to the disclosure.

5. Sale, Sharing & Targeted Advertising

However, like many companies, we use cookies and other tracking technologies from third parties (such as Google Analytics, Meta Pixel, and Microsoft Clarity) that may constitute a "sale" or "sharing" of personal information for "targeted advertising" as those terms are defined under certain U.S. state privacy laws (such as the CCPA/CPRA).

The categories of personal data that may be shared with third parties through these tracking technologies include:

• Identifiers (e.g., cookie IDs, device IDs, IP address)
• Internet or electronic network activity information (e.g., browsing history, search history, interactions with our Digital Properties)
• Non-precise geolocation data
• Inferences (e.g., inferred interests based on pages visited)

Important: Because our Digital Properties relate to healthcare services, some cookies may process information that could be used to make inferences about your health status. We treat this data with heightened care.

You can opt out of this sharing by:

• Clicking Cookie Settings to manage your preferences
• Enabling a Global Privacy Control (GPC) signal in your browser
• Emailing us at privacy@deepdormir.com

We do not knowingly sell or share the personal information of minors under 18 years of age.

6. Tracking Technologies & Cookies

Our Digital Properties and authorized third parties use cookies, pixels, web beacons, tags, session replay tools, and other tracking technologies (collectively, "Cookies") to collect information about you, your device, and how you interact with our Digital Properties.

6.1 Types of Tracking Technologies

• Cookies: Small files installed on your device when you visit a website. Some exist only during a single session; others persist over multiple sessions.
• Pixels, web beacons, and tags: Code or transparent graphics embedded invisibly on web pages that provide analytical information about the user experience and help us customize our marketing activities.
• Session replay tools: Tools that record your interactions with our Digital Properties, such as how you move throughout our site and engage with our forms. This information helps us improve our Digital Properties and identify technical issues. Personally identifiable information is masked in session recordings.
• Local storage and embedded scripts: Technologies that allow us to store data locally on your device and build custom experiences on our Digital Properties.

6.2 Purposes for Using These Technologies

• Essential / Security: Necessary for our website to function properly. These cannot be switched off. They include setting your privacy preferences, logging in, filling in forms, and preventing fraud.
• Preference / Personalization: Remembering your language preferences, region, and settings to enhance your experience.
• Analytics / Performance: Understanding how visitors interact with our website by collecting and reporting information. This helps us improve our Digital Properties and services.
• Marketing / Advertising: Conducting advertising and content personalization on our Digital Properties and third-party sites; tracking activity to develop a profile of your interests and advertise to you based on those interests ("interest-based advertising"); measuring the effectiveness of our advertising campaigns.

6.3 Third-Party Tracking Technologies

We use the following third-party services and their tracking technologies:

• Google Analytics: We use Google Analytics to understand how users interact with our website. Google Analytics may use cookies to perform their services. To learn how Google uses data, visit: How Google uses data when you use our partners' sites or apps.
• Meta Pixel (Facebook/Instagram): We use the Meta Pixel to measure, optimize, and build audiences for our advertising campaigns. This allows us to show you relevant ads on Meta platforms. Learn more about Meta's privacy policy.
• Microsoft Clarity: We use Microsoft Clarity to analyze user behavior through heatmaps and session recordings. This helps us understand how users navigate our site and how we can improve. All personally identifiable information is masked in session recordings. Learn more about Microsoft Clarity's practices.
• Google Tag Manager: We use Google Tag Manager to manage and deploy marketing tags on our website. Learn more about Google Tag Manager's use policy.

6.4 Information Collected by Cookies

These technologies collect data about you and your device, such as your IP address, approximate location, cookie ID, device ID, operating system, device type, browser used, browsing history, search history, inferences about your interests, and information about how you interact with our Digital Properties. In some cases, because our website relates to sleep medicine and healthcare, this information may include or be used to infer sensitive personal information about your health.

6.5 Managing Your Cookie Preferences

You can manage your cookie preferences through our Cookie Consent tools. Most web browsers also allow you to modify your settings to decline cookies, though this may prevent you from taking full advantage of our website.

To opt out of specific tracking technologies:

• Google Analytics: Install the Google Analytics Opt-out Browser Add-on.
• Meta Pixel: Manage your ad preferences through Facebook's Ad Settings.
• Microsoft Clarity: Enable the "Do Not Track" setting in your browser.
• Interest-based advertising: Visit DAA opt-out or NAI opt-out.

Manage Cookie Settings

7. Your Choices

7.1 Marketing Communications

You may opt out of marketing communications by:

• Clicking the "unsubscribe" link in any promotional email
• Responding as instructed in any text message
• Contacting us at privacy@deepdormir.com or (516) 548-3028

7.2 Cookie Preferences

You can manage cookies through our Cookie Settings, your browser settings, or the third-party opt-out tools listed in Section 6 above. If you change computers, devices, or browsers, or delete your cookies, you may need to repeat the opt-out process.

7.3 Do Not Track and Global Privacy Control

Some browsers offer a "Do Not Track" (DNT) signal. At this time, we do not respond to DNT signals.

However, we do honor Global Privacy Control (GPC) opt-out preference signals. To the extent required by law, we will process GPC signals as a valid request to opt out of the sale or sharing of your personal information and targeted advertising at the browser level. You can learn more about GPC at globalprivacycontrol.org.

7.4 Opt Out of Sale, Sharing, and Targeted Advertising

As described in Section 5, you may opt out of the sale or sharing of your personal information for targeted advertising by:

• Adjusting your Cookie Settings
• Enabling a GPC signal in your browser
• Emailing privacy@deepdormir.com

8. Data Security & Data Retention

8.1 Security Measures

We implement a variety of security measures to maintain the safety of your personal information and health data, including:

• Encryption of sensitive data in transit (TLS/SSL) and at rest
• Secure servers and networks protected by firewalls
• Regular security assessments and audits
• Role-based access controls and multi-factor authentication
• Staff training on privacy and security procedures
• Business Associate Agreements (BAAs) with all service providers who handle PHI
• Incident response and breach notification procedures

Although we maintain reasonable security safeguards, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your information.

8.2 Data Retention

Your personal data will be retained as long as necessary to fulfill the purposes we have outlined in this Privacy Policy unless we are required to do otherwise by applicable law. Specifically:

• We retain your personal data for as long as you have an active account with us
• We retain medical records and PHI in accordance with HIPAA requirements and applicable state medical records retention laws (typically a minimum of 6–10 years depending on the state)
• We retain financial and transaction records as necessary to comply with tax, accounting, and recordkeeping obligations
• We may retain certain data for an additional period as necessary to protect, defend, or establish our rights, defend against potential claims, and comply with our legal obligations

Once your data is no longer needed, we will securely delete or de-identify it in accordance with our data retention policies.

9. Your Rights — Health Information (HIPAA)

For your Protected Health Information (PHI), you have rights as outlined in our HIPAA Notice of Privacy Practices, including the right to:

• Access and receive a copy of your health records
• Request an electronic copy of your electronic health records
• Request corrections to your health information
• Request restrictions on certain uses and disclosures
• Request confidential communications
• Receive an accounting of disclosures
• Receive notice of privacy breaches
• Request that PHI for items or services you paid out-of-pocket in full not be disclosed to your health plan

To exercise your HIPAA rights, contact our Privacy Officer using the information in the Contact Us section below.

10. Your Rights — General Privacy

Depending on your location and applicable laws, you may have certain rights regarding your personal information not covered by HIPAA, which may include:

• Right to Know / Access. You may request information about the categories of personal data we collect, the sources, the purposes, and to whom we disclose it. You may also request the specific pieces of personal data we have collected about you.
• Right to Delete. You may request that we delete personal data we have collected about you, subject to certain exceptions.
• Right to Correct. You may request that we correct inaccurate personal data.
• Right to Opt Out of Sale, Sharing, and Targeted Advertising. You may opt out as described in Section 5.
• Right to Limit Use of Sensitive Personal Information. You may request that we limit the use and disclosure of your sensitive personal information to uses necessary to provide our services.
• Right to Data Portability. You may request a copy of your personal data in a readily usable format.
• Right to Opt Out of Profiling. You may have the right to opt out of certain automated processing activities.

We will not discriminate against you for exercising your privacy rights.

To exercise these rights, please contact us at privacy@deepdormir.com or (516) 548-3028. Please note that some rights may be subject to limitations and exceptions under applicable law.

11. U.S. State Privacy Disclosures

Depending on which state you reside in (such as California, Colorado, Connecticut, Virginia, Oregon, Texas, Montana, or others with comprehensive privacy laws), you may have additional rights as described in Section 10 above. This section provides supplemental information.

11.1 Verification

To process privacy rights requests, we may need to obtain information to locate you in our records or verify your identity depending on the nature of the request:

• For Requests to Opt-Out of Sale, Sharing, and Targeted Advertising: We may collect your name and email to locate you in our records.
• For Requests to Know, Delete, and Correct: We may collect information necessary to locate you in our records and verify your identity, which may include your name, email address, phone number, mailing address, and your relationship to DEEPdormir.

11.2 Authorized Agents

Authorized agents may exercise rights on your behalf by submitting a request via privacy@deepdormir.com. We may seek additional information from the authorized agent or contact you directly to verify your identity or confirm that you provided the authorized agent permission to submit the request.

11.3 Appeal

If we deny your privacy rights request, you may have the right to appeal. To submit an appeal, contact us at (516) 548-3028 or privacy@deepdormir.com. We will inform you of our response within the time period required by applicable law. If you are not satisfied with our response, you may contact your state's Attorney General or relevant regulatory authority.

11.4 Use and Disclosure of Sensitive Personal Information

We may use and disclose sensitive personal information, including inferences about your health, for the purposes described in Section 3 (How We Use Your Information). You may request that we limit the use and disclosure of your sensitive personal information to uses necessary to provide our services by contacting us.

11.5 Data Disclosure Summary

The following table summarizes the categories of personal data we have collected in the past 12 months, how they are disclosed, and whether they are shared for targeted advertising:

11.6 California Shine the Light

California's "Shine the Light" law (Civil Code Section § 1798.83) permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, contact us at privacy@deepdormir.com.

12. Children's Privacy

Our Digital Properties and services are intended for individuals 18 years of age and older. We do not knowingly collect personal information from children under 18 unless a parent or guardian provides consent. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will take prompt steps to delete that information. If you believe we might have any information from or about a child under 18, please contact us at privacy@deepdormir.com.

13. External Links

Our Digital Properties may contain links to external sites or other online services, including those embedded in third-party advertisements or sponsor information, that we do not control. We are not responsible for the privacy practices or data collection policies of such third-party services. You should consult the privacy notices of those third-party services for details on their practices.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any updated Privacy Policy will be effective when posted. We will update the "Last Updated" date at the top of this page. For material changes, we will provide notification through a more prominent notice, such as an email notification or a banner on our website. If required by law, we will obtain your consent or contact you directly about material changes.

We encourage you to review this Privacy Policy periodically. Your continued use of our Digital Properties and services after changes are posted constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

If you wish to exercise your privacy rights (access, deletion, correction, opt-out, etc.), email privacy@deepdormir.com with "Privacy Rights Request" in the subject line. We will respond within the timeframe required by applicable law (typically 30–45 days).

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you may register a complaint with a relevant regulatory authority (e.g., your state's Attorney General or the U.S. Department of Health and Human Services Office for Civil Rights for HIPAA matters).