Driftly — Privacy Policy
1. Identity of the controller
The controller of your personal data when you use Driftly is:
TechOne Digital (Cong ty TNHH Cong Nghe So TechOne) Registered in Vietnam (business address: <full registered address — TBD before publication>) Contact for privacy matters: privacy@driftly.app
If you have any questions about this privacy policy or how we handle your data, contact us at the email above.
2. Effective date
This policy is effective as of 2026-05-10. The "Last updated" date at the top reflects the most recent material revision.
3. Scope
This policy applies to:
- The Driftly mobile application for Android and iOS.
- The backend services Driftly uses to authenticate you, store your sleep data, and personalize your nightly mix.
- Push notifications Driftly sends to your device (trial reminders, bedtime reminders).
- Subscription billing handled via Google Play Billing and managed through RevenueCat.
This policy does NOT apply to third-party content or apps you may navigate to from Driftly. When Driftly links you to Google Play (e.g., to manage your subscription) or Apple (e.g., for Sign in with Apple), those services are governed by their own policies.
4. What data we collect
The following table is the complete list of personal data Driftly collects. The categories match the Data Safety form filed with Google Play — these two documents must agree row for row.
4.1 Account identifiers
- Supabase user_id (UUID): A randomly generated identifier created the first time you open Driftly. Required so we can store your sleep history under your account. Created automatically — you do not need to provide an email or password.
- Email address: Only collected if you choose to link your account by signing in with Apple or Google. Anonymous-first auth means most users never provide an email.
- Display name: Collected if you sign in with Apple or Google (provider returns first/last name on first auth) or if you edit it manually in Profile.
4.2 Sleep activity
- Morning sleep ratings (1-5): Stored when you submit the morning check-in.
- Listening sessions: Sound IDs played, session duration, timestamp.
- AI personalization state (
bandit_state): Per-sound Thompson Sampling parameters (alpha/beta) used by the AI engine to personalize tonight's mix. - Mood tags: In-app preference selections (e.g., "Calm", "Tired") chosen during morning check-in. NOT health data — these are app preferences, not clinical measurements.
4.3 Device information
- FCM token (Firebase Cloud Messaging): A device-bound token used to send you trial reminders (Day 3, Day 6, Day 7) and bedtime reminders. Collected only if you grant notification permission.
- Timezone (IANA string): Used to schedule bedtime reminders at your chosen local time. Resolved automatically via the
flutter_timezonepackage; written once to yourusers.timezonerow and updated when device timezone changes.
4.4 Diagnostic data
- Firebase Analytics events: Play, rate, screen views, and other in-app interactions. Used to understand how Driftly is used in aggregate.
- Firebase Crashlytics stack traces: Sent automatically when Driftly crashes. Used to fix bugs.
4.5 Purchase data
- RevenueCat entitlement state: Whether you have an active Driftly Premium subscription, when it renews, and your purchase history within Driftly.
- Google Play Billing transaction IDs: Used by RevenueCat to validate your subscription. Driftly never sees your payment method (card number, etc.) — Google Play handles all billing directly.
4.6 Data we explicitly do NOT collect
- Location (no GPS, no IP geolocation, no
ACCESS_FINE_LOCATIONpermission) - Contacts
- Photos or videos
- Audio recordings (Driftly plays audio; it never records via microphone)
- Health data (no Apple Health, no Google Fit, no Health Connect)
- Calendar
- Files or documents
- Messages
- Browsing history
5. Why we collect it (purposes)
For each data category in §4, the corresponding purpose:
| Data category | Purpose |
|---|---|
| Supabase user_id | Account management (so your data persists between launches) |
| Email, display name | Account management (sign-in convenience), personalization (greetings) |
| Sleep ratings, listening sessions | App functionality (AI personalizes tonight's mix from your history) |
bandit_state | App functionality (Thompson Sampling AI engine state) |
| FCM token | Communications (trial reminders, bedtime reminders — opt-in only) |
| Timezone | App functionality (local-time bedtime reminders) |
| Firebase Analytics events | Analytics (understand aggregate usage) |
| Firebase Crashlytics | App functionality / debugging |
| RevenueCat entitlement state | App functionality (gate Premium content) |
6. Anonymous-first authentication clarification
Driftly uses anonymous-first authentication. The first time you open Driftly, we create a Supabase user account with a random UUID — no email, no password, no personal information required. This UUID lets us persist your sleep history and AI personalization state even before you sign in.
If you later choose to sign in (via Sign in with Apple or Sign in with Google), your existing UUID is linked to your Apple/Google account. No data is created or destroyed at link time — your sleep history, ratings, and AI state are preserved. The link simply associates your existing UUID with your provider account so you can recover access if you uninstall and reinstall, or move to a new device.
"Anonymous-first" means we do not require email at sign-up. Once you sign in, your Apple/Google email address becomes part of your account record (see §4.1).
7. Who we share it with (third parties / sub-processors)
Driftly does not sell or rent your personal data. Driftly does not share data with advertisers (Driftly has no ads). The following third parties process data on our behalf as sub-processors:
- Supabase Inc. (Delaware, USA) — backend (PostgreSQL, Auth, Storage, Edge Functions). Data location: Supabase US-East. Supabase Privacy Policy.
- Google LLC (California, USA) — Firebase Analytics, Firebase Crashlytics, Firebase Cloud Messaging; Google Play Billing. Data location: Google Cloud (multi-region). Firebase Privacy Information.
- RevenueCat Inc. (California, USA) — subscription management. Data location: RevenueCat AWS (US). RevenueCat Privacy Policy.
- Apple Inc. (California, USA) — Sign in with Apple (only if you choose to use it). Apple acts as an identity provider. Apple Privacy Policy.
Each of these sub-processors has its own privacy policy linked above. We have selected each based on its security posture and contractual data-protection commitments.
8. Legal basis for processing (GDPR / Vietnam Decree 13/2023 alignment)
If you are subject to the EU GDPR or the Vietnamese Personal Data Protection Decree 13/2023, the legal bases on which we process your personal data are:
- Performance of a contract: account creation, sleep data storage, AI personalization, subscription management. We cannot deliver Driftly without this processing.
- Legitimate interest: crash diagnostics (Crashlytics) — necessary to keep the app stable.
- Consent: analytics events, push notification token. You can disable analytics in your device OS settings (limit ad tracking, etc.) and revoke notification permission at any time.
9. International transfers
Driftly is headquartered in Vietnam, but our sub-processors operate primarily in the United States. Your personal data therefore leaves Vietnam when:
- It is written to Supabase (US-East region).
- It is sent to Firebase (Google Cloud, multi-region including US).
- It is sent to RevenueCat (AWS US).
- It is sent to Apple (US) for Sign in with Apple.
Where required by law, we rely on Standard Contractual Clauses (SCCs) and equivalent transfer mechanisms in our agreements with these sub-processors.
10. Retention
- Account data (user_id, email, display_name, sleep ratings, listening history,
bandit_state, RevenueCat purchase history): retained until you delete your account or your account has been inactive for 36 consecutive months, whichever comes first. - Firebase Analytics events: retained per Firebase default (currently 14 months, configurable in Firebase Console).
- Firebase Crashlytics stack traces: retained per Firebase default (currently 90 days).
- FCM token: retained while your installation is active. Deleted when you uninstall Driftly or revoke notification permission.
11. Your rights — including account deletion
You have the right to access, correct, or delete the personal data Driftly holds about you. The fastest paths:
11.1 Delete your account (in-app)
In the Driftly app:
- Open the Profile tab.
- Tap Account → Delete account.
- Confirm.
This invokes a Supabase Edge Function that calls auth.admin.delete_user() for your account. Your users row, all sleep_sessions, your bandit_state, and your FCM token are cascade-deleted via Row Level Security and database foreign-key constraints. The deletion is immediate and irreversible.
11.2 Delete your account (email fallback)
If you cannot access the in-app deletion (e.g., you uninstalled Driftly without deleting first), email privacy@driftly.app with the subject line "Delete my Driftly account" and include your registered email address (if any) or any account identifier you can supply. We will process the deletion within 30 days of receipt.
11.3 Other rights
- Access: request a copy of the data we hold about you (email privacy@driftly.app).
- Correction: correct inaccurate data (display_name editable in-app; for other fields, email privacy@driftly.app).
- Portability: request a machine-readable export (email privacy@driftly.app).
- Withdraw consent: disable analytics/notifications via device OS settings or stop using Driftly.
- Lodge a complaint: with the Vietnam Personal Data Protection authority or, if you are in the EU, your national supervisory authority.
12. Children's privacy
Driftly is not directed at children under 13 (or under 16 in jurisdictions where that is the consent age). We do not knowingly collect personal data from children. The Google Play age rating for Driftly is "Everyone" (general audiences), but the app is designed for adults seeking sleep aid.
If you believe a child under 13 has provided personal data to Driftly, please contact privacy@driftly.app and we will delete the account promptly.
13. Vietnam Personal Data Protection Decree 13/2023
Driftly is committed to complying with Decree 13/2023/ND-CP on Personal Data Protection. Our data protection officer placeholder is <DPO name TBD — to be appointed before public launch>, contactable at privacy@driftly.app. This document and our internal practices are reviewed periodically against Decree 13 requirements.
14. Security
- All data in transit between the Driftly app and our sub-processors is encrypted using TLS 1.2 or higher (Supabase HTTPS, Firebase HTTPS, RevenueCat HTTPS).
- All data at rest is encrypted per the sub-processor's defaults (Supabase, Firebase, RevenueCat all use disk-level encryption).
- We enforce Row Level Security (RLS) on Supabase tables: each user's data is isolated such that another user's app cannot read or modify it, even if a malicious client tries to.
- We do not store payment card information ourselves — all billing flows through Google Play, which is PCI-DSS compliant.
No system is perfectly secure; if we discover a breach affecting your data, we will notify you within the timeframes required by applicable law (GDPR: 72 hours; Vietnam Decree 13: 72 hours).
15. Changes to this policy
We will update the "Last updated" date at the top of this document whenever we make material changes. For substantive changes (new data categories collected, new sub-processors), we will also display an in-app banner on the next Driftly launch following the update so you have a chance to review before continuing to use the app.
16. Contact
For all privacy-related questions or requests:
Email: privacy@driftly.app Postal: TechOne Digital (Cong ty TNHH Cong Nghe So TechOne), <full registered address — TBD before publication>, Vietnam
We aim to respond to all privacy queries within 5 business days.
17. Specific notes on Driftly features
To make this policy as concrete as possible, this final section maps a few Driftly user-visible features to the data they touch.
17.1 Sleep quiz
The 5-screen sleep quiz on first launch collects your sleep archetype answers. These answers are NOT individually persisted — they are immediately mapped to one of five archetypes (Racing Mind, Light Sleeper, Anxious Parent, Tired Professional, Restless), and only the resulting archetype label is stored in your users row. The raw quiz answers are discarded after the mapping completes.
17.2 Morning check-in (rating + mood tag)
When you submit a morning rating (1-5) and an optional mood tag, both are written to a sleep_sessions row tagged with your user_id and timestamp. This data is used by the AI personalization engine and is the foundation of the sleep calendar visualization. It is not shared with anyone.
17.3 AI personalization (Thompson Sampling)
The AI engine maintains a per-user bandit_state row that holds the alpha/beta parameters of a Beta distribution for each sound in the library. These parameters are updated each morning based on your rating. They never leave your account — even Driftly's developers cannot read them in a way that links back to you (RLS policies prevent it).
17.4 Bedtime reminder
If you enable the bedtime reminder, your chosen time + weekday/weekend split is stored in your users.bedtime_reminder JSONB column. The reminder fires locally on your device via flutter_local_notifications; no notification content traverses our backend. The FCM token is used only for the trial reminder sequence (Day 3, 6, 7), not for bedtime reminders.
17.5 Sleep calendar
The sleep calendar visualization aggregates sleep_sessions rows from your account to produce the rating-tinted dot strip and detail cards. It is rendered entirely on-device from your own data; we do not aggregate or compare your sleep against other users.
17.6 Deleted account — what happens to AI training data
When you delete your account per §11.1 or §11.2, your bandit_state row is deleted along with everything else. Your historical sleep data is NOT used to train any cross-user AI model — the Thompson Sampling parameters are strictly per-user and reset to zero on deletion. There is no shared model that retains knowledge of your individual sleep patterns after deletion.
We hope these specifics make the policy easier to understand. If anything is unclear, please email privacy@driftly.app.