CPAP InsightsDoctor C
HomeAnalyticsHistoryAI ChatBlogForumSupportAbout

Privacy Policy

Last updated: March 2026  ·  Effective: March 2026

This Privacy Policy describes how CPAP Insights ("we," "us," or "our") collects, uses, and protects information when you use our website and services located at cpapinsights.com (the "Service"). Please read this policy carefully. By using the Service, you agree to the practices described here.

1. Who We Are

CPAP Insights is an independent, browser-based tool that helps individuals using CPAP therapy visualize and understand their sleep data. We are not a medical provider, and this Service is not a medical device. Nothing in this Service constitutes medical advice. Always consult a licensed healthcare professional regarding your therapy.

2. Information We Collect

a) Account information:

An account is required to use the Service. When you create an account, we collect:

  • Your email address (used to identify your account)
  • Your name, if provided during sign-up
  • Your CPAP therapy data (sleep events, session times, AHI values, signal data) that you import
  • Authentication tokens and session metadata managed by Supabase

b) If you use Sign in with Google:

We receive your name, email address, and Google profile picture from Google OAuth. We use this only to create and identify your account. We do not receive access to your Google Drive, Gmail, or any other Google services.

c) Sleep Doc AI:

When you use the Sleep Doc AI feature, your CPAP history data is transmitted to Anthropic's API over an encrypted connection to generate a response. We do not store AI conversation history on our servers. Anthropic's data handling is governed by their own Privacy Policy.

d) Automatically collected data:

We do not use analytics trackers, advertising pixels, or behavioral tracking tools. Standard server access logs (IP address, browser type, pages visited) may be retained by our hosting provider for security and operational purposes for up to 30 days.

3. How We Use Your Information

We use the information we collect solely to:

  • Provide, operate, and maintain the Service
  • Authenticate you and sync your data across devices
  • Respond to support requests
  • Send transactional emails (account confirmation, password reset) — no marketing emails
  • Comply with legal obligations

We do not sell, rent, or share your personal information or health data with any third party for commercial purposes.

4. Data Storage and Security

All user data is stored using Supabase, a SOC 2 Type II compliant database provider. Data is encrypted in transit (TLS) and at rest. Supabase infrastructure is hosted on AWS in the United States.

While we take reasonable steps to protect your data, no method of transmission or storage is 100% secure. You use the Service at your own risk.

5. Health Data

CPAP therapy data is health-related information. We treat it with the highest level of care. We do not use your health data for advertising, profiling, or any purpose other than providing the Service to you. We are not a covered entity under HIPAA and this Service is not a HIPAA-compliant platform. If you require HIPAA compliance, do not use this Service for clinical purposes.

6. Your Rights and Choices

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request permanent deletion of your account and all associated data. We will complete deletion within 30 days.
  • Portability: Export your data at any time from within the app
  • Withdrawal of consent: Delete your account at any time to stop all data processing

To exercise any of these rights, contact us at the address below.

7. Data Retention

We retain account data for as long as your account is active. If you delete your account, your personal data and therapy data will be permanently deleted from Supabase within 30 days, except where we are required by law to retain it longer. Server access logs are retained for up to 30 days.

8. Third-Party Services

The Service uses the following third-party providers:

  • Supabase — authentication and database hosting. Privacy Policy
  • Google OAuth — optional sign-in method. Privacy Policy
  • Anthropic — AI responses in Sleep Doc AI. Privacy Policy
  • Vercel — website hosting and edge network. Privacy Policy

We are not responsible for the privacy practices of these third parties.

9. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify account holders of material changes by email or by posting a notice on the Service. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

CPAP Insights
privacy@cpapinsights.com

This policy was last reviewed in March 2026. This document is provided for informational purposes and does not constitute legal advice.