Estamos preparando una versión totalmente traducida. El texto en inglés que figura a continuación es la versión legalmente vinculante. Versión en inglés
Privacy Policy
1. Data Controller
The data controller responsible for the processing of your personal data is:
Hiatus Holding GmbH
Kortumstraße 75, D-44787 Bochum, Germany
Commercial Register: Bochum HRB16203
Managing Director: Tim Kahrmann
For all privacy-related inquiries, please reach us via our contact form.
2. Three promises.
Your thoughts never train an AI. Ever.
Not Tonight’s models. Not anyone else’s. Not anonymized, not aggregated, not “for safety.” We sign data-processing agreements with every model provider that contractually exclude training. If a provider can’t offer that, we don’t use them.
Every voice is a Whisperer — a carefully curated AI voice.
No actor hears what you say. Every voice is synthetic and tuned. We disclose this on the homepage, in the app, in the press kit, here. EU AI Act requires it. We’d disclose it anyway.
By morning, what you said tonight is gone — unless you keep it.
Your One Thought is encrypted at rest and deleted at your local sunrise by default. If you turn on Keep My Nights (off unless you choose it), that night’s session stays replayable for a day and your encrypted words are kept for 45 days so you can look back — and you can delete any of it, or all of it, at any time.
3. Data We Collect
We collect and process the following categories of personal data:
Account Data
- Email address (required for account creation and authentication)
- Name (optional, used for personalized greetings)
- Timezone and bedtime preference (to deliver sessions at the right time)
Content Data
- Daily reflections (your text inputs about your day)
- Session ratings and feedback (optional)
Technical Data
- Device and browser information (for service delivery)
- Bedtime reminder time (stored only on your device — the optional wind-down reminder is a local notification, never a push)
- Session and usage logs (for service improvement)
- Anonymous product-analytics events (Mixpanel) — which screens and features are used and aggregate funnels, so we can see what helps. Never the content of what you write, and never your name or email. On the website this requires your cookie consent; in the app it is on by default and can be switched off anytime in Settings → Privacy & Data.
- Crash reports (Sentry) — if the app crashes or hits a fatal error, a technical report (device model, OS version, app version, the error and its stack trace, and your pseudonymous user ID) is sent to Sentry so we can find and fix the fault. Crash reports are configured to never include the content of what you write.
Payment Data
- Stripe customer ID (we never store card details directly)
- Subscription status and billing history
4. Lawful Basis for Processing
We process your personal data under the following legal bases (GDPR Article 6):
| Purpose | Legal Basis |
|---|---|
| Account creation & authentication | Contract performance (Art. 6(1)(b)) |
| Generating personalized sleep sessions | Contract performance (Art. 6(1)(b)) |
| Processing payments | Contract performance (Art. 6(1)(b)) |
| Sending transactional emails | Legitimate interest (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Email open/click tracking | Consent (Art. 6(1)(a)) |
| Website analytics cookies (Mixpanel) | Consent (Art. 6(1)(a)) |
| Anonymous in-app product analytics (Mixpanel) | Legitimate interest (Art. 6(1)(f)) — opt-out in app settings |
| Crash reporting & app stability (Sentry) | Legitimate interest (Art. 6(1)(f)) |
| Service improvement & debugging | Legitimate interest (Art. 6(1)(f)) |
5. Data Retention
We retain your data only as long as necessary for its purpose:
| Data Type | Retention Period |
|---|---|
| Daily reflections (raw text, encrypted at rest) — default | Until the next sunrise in your timezone (deleted within 15 minutes of expiry) |
| Daily reflections (raw text) — with Keep My Nights on | 45 days, or until you delete them |
| Theme tags (work, grief, body, etc. — no raw text) | 45 days |
| Monthly reflection summaries (counts & intensity stats — no raw text) | 13 months |
| Generated audio sessions — default | Until the next sunrise (auto-deleted after expiration) |
| Generated audio sessions — with Keep My Nights on | ~1 day past the night it was made, then auto-deleted |
| Safety event audit log (SHA-256 hash only, never text) | 24 months |
| Crash reports (technical data only, never your text) | 90 days |
| Account data (email, name, preferences) | Until account deletion |
| Session metadata & ratings | Until account deletion |
| Payment records | 7 years (legal requirement) |
| Marketing consent records | Until consent withdrawn + 3 years |
6. Ephemerality by Design
By default, nothing of what you write is kept overnight. The sentence you type during a One Thought ritual lives in encrypted form only until the next sunrise in your timezone, when it is permanently deleted.
Keeping your nights (optional). Ephemerality is the default. If you choose to, you can switch on Keep My Nights in Privacy Settings: that night’s session stays replayable for about a day and your encrypted One Thought is retained for 45 days, so you can read it back. This is off unless you turn it on, applies only from the moment you enable it, and you can delete individual entries or everything kept, at any time. We still never train AI on it or sell it.
What we do keep is the theme you carried — short tags like work, grief, body, or a person — without any of your words. Themes from the last 7 nights gently inform the next ritual so the experience feels remembered, not surveilled. Granular theme entries are deleted after 45 days.
At the end of each month we roll those themes up into a small structured summary (which themes appeared, average intensity, dominant emotional tone) so we can offer a “This was your February” reflection ritual in the future. These monthly summaries are kept for 13 months and contain no text. You can turn off memory or delete all of it — granular and monthly — in Privacy Settings, anytime.
We do not use any of this data to train AI models, and we do not share it with third parties beyond the subprocessors disclosed in Section 7.
6a. Safety event logging
When our safety system intercepts a One Thought submission that contains content suggesting active crisis (self-harm, suicide, violence), we record a small audit entry so we can verify our protective response after the fact. The entry contains a one-way SHA-256 hash of the matched phrase (never reversible to your words), the severity our classifier assigned, which layer of the system fired, what we did in response, and a timestamp.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating a safe wellness service) combined with Art. 9(2)(g) (substantial public interest in suicide prevention). Records are accessible only to our compliance team and are retained for 24 months. You may request a copy of any safety events recorded against your account via our DSAR process.
7. Subprocessors & Data Transfers
We share your data with the following service providers:
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Supabase | Database, authentication | EU/US | EU-US Data Privacy Framework |
| Stripe | Payment processing | US | EU-US Data Privacy Framework |
| Resend | Transactional emails | US | Standard Contractual Clauses |
| Mixpanel | Product & website analytics (anonymous; app opt-out, web consent) | EU | EU data residency (api-eu.mixpanel.com) |
| Google (Gemini API) | AI session generation — processes what you write to compose your ritual (never used for training) | US | Data Processing Addendum; EU-US Data Privacy Framework |
| Anthropic (Claude) | Software engineering & diagnostics tooling — may process pseudonymous operational data when we debug the service (never the content of what you write, never for training) | US | Data Processing Addendum; EU-US Data Privacy Framework |
| ElevenLabs | Voice generation | US | Data Processing Addendum |
| Sentry (Functional Software, Inc.) | Crash reporting (technical data only) | EU | EU data residency; EU-US Data Privacy Framework |
| Vercel | Application hosting (serves the app’s API) | EU/US | Data Processing Addendum; EU-US Data Privacy Framework |
We have Data Processing Agreements with all providers. For transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs), the EU-US Data Privacy Framework, or equivalent safeguards approved by the European Commission.
8. Cookies & Tracking
We use cookies and similar technologies. For detailed information, please see our Cookie Policy.
Marketing emails may contain tracking pixels that record when you open an email and click links. This tracking is only used when you have consented to marketing communications.
9. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of Access — Request a copy of your personal data
- Right to Rectification — Correct inaccurate or incomplete data
- Right to Erasure — Request deletion of your data (“right to be forgotten”)
- Right to Restriction — Limit how we process your data
- Right to Data Portability — Receive your data in a machine-readable format
- Right to Object — Object to processing based on legitimate interest
- Right to Withdraw Consent — Revoke consent at any time (without affecting prior processing)
To exercise any of these rights, please use our contact form. We will respond within 30 days.
10. Account Deletion
You can delete your account at any time through the app settings (Heart menu → Delete Account). This will permanently remove all associated data including your profile, session history, and any stored preferences. Some data may be retained for legal compliance (e.g., payment records for 7 years).
11. Data Security
We implement appropriate technical and organizational measures to protect your data:
- All data transmitted via HTTPS/TLS encryption
- Database encryption at rest
- Row-level security policies restricting data access
- Regular security audits and access reviews
- Minimal data collection principle
12. Children’s Privacy
Tonight is intended for adults and is not directed to anyone under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from someone under 18, please contact us immediately and we will delete it.
13. Changes to This Policy
We may update this policy periodically. Significant changes will be communicated via email or in-app notification. Continued use of the service after changes constitutes acceptance of the updated policy.
14. Supervisory Authority
You have the right to lodge a complaint with a data protection authority. For Hiatus Holding GmbH, the relevant authority is:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn, Germany
www.bfdi.bund.de
You may also contact your local data protection authority if you prefer.
15. Contact
For any questions about this policy or your personal data, please reach us via our contact form.