Privacy Policy
Last updated: January 2025
1. Introduction
Phasea ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our circadian rhythm optimization service.
This policy applies to all users of Phasea and covers data collected through our web application. By using our service, you agree to the collection and use of information in accordance with this policy.
We process your data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data We Collect
We collect and process the following categories of personal data to provide our circadian rhythm optimization service:
2.1 Account Information
- Email address: Used for account authentication and communication
- Account creation date: For service administration
- Consent records: Timestamps of when you accepted our terms and policies
2.2 Profile Data
- Role/occupation: To tailor recommendations (e.g., shift worker, athlete, traveller)
- Home timezone: Essential for circadian calculations
- Chronotype: Your natural sleep-wake preference (early bird, night owl, etc.)
- Baseline sleep times: Your typical bedtime and wake time
2.3 Sleep Logs
- Sleep and wake times: When you went to bed and woke up
- Sleep quality ratings: Your subjective assessment of sleep quality
- Sleep notes: Any additional information you choose to record
- Sleep duration: Calculated from your logged times
2.4 PVT (Psychomotor Vigilance Test) Results
- Reaction times: Your response times during alertness tests
- Test timestamps: When tests were completed
- Performance metrics: Mean reaction time, lapse counts, and other calculated measures
- Baseline measurements: Your optimal performance benchmarks
2.5 Travel Itineraries
- Departure and arrival locations: Timezone information for travel legs
- Travel dates and times: Flight or journey schedules
- Timezone transitions: For calculating jet lag and adaptation needs
2.6 Technical Data
- IP address: For security and consent verification
- Browser/device information: For service optimization and troubleshooting
- Usage patterns: How you interact with the service
3. How We Use Your Data
We use your personal data for the following purposes:
3.1 Personalized Recommendations
Your sleep logs, chronotype, and profile data are used to generate personalized circadian optimization recommendations, including:
- Optimal light exposure timing and duration
- Recommended sleep and wake times
- Meal timing suggestions
- Exercise timing guidance
- Nap recommendations when appropriate
3.2 Adaptation Tracking
We use your data to track your circadian adaptation progress, particularly for:
- Monitoring phase shifts during travel or schedule changes
- Tracking your adjustment to new time zones
- Measuring alertness levels through PVT results
- Identifying patterns in your sleep quality and duration
3.3 Service Improvement
Aggregated and anonymized data may be used to improve our algorithms and service quality. Individual data is never shared for this purpose.
3.4 Communication
Your email address is used to send essential service communications, such as account verification, password resets, and important service updates.
4. Data Retention
We retain your personal data only for as long as necessary to provide our service and fulfil the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Profile data | Until account deletion |
| Sleep logs | Until account deletion |
| PVT results | Until account deletion |
| Travel itineraries | Until account deletion |
| Consent records | 7 years after account deletion (legal requirement) |
| Technical logs | 90 days |
When you delete your account, all personal data is permanently removed from our systems within 30 days, except for consent records which are retained for legal compliance purposes.
5. Third-Party Services
We use the following third-party services to operate Phasea. These services may process your data as described below:
5.1 Supabase (Database & Authentication)
Purpose: Database hosting and user authentication
Data processed: All user data including account information, profile data, sleep logs, PVT results, travel itineraries, and consent records
Location: Data is stored in Supabase's EU data centres
Privacy policy: https://supabase.com/privacy
5.2 Vercel (Hosting)
Purpose: Web application hosting and content delivery
Data processed: IP addresses, browser information, and request logs for serving the application
Location: Global edge network with primary processing in the US and EU
Privacy policy: https://vercel.com/legal/privacy-policy
We have data processing agreements in place with these providers to ensure your data is handled in compliance with applicable data protection laws.
6. Your Rights
Under the UK GDPR, you have the following rights regarding your personal data:
6.1 Right of Access
You have the right to request a copy of all personal data we hold about you. You can export your data at any time using the "Export my data" feature in your account settings, which provides a complete JSON file of all your data.
6.2 Right to Rectification
You have the right to request correction of any inaccurate personal data. You can update most of your data directly through the application, including your profile information, sleep logs, and travel itineraries.
6.3 Right to Erasure (Right to be Forgotten)
You have the right to request deletion of your personal data. You can delete your account at any time using the "Delete my account" feature in your settings. This will permanently remove all your data from our systems, except for consent records retained for legal compliance.
6.4 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format. Our data export feature provides your data in JSON format, which can be easily imported into other services or analysed independently.
6.5 Right to Restrict Processing
You have the right to request restriction of processing of your personal data in certain circumstances. Contact us to exercise this right.
6.6 Right to Object
You have the right to object to processing of your personal data in certain circumstances. As we process data primarily for service delivery based on your consent, you can withdraw consent at any time by deleting your account.
6.7 Rights Related to Automated Decision-Making
Our service uses automated processing to generate recommendations, but these are advisory only and do not constitute decisions with legal or similarly significant effects. You are always free to disregard any recommendations provided.
7. Contact Information
For any questions about this Privacy Policy or to exercise your data rights, please contact us:
Data Protection Inquiries
Email: privacy@phasea.io
Subject line: Data Protection Request
Response time: We aim to respond to all requests within 30 days
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: https://ico.org.uk
Helpline: 0303 123 1113
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
- All data is encrypted in transit using TLS/SSL
- Data at rest is encrypted in our database
- Access to personal data is restricted to authorized personnel only
- We use secure authentication mechanisms
- Regular security assessments are conducted
While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
9. Legal Basis for Processing
We process your personal data on the following legal bases:
- Consent: You provide explicit consent when creating an account and accepting our terms
- Contract: Processing is necessary to provide the service you have requested
- Legitimate interests: For service improvement and security purposes, where these do not override your rights
- Legal obligation: For retaining consent records as required by law
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page and, where appropriate, providing additional notice.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of the service after any changes constitutes acceptance of the updated policy.