Privacy Policy
Last updated: March 26, 2026
Mustafa Berkay Mutlu (“we,” “us,” or “our”) operates the Rested mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.
By using the App, you agree to the collection and use of information in accordance with this policy.
1.1 Health Data
We access health data from your device’s health platform:
- Apple HealthKit (iOS): Sleep records including duration, sleep stages (deep, light, REM, awake), and related metrics
- Google Health Connect (Android): Sleep sessions and sleep stage data
Important: We only read health data. We never write to or modify your health data.
- Sleep Goals: Target sleep duration, bedtime, and wake time preferences
- Schedule Information: Work schedule type (regular, shift patterns)
- Morning Check-ins: Daily energy ratings, tags, and optional notes
- Action Completions: Tracking of sleep hygiene habits (caffeine cutoff, light exposure, etc.)
- Notification Preferences: Your preferred reminder times and settings
1.3 Calendar Data
If you grant calendar access, we read calendar events to help identify your work schedule. We only read calendar data and never create, modify, or delete calendar events.
- Crash Reports: If you opt-in, we collect crash logs and error reports to improve app stability
- Device Information: Device model, operating system version, and app version (for crash reports only)
1.5 Ad Attribution Data
The following data is collected only when you opt in to analytics (the same consent toggle as analytics and crash reports):
- Meta SDK (Facebook): Anonymous device identifier (fbAnonId) and app install events. Auto-logging of app events is disabled; purchase events are sent server-side via RevenueCat Conversions API (see Section 1.3 for subscription data). (Legal basis: consent – you opt in during onboarding)
- TikTok Business SDK: App install events and in-app purchase events (auto-captured from StoreKit on iOS and Play Billing on Android). (Legal basis: consent – you opt in during onboarding)
- Firebase Analytics (Google): Anonymous app instance identifier and app events. Analytics collection is disabled by default and enabled only after consent. Purchase events are sent server-side from RevenueCat to Firebase (not client-side). (Legal basis: consent – you opt in during onboarding)
- Apple AdServices (iOS only): Attribution token for Apple Search Ads. This provides anonymous campaign-level attribution with no personal data collected. (Legal basis: legitimate interest – standard attribution that does not require consent)
Purchase events are forwarded server-side from RevenueCat to Meta via the Conversions API. This does not involve additional client-side data collection beyond the anonymous identifier described above.
We use the collected information to:
- Provide personalized sleep recommendations based on your schedule
- Track your sleep patterns and calculate sleep debt
- Send timely reminders for sleep hygiene actions
- Generate AI-powered sleep insights (processed entirely on your device)
- Improve app stability through crash analysis (if opted-in)
- Process subscription purchases
- Measure the effectiveness of advertising campaigns (if opted-in)
3. AI and On-Device Processing
Our App includes AI-powered sleep coaching features. All AI processing happens entirely on your device:
- The AI model is downloaded and stored locally on your device
- Your sleep data is analyzed on-device only
- No sleep data is sent to external servers for AI processing
- Insights are generated and stored locally
4. Third-Party Sub-Processors
| Service |
Purpose |
Data Region |
Privacy Policy |
| Mixpanel |
Anonymous analytics (opt-in) |
European Union |
Privacy Policy |
| Sentry |
Crash reporting (opt-in) |
European Union |
Privacy Policy |
| RevenueCat |
Subscription management |
United States |
Privacy Policy |
| Meta Platforms, Inc. |
Ad attribution (opt-in): anonymous device ID, install events, server-side purchase events |
United States |
Privacy Policy |
| TikTok (ByteDance) |
Ad attribution (opt-in): install events, purchase events |
United States |
Privacy Policy |
| Google (Firebase Analytics) |
Ad attribution (opt-in): anonymous app instance ID, app events, server-side purchase events |
United States |
Privacy Policy |
| Apple (AdServices) |
Apple Search Ads attribution (iOS only, anonymous) |
United States |
Privacy Policy |
| Apple / Google |
App distribution and payments |
Per their policies |
Apple / Google |
Each service processes only the data described above. Cloud data (excluding subscription data) is stored in the European Union. Ad attribution data processed by Meta and TikTok is transferred to the United States with appropriate safeguards as described in their respective privacy policies.
5. Data Storage and Security
5.1 Local Storage
Most of your data is stored locally on your device in an encrypted database:
- Sleep records and statistics
- User settings and preferences
- Morning check-ins and action completions
- Calendar import data
- AI-generated insights
5.2 Cloud Storage
The only data stored externally:
- Crash reports (Sentry) - if opted-in
- Subscription status (RevenueCat) - required for premium features
5.3 Device Backups
Your app data may be included in automatic device backups:
- iOS: iCloud Backup (managed by Apple)
- Android: Google Auto Backup (managed by Google)
These backups are encrypted and managed by Apple/Google according to their privacy policies. We do not have access to your backup data.
5.4 No User Accounts
The App does not require or create user accounts. There is no server that stores your personal data.
6. Data Retention
- Local data: Stored on your device until you delete it or uninstall the App
- Crash reports: Retained by Sentry for 90 days
- Subscription data: Retained by RevenueCat as required for purchase validation
- Ad attribution data: Retained by Meta, TikTok, and Google (Firebase) per their respective data retention policies; disabling analytics stops new data collection immediately
7. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the right to:
7.1 Access Your Data
All your data is stored locally on your device. You can view it within the App.
7.2 Export Your Data
You can export all your data from the App:
- Go to Settings > Privacy > Export My Data
- All your data is exported as a JSON file that you can save or share
- Export includes: sleep records, settings, achievements, check-ins, and all preferences
7.3 Delete Your Data
You can delete your data by:
- Using the in-app deletion feature: Settings > Privacy > Delete My Data
- Uninstalling the App (removes all local data)
- Contacting us to request deletion of crash reports stored on Sentry
When you delete your data through the app:
- All local data is permanently erased
- Your Support ID is cleared from analytics services
- Scheduled notifications are cancelled
7.4 Data Portability
Use the Export My Data feature in Settings > Privacy to download all your personal data in a machine-readable JSON format.
7.5 Opt-Out
You can opt-out of:
- Crash reporting (Settings > Privacy > Crash Reporting)
- Ad attribution (Settings > Privacy > same toggle as crash reporting)
- Health data sync (Settings > Health Sync)
- Calendar sync (Settings > Calendar)
- Notifications (Settings > Notifications)
8. Children’s Privacy
The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
9. International Data Transfers
If you enable crash reporting, your data may be transferred to servers located outside your country. Sentry maintains data processing agreements that comply with GDPR requirements.
If you enable analytics and ad attribution, your anonymous device identifiers may be transferred to Meta (United States), TikTok (United States), and Google/Firebase (United States) with appropriate safeguards as described in their respective privacy policies.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy in the App
- Updating the “Last updated” date
Your continued use of the App after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:
Email: epictimesapps@gmail.com
Developer: Mustafa Berkay Mutlu
Location: Berlin, Germany
12. Legal Basis for Processing (GDPR)
We process your data based on:
- Consent: Health data access, crash reporting, calendar access, ad attribution data (Meta SDK, TikTok SDK, Firebase Analytics)
- Contract Performance: Providing the App’s core functionality
- Legitimate Interest: Improving app stability and user experience, Apple Search Ads attribution (anonymous, no personal data)
13. California Consumer Privacy Act (CCPA)
We do not sell personal information as defined by the CCPA. Anonymous device identifiers may be shared with ad attribution partners (Meta, TikTok, Google/Firebase) for campaign measurement purposes when you opt in. California residents may contact us at the email below for any data requests.
Email: epictimesapps@gmail.com
14. Supervisory Authority
If you are in the European Union and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection authority.
For Germany: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)