Privacy policy
# Privacy Policy
**Last updated: March 24, 2026**
DOZZI operates this store, website, and the Dozzi baby monitor application, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience and smart baby monitoring service (the "Services"). Our online store is powered by Shopify, which enables us to provide e-commerce Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services, use the Dozzi mobile application or hardware device, or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.
Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.
---
## Part 1: Store & Website
The following sections apply to our online store, website, and general e-commerce Services.
### Personal Information We Collect or Process
When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified, so that it cannot identify or be reasonably linked to you. We may collect or process the following categories of personal information, including inferences drawn from this personal information, depending on how you interact with the Services, where you live, and as permitted or required by applicable law:
- Contact details including your name, address, billing address, shipping address, phone number, and email address.
- Financial information including credit card, debit card, and financial account numbers, payment card information, financial account information, transaction details, form of payment, payment confirmation and other payment details.
- Account information including your username, password, security questions, preferences and settings.
- Transaction information including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel and your past transactions.
- Communications with us including the information you include in communications with us, for example, when sending a customer support inquiry.
- Device information including information about your device, browser, or network connection, your IP address, and other unique identifiers.
- Usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.
### Personal Information Sources
We may collect personal information from the following sources:
- Directly from you including when you create an account, visit or use the Services, communicate with us, or otherwise provide us with your personal information;
- Automatically through the Services including from your device when you use our products or services or visit our websites, and through the use of cookies and similar technologies;
- From our service providers including when we engage them to enable certain technology and when they collect or process your personal information on our behalf;
- From our partners or other third parties.
### How We Use Your Personal Information
Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:
**Provide, Tailor, and Improve the Services.** We use your personal information to provide you with the Services, including to perform our contract with you, to process your payments, to fulfill your orders, to remember your preferences and items you are interested in, to send notifications to you related to your account, to process purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, to facilitate any returns and exchanges, to enable you to post reviews, and to create a customized shopping experience for you, such as recommending products related to your purchases. This may include using your personal information to better tailor and improve the Services.
**Marketing and Advertising.** We use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you online advertisements for products or services on the Services or other websites, including based on items you previously have purchased or added to your cart and other activity on the Services.
**Security and Fraud Prevention.** We use your personal information to authenticate your account, to provide a secure payment and shopping experience, detect, investigate or take action regarding possible fraudulent, illegal, unsafe, or malicious activity, protect public safety, and to secure our services. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password or other access details with anyone else.
**Communicating with You.** We use your personal information to provide you with customer support, to be responsive to you, to provide effective services to you and to maintain our business relationship with you.
**Legal Reasons.** We use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, potential or actual litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our terms or policies.
### How We Disclose Personal Information
In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:
- With Shopify, vendors and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).
- With business and marketing partners to provide marketing services and advertise to you. For example, we use Shopify to support personalized advertising with third-party services based on your online activity with different merchants and websites. Our business and marketing partners will use your information in accordance with their own privacy notices. Depending on where you reside, you may have a right to direct us not to share information about you to show you targeted advertisements and marketing based on your online activity with different merchants and websites.
- When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations.
- With our affiliates or otherwise within our corporate group.
- In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.
### Relationship with Shopify
The online store Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you. In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the [Shopify Consumer Privacy Policy](https://www.shopify.com/legal/privacy).
---
## Part 2: Dozzi App & Device
The following sections apply specifically to the Dozzi baby monitor mobile application for iOS and watchOS, the Dozzi hub device, and the related cloud services that power alert routing and monitoring.
### What Dozzi Does
Dozzi is a smart baby monitor system. A hub device in your baby's room detects infant crying and sends alerts to caregivers via Apple Watch haptic vibrations. When multiple caregivers are set up, the App uses health and biometric data to determine which caregiver is most awake and routes the alert to them — letting the other caregiver continue sleeping.
### Information the App Collects
**Account Information**
- Name, email address, and password (via Firebase Authentication)
- Caregiver role and household setup (e.g., which caregivers are linked to which hub)
**Health and Biometric Data**
When you enable monitoring with an Apple Watch, we collect:
- **Heart rate** — sampled approximately every 30 seconds in Smart Mode or every 60 seconds in other alert modes, from Apple Watch via Apple HealthKit
- **Heart rate variability (HRV)** — used to assess sleep depth
- **Motion and movement data** — from Apple Watch accelerometer, processed into movement intensity scores used to detect wakefulness
- **Watch battery level** — monitored during sessions to alert you if battery is low
This data is used to calculate a "wakeability score" that determines which caregiver is most alert when your baby needs attention.
We access health data through Apple HealthKit with your explicit permission. The App uses a HealthKit workout session on your Apple Watch to maintain continuous heart rate sensor access during overnight monitoring — no workout data is saved to your Apple Health records. You can revoke HealthKit access at any time in your iPhone's Settings > Privacy & Security > Health > Dozzi.
**Device Information**
- **Device identifiers** — Firebase Cloud Messaging (FCM) tokens and Apple Push Notification Service (APNs) tokens, used to deliver cry alerts to your iPhone and Apple Watch
- **Device model and OS version** — for compatibility and debugging
- **Hub device identifier** — MAC address of your Dozzi hub, used to associate your account with your hub
**Hub Telemetry Data**
The Dozzi hub periodically reports operational metrics to our cloud backend:
- **WiFi signal strength (RSSI)** — used to monitor hub connectivity health
- **Ambient noise level** — averaged sound level in the baby's room (no audio is recorded or stored)
- **Near-miss count** — number of times the baby fussed but self-soothed without triggering an alert
**Monitoring and Alert Data**
- **Cry detection events** — timestamps, duration, and intensity level of detected crying. No audio is ever recorded, transmitted, or stored.
- **Alert routing decisions** — which caregiver was alerted, the wakeability scores and sleep state factors used in the decision, and whether alternating or smart routing was applied
- **Session data** — monitoring start/stop times, session duration, and alert counts
- **Response data** — whether and when an alert was acknowledged or snoozed
- **Proximity data** — Bluetooth signal strength (RSSI) between your Apple Watch and the hub, used to determine if a caregiver is already near the baby
**Bluetooth Beacon Proximity Data**
- **Beacon region monitoring** — The App uses Bluetooth beacon technology (iBeacon) to detect when your iPhone is near the Dozzi hub. This is used solely to keep the monitoring connection reliable overnight, allowing the App to automatically reconnect if the connection is interrupted. This feature uses your device's Bluetooth hardware to detect the hub's beacon signal — **it does not use GPS, cellular location, or Wi-Fi location services. No geographic location data is collected, stored, or transmitted.** The App requests location permission because iOS requires it for Bluetooth beacon detection, but no actual location information is accessed or recorded.
**Feedback Data**
When you submit beta feedback through the App, we collect:
- Your rating, selected tags, and written comments
- Session context (duration, alert count, sleep score, alert mode)
- App version and hub firmware version
- Optionally, a diagnostic debug report containing a summary of your monitoring session (see Diagnostic Data below)
**Diagnostic Data**
- App crash logs, error reports, and performance metrics
- Debug reports (generated on-demand by the user) containing monitoring session summaries. When submitted with beta feedback, debug reports are uploaded to our cloud backend. Debug reports do not contain raw biometric data — only aggregated session statistics.
### How the App Uses Your Information
| Data | Purpose |
|------|---------|
| Heart rate, HRV, motion | Calculate wakeability scores for intelligent alert routing (Smart Mode) |
| Watch battery level | Alert you if watch battery is low during a monitoring session |
| Device tokens (FCM/APNs) | Deliver cry alert notifications to your iPhone and Apple Watch |
| Account info | Manage your account, link caregivers to hubs |
| Hub telemetry (WiFi RSSI, ambient noise, near-miss) | Monitor hub health, improve cry detection algorithms |
| Cry detection events | Route alerts, generate session summaries and sleep analytics |
| Alert routing decisions | Improve fairness of alert distribution between caregivers |
| Proximity data | Suppress follow-up alerts when a caregiver is already near the baby |
| Beacon proximity | Keep the monitoring connection reliable overnight by detecting when your phone is near the hub (no GPS or location tracking) |
| Feedback data | Improve app reliability and user experience during beta testing |
| Diagnostic data | Debug issues, improve app reliability |
**We do NOT use your health or biometric data for advertising, marketing, or data mining. Ever.**
### Biometric Data — BIPA Disclosure
If you are a resident of Illinois, the Illinois Biometric Information Privacy Act (BIPA) provides you with specific rights regarding biometric data. This section serves as our written notice under BIPA.
**What biometric data we collect:** Heart rate, heart rate variability, and wrist motion data from your Apple Watch.
**Purpose of collection:** To calculate wakeability scores that determine which caregiver receives cry alerts during Smart Mode routing. This data is used solely for app functionality — not for identification, authentication, advertising, or sale.
**Consent:** We obtain your informed, electronic consent before collecting any biometric data, through our in-app Biometric Data Consent screen presented during onboarding. You must affirmatively tap "I Consent" before any health data is accessed.
**Retention and destruction schedule:**
- **Real-time biometric readings** (heart rate, HRV, motion): Retained in our cloud database for up to **7 days**, then archived to secure cloud storage for up to **90 days** for incident investigation (or until you delete your account, whichever is sooner), then permanently deleted
- **Nightly baseline calculations**: Recalculated from the most recent **7 days** of data; older data is not retained for baseline purposes
- **Aggregated analytics** (daily and weekly summaries, not raw biometric data): Retained for the lifetime of your account
- **Anonymized algorithm data** (if you opt in): De-identified data with no personally identifiable information, retained permanently (see Optional Algorithm Contribution below)
- **On account deletion**: All identifiable biometric data associated with your account is permanently deleted within **30 days**
- **Maximum retention**: If you stop using Dozzi, identifiable biometric data is permanently deleted no later than **3 years** after your last monitoring session
**Your rights under BIPA:**
- You may revoke your biometric data consent at any time in the App under Settings
- Revoking consent disables Smart Mode alert routing; the App will fall back to Alternating mode
- You may request deletion of all biometric data by contacting us at info@dozzisleep.com
- We will never sell, lease, trade, or otherwise profit from your biometric data
- We will never disclose your biometric data to third parties without your consent, except as required to provide the service (see below) or as required by law
### Optional Algorithm Contribution
During onboarding, you may optionally opt in to contribute anonymized, de-identified biometric patterns to help improve Dozzi's sleep detection algorithms. If you opt in:
- Your data is anonymized using a one-way cryptographic hash (SHA-256) before storage, removing all personally identifying information including your name, email, device identifiers, and hub ID
- Anonymized nightly summaries (such as sleep stage percentages, alert counts, response times, and cry event statistics) are stored permanently in a secure analytics database (Google BigQuery)
- No raw biometric readings (individual heart rate samples, HRV values, or motion data) are included — only aggregated per-night statistics
- Used solely to improve sleep stage detection and alert routing accuracy
- You can opt out at any time in Settings; opting out stops future data from being anonymized and stored, but previously anonymized data cannot be linked back to you and is not deleted (as it contains no identifying information)
This is entirely optional and does not affect your use of the App.
### Data Storage and Retention
Dozzi uses a three-tier data storage system designed to balance real-time performance, incident investigation, and long-term algorithm improvement:
| Tier | Storage | Retention | Contains PII | Purpose |
|------|---------|-----------|-------------|---------|
| **Hot** | Google Cloud Firestore | 7 days | Yes | Real-time monitoring, alert routing, active session data |
| **Cold** | Google Cloud Storage (archive) | 90 days | Yes | Incident investigation, debugging overnight issues |
| **Permanent** | Google BigQuery | Indefinite | No (anonymized) | Algorithm improvement (opt-in only) |
**Detailed retention by data type:**
| Data Type | Retention Period |
|-----------|-----------------|
| Account information | Until you delete your account |
| Heart rate, HRV, motion (cloud database) | 7 days, then archived |
| Archived biometric data (cloud storage) | Up to 90 days, or upon account deletion, whichever is sooner |
| Nightly baseline | Rolling 7-day recalculation |
| Monitoring session records | Until you delete your account |
| Cry alert audit logs | Until you delete your account |
| Daily and weekly analytics | Until you delete your account |
| Milestone and badge data | Until you delete your account |
| Feedback and debug reports | Until you delete your account |
| Hub telemetry (WiFi RSSI, noise, near-miss) | Included in audit logs; same retention as audit logs |
| Device tokens | Updated on each app launch; deleted on account deletion |
| Anonymized algorithm data (BigQuery, opt-in) | Permanent; cannot be linked to you |
### Deleting Your Data
- **Delete your account**: Go to Settings > Account > Delete Account in the App. All identifiable cloud data associated with your account — including biometric readings, session records, alert logs, analytics, feedback, and your user profile — will be permanently deleted within 30 days. Anonymized data in BigQuery (if you opted in) is not deleted, as it cannot be linked back to you.
- **Revoke HealthKit access**: Go to iPhone Settings > Privacy & Security > Health > Dozzi and disable access. This stops new data collection but does not delete previously collected cloud data.
- **Request manual deletion**: Email info@dozzisleep.com to request deletion of specific data or to verify that your data has been fully removed.
### Third-Party Service Providers
In addition to the third parties described in Part 1 for our store, the Dozzi App shares information with the following service providers solely to operate the monitoring service:
| Provider | Data Shared | Purpose |
|----------|------------|---------|
| **Google Firebase** (Firestore, Cloud Functions, Authentication, Cloud Messaging) | Account info, biometric data, device tokens, session data, feedback | Cloud backend — data storage, alert routing logic, push notification delivery, user authentication |
| **Google Cloud Storage** | Archived biometric data (7–90 days old) | Secure cold storage for incident investigation |
| **Google BigQuery** | Anonymized nightly summaries (opt-in only) | Algorithm improvement analytics — no PII |
| **Apple Push Notification Service (APNs)** | Device tokens, alert payloads | Deliver cry alerts directly to Apple Watch |
| **Apple HealthKit** | Health data read with your permission | Source of heart rate, HRV, and motion data (data stays on-device in Apple Health; we read it with your permission) |
These providers process data under their own security and privacy commitments:
- [Google Cloud Privacy](https://cloud.google.com/privacy)
- [Apple Privacy Policy](https://www.apple.com/legal/privacy/)
### Data Security
We implement the following security measures to protect your data:
- **Encryption in transit**: All data between your devices and our cloud backend is transmitted over HTTPS/TLS
- **Encryption at rest**: Data stored in Google Firebase and Google Cloud Storage is encrypted at rest using AES-256
- **Anonymization**: Algorithm contribution data is anonymized using SHA-256 cryptographic hashing before storage in BigQuery, making it impossible to link back to you
- **Access controls**: Biometric data is accessible only through authenticated cloud functions; there is no general-purpose database access
- **Authentication**: User accounts are secured through Firebase Authentication with Apple Sign-In support
- **No audio storage**: The Dozzi hub detects crying events but does not record, transmit, or store audio. Only cry detection metadata (timestamp, duration, intensity) is sent to the cloud.
- **Local hub communication**: Communication between your iPhone and the Dozzi hub occurs over your local WiFi network. No audio data passes through the internet.
### Push Notifications and Critical Alerts
Dozzi uses push notifications to deliver cry alerts. With your permission, we use Critical Alerts (approved by Apple) that can bypass Do Not Disturb and silent mode to ensure you are notified when your baby needs attention.
- You can manage notification preferences in iOS Settings > Notifications > Dozzi
- Disabling notifications may prevent cry alerts from reaching your devices
- Alert delivery relies on device tokens stored in our cloud backend
---
## Part 3: General Provisions
The following sections apply to all Services, including the store, website, and App.
### Third Party Websites and Links
The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.
### Children's Data
The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of majority in your jurisdiction. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted. As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.
The Dozzi App is designed for parents and adult caregivers to monitor their babies. No one under the age of 18 may create a Dozzi account. The Dozzi hub monitors ambient sound in the baby's room to detect crying, but no audio is recorded or stored — only the timestamp, duration, and intensity of cry detection events are transmitted to the cloud.
### Security and Retention of Your Information
Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.
How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide you with Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies. For specific retention periods related to the Dozzi App and biometric data, see the "Data Storage and Retention" section in Part 2 above.
### Your Rights and Choices
Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.
- **Right to Access / Know.** You may have a right to request access to personal information that we hold about you.
- **Right to Delete.** You may have a right to request that we delete personal information we maintain about you.
- **Right to Correct.** You may have a right to request that we correct inaccurate personal information we maintain about you.
- **Right of Portability.** You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
- **Right to Opt out of Sale or Sharing for Targeted Advertising.** Depending on where you reside, you may have a right to opt out of the "sale" or "share" of your personal information or to opt out of the processing of your personal information for purposes considered to be "targeted advertising", as defined in applicable privacy laws. Please note that if you visit our website with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will automatically treat this as a request to opt-out for the device and browser that you use to visit the website. If we are able to associate the device sending the signal to a Shopify account, we will apply the opt out request to the account as well. To learn more about Global Privacy Control, you can visit https://globalprivacycontrol.org/. Other than the Global Privacy Control, we do not recognize other "Do Not Track" signals that may be sent from your web browser or device.
- **Right to Opt out of Biometric Data Collection.** You may revoke your consent to biometric data collection at any time through the Dozzi App Settings or by contacting us. This will disable Smart Mode alert routing.
- **Managing Communication Preferences.** We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.
You may exercise any of these rights where indicated on the Services or by contacting us using the contact details provided below. We will not discriminate against you for exercising any of these rights. We may need to verify your identity before we can process your requests, as permitted or required under applicable law. We will respond to your request in a timely manner as required under applicable law.
### International Transfers
Please note that we may transfer, store and process your personal information outside the country you live in. If we transfer your personal information out of the European Economic Area or the United Kingdom, we will rely on recognized transfer mechanisms like the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.
### Complaints
If you have complaints about how we process your personal information, please contact us using the contact details provided below. Depending on where you live, you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with your local data protection authority.
### Changes to This Privacy Policy
We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the "Last updated" date and provide notice as required by applicable law. For material changes affecting the Dozzi App, we will also notify you through the App or via email.
### Contact
Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call or email us at info@dozzisleep.com or contact us at 5900 Balcones Drive, STE 100, Austin, TX 78731, US.