Privacy Policy

What We Collect

• Device sensor data -- sleep position, movement patterns, temperature trends, sound classifications, and room environment (CO2, humidity, light, noise).
• Account information -- name, email address, birthdate, height, weight, biological gender, and preferences you provide when creating an account.
• Payment information -- processed securely by Stripe. We never store your full card number.

What We Don't Collect

• No video or images -- there is no camera on the device. If you connect a third-party camera via RTSP, clips are stored locally and never transmitted to our servers unless you explicitly enable cloud backup.
• No audio is stored unless you explicitly enable optional clip recording. If enabled, clips are stored locally by default. Cloud backup is available but off by default.
• No biometric identification -- the radar sees movement patterns, not identities.

How Data Is Stored

If you opt into cloud sync, data is stored in Google Cloud Platform (us-east4), encrypted at rest using customer-managed encryption keys (CMEK). Your data is isolated from every other user's data.

De-Identification Architecture

Raw sensor data is indexed by device ID, not by your personal identity. Your personal information (name, email) is stored separately. If you delete your account, the mapping between your identity and your device data is deleted -- the sensor data becomes permanently orphaned and anonymous.

Per-Person Privacy

Each sleeper's data is isolated. If multiple people use the same device, each person's data is stored in their own container. One person cannot access another's data without explicit permission.

Local Processing by Default

All processing happens on the Raspberry Pi CM5 on your nightstand. Your sleep data never has to leave your home. The device works fully offline with no internet connection required.

Cloud-optional features: Some features are enhanced by or require cloud connectivity, including remote app access (viewing data from outside your home network), multi-device sync, cloud backup of clips, and firmware updates. These features are disabled by default and require explicit opt-in.

Always local: Sleep tracking, position detection, sound classification, alerts, Night Review timeline, and all real-time monitoring work entirely on-device with no cloud dependency.

Your Rights

Under GDPR and CCPA, you have the right to:

• Access -- request a copy of all data we hold about you.
• Deletion -- request that we delete your account and all associated personal data.
• Portability -- export your data in standard formats (CSV, FHIR bundles).

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Categories of personal information we collect: identifiers (name, email), commercial information (purchase history), internet activity (usage analytics), sensor data (sleep patterns, environment readings), coarse geolocation (timezone/region), and inferences (sleep quality scores, trend analysis).

Categories disclosed to service providers: identifiers (to Stripe for payment, Kit for email), commercial information (to Stripe), and internet activity (to PostHog for analytics).

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

Your California rights:

• Right to know -- request what personal information we have collected, used, disclosed, or sold.
• Right to delete -- request deletion of personal information we have collected from you.
• Right to correct -- request correction of inaccurate personal information.
• Right to opt-out of sale -- not applicable; we do not sell personal information.
• Right to limit use of sensitive data -- request we limit use of sensitive personal information to what is necessary.

Non-discrimination: We will not discriminate against you for exercising your privacy rights. Exercising these rights will not affect pricing, service quality, or your access to Komori features.

Authorized agents: You may designate an authorized agent to make requests on your behalf. Please submit agent requests with a valid power of attorney to privacy@komoricare.com.

Shine the Light: Under California's "Shine the Light" law, California residents may request information about third-party marketing disclosures. We do not disclose personal information to third parties for their direct marketing purposes.

Virginia, Colorado, Connecticut, Utah & Nevada Residents

If you reside in Virginia, Colorado, Connecticut, Utah, or Nevada, you have similar rights to access, delete, and correct your personal data, as well as the right to opt out of targeted advertising and profiling. To exercise these rights, contact us at privacy@komoricare.com. We will respond to verified requests within the timeframes required by your state's law.

Children's Privacy (COPPA)

Komori does not knowingly collect personal information from children under 13. The device may monitor children's sleep when set up by a parent or guardian, but all data is associated with the parent or guardian's account, not the child's identity.

When a parent or guardian sets up a child's sleep profile, we collect the child's birthdate, biological gender, and height. This information is necessary for age-appropriate sleep analysis (e.g., pediatric respiratory rate baselines differ from adults). This data is stored under the parent's account and is subject to the same privacy protections as all other account data.

If you believe we have collected information from a child under 13 without parental consent, please contact us immediately at privacy@komoricare.com and we will promptly delete that information.

International Data Transfers

If you are located outside the United States, your data may be transferred to and processed in the United States where our servers are located. Data protection laws in the United States may differ from those in your country.

We rely on Standard Contractual Clauses (SCCs) and your explicit consent for international data transfers. We take appropriate safeguards to ensure your data is protected in accordance with this privacy policy regardless of where it is processed.

Audio & Video Data

By default, audio and video clips captured by Komori are encrypted and stored locally on the device's SD card. They are never transmitted to our servers. If you enable cloud backup (Settings → Privacy → Cloud Backup), clips are encrypted end-to-end before transmission and stored in your personal encrypted storage. Komori Care, LLC cannot decrypt, view, or listen to your recordings.

Even if you participate in our Research program, actual audio and video files are never shared — only event metadata (type, duration, timestamps).

Automated Decision-Making

Komori uses automated processing to classify sleep positions, detect sound events, and generate alerts. These automated processes do not make decisions that produce legal or similarly significant effects. They are tools to help you understand your sleep patterns. You can always override, dismiss, or disable any automated alert in your device or app settings.

Cookies

We use minimal cookies -- analytics only (PostHog). No advertising trackers, no third-party ad networks. You can browse our site with cookies disabled.

Third-Party Services

• Stripe -- payment processing
• Kit -- email communications
• PostHog -- product analytics
• Google Cloud Platform -- optional cloud data storage

Data Retention

Raw sensor data is retained indefinitely in anonymized form for algorithm improvement. Personal information (PII) is deleted when you delete your account. The anonymized sensor data remains but can never be linked back to you.

Contact

Questions about your privacy? Reach out to us at privacy@komoricare.com.