Privacy Policy
In plain English: WakeMeBot reads your calendar to suggest smart alarms. We don't sell your data. We don't train external AI models on it. You can delete your account any time. The detail below explains exactly what happens, who sees what, and what your rights are.
1. Who we are
WakeMeBot ("WakeMeBot", "we", "us", "our") is an iOS app built by [LEGAL ENTITY NAME]. Privacy contact: privacy@wakemebot.app. Postal: [POSTAL ADDRESS].
2. Information we collect
2.1 Information you provide
- Email address — only if you choose to sign in; the app also supports anonymous use. Used to identify your account and send sign-in magic links.
- Display name — optional, asked during onboarding. Used to address you in the app.
- Survey responses — a handful of multiple-choice questions during onboarding about wake-up preferences. Used to personalise wake lines.
2.2 Information collected automatically
- Anonymous Supabase user ID — a UUID generated on first launch. Used as the scope key for all your app data.
- In-app event analytics — actions you take in the app (sign-in, onboarding completed, alarm created/fired/dismissed, AI suggestion accepted/dismissed, calendar connected, paywall shown, voice selected). Sent to Amplitude. Not used for advertising, not combined with third-party data.
- Subscription status — managed by Qonversion.
2.3 Information we read from your calendar
Calendar events for the next 3 days only. We read: title, start/end time, location (if present), notes (if present), attendee count, and whether you've already set a native iOS reminder. We do NOT read attendee email addresses or any historical event data.
2.4 Information we do NOT collect
- Location data
- Contacts
- Photos
- Health or fitness data
- Microphone recordings beyond live speech-to-text used in the alarm-creation prompt (resulting text is processed on device and discarded — no audio is uploaded)
- Browsing history
- IDFA / advertising identifiers
3. How we use information
| What we do | Data used |
|---|---|
| Generate AI alarm suggestions + voice wake lines | Calendar event title, location, notes, time, attendee count, survey responses, display name |
| Identify you and let you sign in | Email, anonymous Supabase UUID |
| Personalise wake lines (Plus) | Display name, survey responses |
| Deliver alarms when the app is backgrounded | Apple Push Notification token |
| Process subscriptions | Apple transaction ID, Qonversion user ID |
| Understand which features work | Amplitude event stream |
| Prevent abuse of paid APIs | Per-user rate-limit counters (UUID + endpoint name + timestamp) |
We do not use any of the above for advertising or to build profiles for sale.
4. AI-specific disclosures
This deserves its own section because AI is central to how WakeMeBot works.
4.1 What goes through the AI
- Google Gemini (
gemini-3.1-flash-litevia Google AI) receives, for each calendar event: the title, location, notes, start/end time, duration, and attendee count. It produces a fire-time suggestion + a wake line. - ElevenLabs receives the wake line text (typically one to two short sentences) to synthesise it into an audio clip.
4.2 What does NOT go through the AI
- Your email address
- Your Supabase UUID
- Calendar history beyond the next 3 days
- Attendee email addresses
4.3 Where the AI runs
We do not run the AI client-side. Requests are routed through our own Supabase Edge Functions which inject our API keys server-side. Your device never holds the AI provider API keys. We can rate-limit and audit usage centrally. Per-request data flow: your device → our Edge Function → AI provider → back through our Edge Function → your device.
4.4 Training and retention
- Google Gemini API: per Google's terms, API-submitted content is not used to train Google models.
- ElevenLabs API: per ElevenLabs' terms, API-submitted text is not used to train voice models.
- We do not log AI request bodies in our Edge Functions beyond a per-user rate-limit counter (only timestamp + endpoint name, not content).
4.5 Accuracy
The AI can make mistakes — suggest an alarm at the wrong time, propose a wake line that misreads your event, or fail to surface something you expected. If something goes wrong, the worst-case outcome is a missed event. Do not rely on WakeMeBot as your only alarm clock for situations where missing an event could endanger life or property (medical appointments, critical work commitments, transportation). See our Terms of Use for the limitation-of-liability terms that apply to AI output.
5. Who we share information with
| Third party | What they get | What they do with it |
|---|---|---|
| Supabase | Email, display name, push token, subscription state, survey responses, calendar decisions cache, per-user usage counts | Hosts our database + Edge Functions. |
| Google (Calendar API) | OAuth grant from you | Read access to your calendar events. Only with your explicit consent. |
| Google (Gemini API) | Event title, location, notes, time | Generates suggestions + wake lines. Not used to train models. |
| ElevenLabs | Wake line text (1–2 sentences) | Generates audio. Not used to train models. |
| Apple (StoreKit + iCloud) | Apple ID for purchase, push notification routing | Handles purchase + transactional notifications. |
| Qonversion | Subscription state, anonymised user ID | Subscription analytics + entitlement enforcement. |
| Amplitude | Event stream (see §2.2) | Product analytics. Not for advertising. |
We do not sell personal information.
6. International data transfers
Our hosting, AI providers, and analytics provider operate primarily in the United States. By using WakeMeBot, you acknowledge that your data may be processed in the US under Standard Contractual Clauses (SCCs) or equivalent mechanisms.
7. Data retention
- Account data (email, profile): retained until you delete your account.
- Calendar decision cache: rolling 30 days, auto-deleted.
- Per-user usage counts: rolling 30 days.
- Amplitude event data: per Amplitude's default retention (currently rolling 24 months).
- Backups: standard Supabase rolling backups, up to 7 days.
When you delete your account, we delete the data from our own systems within 30 days.
8. Your rights
Depending on where you live, you may have the following rights regarding your personal information: access, correction, deletion, portability, restriction / objection, withdraw consent, and opt out of sale / sharing.
To exercise any of these, email privacy@wakemebot.app with the email address tied to your account. We respond within 30 days.
You can also exercise some rights directly in the app: Settings → Account → Delete account · Sign out · Connected calendars · iOS Settings → Apple Account → Subscriptions to cancel.
9. Children's privacy
WakeMeBot is not intended for children under 13 (or under 16 in the EEA, UK, or Brazil). We do not knowingly collect data from children. If you believe a child has provided us data, email privacy@wakemebot.app and we'll delete it.
10. Changes to this policy
If we make material changes, we'll post the new version here and update the "Last updated" date at the top. For substantial changes that affect how we use data we already have, we'll attempt to notify users in-app or by email before the change takes effect.
11. Contact us
Email: privacy@wakemebot.app
Mail: [LEGAL ENTITY POSTAL ADDRESS]
12. California Notice (CCPA / CPRA)
- Categories collected in the past 12 months: identifiers (email, UUID), commercial info (subscription transactions), internet/network activity (app event stream).
- No sale of personal information in the CCPA sense.
- No use of sensitive personal information for purposes that would trigger CPRA right-to-limit.
- To exercise California rights, email privacy@wakemebot.app with "California Privacy Request" in the subject line.