Legal
Privacy Policy
Effective Date: April 7, 2026
picko (“Company”) values the privacy of its users and complies with applicable data protection laws. This Privacy Policy applies to the piliq application (“Service”) provided by the Company.
1. Personal Information We Collect
A. Information collected during registration
- Email address
- Name (nickname)
- Profile picture (for social login)
- Social login identifiers (Google, Apple)
B. Information automatically collected during service use
- Sleep data (bedtime, wake time, sleep stages, heart rate, etc.)
- Device information (OS version, app version, device model)
- App usage records (access time, feature usage frequency)
- Anonymous analytics data (app events, session information, Firebase Installation ID) via Google Analytics for Firebase
- For registered members, the above data is stored on our servers to provide the Service
C. Health Data
- Sleep-related health data collected through Apple HealthKit or Google Health Connect
- This data is only collected with your explicit consent
2. Purpose of Collection and Use
We use collected personal information for the following purposes:
- User identification and service provision
- Sleep pattern analysis and personalized coaching
- Sleep score calculation and trend analysis
- Service improvement and new feature development
- Customer support and announcements
- Cross-device data synchronization and backup for members
3. Retention Period
- Data is retained until account deletion and destroyed immediately upon request
- Data may be retained as required by applicable laws:
- Contract or withdrawal records: 5 years
- Payment and supply records: 5 years
- Consumer complaint records: 3 years
4. Third-Party Disclosure
We do not share your personal information with third parties except:
- When you have given prior consent
- When required by law
- When necessary for service provision (payment processing, etc.)
5. Health Data Processing
A. Non-members (not logged in): Sleep data is stored only in local device storage and is not transmitted to our servers.
B. Members (logged in): Sleep data is encrypted and stored on our servers to provide the Service, personalized coaching, and cross-device synchronization. The following data is stored on the server:
- Sleep records (bedtime, wake time, sleep score, data source)
- Sleep stages (awake, light, deep, REM)
- Sleep goals (target sleep duration, target bedtime/wake time)
- User settings (notification preferences, display mode, etc.)
- Coaching messages and feedback
C. Server storage begins upon registration and acceptance of these Terms. You may withdraw consent and delete your account to immediately destroy all server-stored data.
D. HealthKit/Health Connect data is only accessed with your explicit consent. For members, this data is synchronized to the server upon consent.
E. Health data is not used for advertising purposes.
F. Health data is never sold to third parties.
5-2. Data Processing Delegation
We delegate personal data processing to the following service providers:
| Service Provider | Delegated Tasks | Location |
|---|---|---|
| Google LLC (Firebase) | User authentication, app analytics, error reporting | United States |
| Amazon Web Services, Inc. | Server hosting and data storage | United States |
5-3. Cross-Border Data Transfer
We transfer personal information to the following overseas entities to provide the Service:
| Recipient | Country | Data Transferred | Purpose |
|---|---|---|---|
| Amazon Web Services, Inc. | United States | Sleep records, sleep stages, sleep goals, user settings, coaching messages, account information | Server hosting and data storage |
| Google LLC (Firebase) | United States | Authentication info (email, social login ID), app events, error logs | User authentication, app analytics, error reporting |
Transferred personal information is retained for the duration necessary to provide the service and is destroyed without delay upon account deletion or termination of the processing agreement.
You may refuse consent to the above cross-border transfers. If you refuse, access to services requiring registration and login may be restricted.
6. Screen Time API (Sleep Session Feature)
piliq uses Apple's Screen Time API (FamilyControls framework) to power the Sleep Session feature, which blocks distracting apps during your sleep time.
A. What we access: FamilyActivitySelection — an opaque token generated by iOS that represents your selected apps. piliq cannot read the actual app names, bundle identifiers, or any app metadata from this token.
B. Storage: Stored only on your local device (iOS secure storage). Never transmitted to our servers.
C. What we do not collect: App names, usage duration, launch count, or any app activity data.
D. Third-party sharing: None. This data never leaves your device.
E. Deletion: When you uninstall piliq, the FamilyActivitySelection token and all related data are automatically removed from your device.
7. Google Analytics for Firebase
piliq uses Google Analytics for Firebase (“GA4”) to collect anonymous usage analytics to improve the Service.
A. What we collect: App events (e.g., feature usage, screen views), session information, device type, and Firebase Installation ID (a device-level pseudonymous identifier generated by Firebase). No personally identifiable information is included.
B. No account required: Analytics data is collected at the device level via Firebase Installation ID. This means GA4 receives data even if you have not registered or logged in — the data is anonymous and cannot be linked to a specific user.
C. Data transmission: Analytics events are sent to Google's servers in the United States and are subject to Google's Privacy Policy.
D. Opt-out: You can disable analytics collection by turning off “Share Usage Data” in the app settings.
E. No health data: Sleep data, HealthKit data, and Screen Time API data are never transmitted to GA4.
8. Data Destruction
When personal information is no longer necessary, we destroy it without delay:
- Electronic files: Deleted using unrecoverable methods
- Paper documents: Shredded or incinerated
9. Your Rights
You may exercise the following rights at any time:
- Request access to your personal information
- Request correction of your personal information
- Request deletion of your personal information
- Request suspension of processing
- Delete your account
10. Security Measures
We implement the following security measures:
- Encryption of personal information (TLS for transmission, AES-256 for storage)
- Access control and restrictions
- Access logging and tamper prevention
- Security software installation and updates
11. Cookies
As a mobile application, this service does not use web cookies.
12. Data Protection Officer
13. Changes to This Policy
This Privacy Policy may be updated to reflect changes in laws, policies, or security practices. Changes will be announced through in-app notifications.
14. Information for Users in the European Economic Area and United Kingdom (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), the General Data Protection Regulation (GDPR) and UK GDPR apply to our processing of your personal data. This section provides additional information required under these regulations.
A. Data Controller: picko is the data controller responsible for your personal data. Contact: picko.corp@gmail.com
B. Lawful Basis for Processing: We process your personal data on the following legal bases:
- Contract: Processing necessary to provide the Service you requested (sleep analysis, coaching, data synchronization)
- Consent: Health data from HealthKit/Health Connect is processed only with your explicit consent, which you may withdraw at any time
- Legitimate Interest: Anonymous analytics to improve the Service, provided this does not override your rights
C. Your Rights Under GDPR: You have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data (“right to be forgotten”)
- Restrict processing
- Data portability (receive your data in a structured, machine-readable format)
- Object to processing based on legitimate interest
- Withdraw consent at any time without affecting prior processing
To exercise these rights, contact us at picko.corp@gmail.com. We will respond within 30 days.
D. International Data Transfers: Your data is transferred to the United States (AWS, Firebase). These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission.
E. Data Retention: We retain your personal data only as long as necessary for the purposes described in this policy. You may request deletion at any time by deleting your account.
F. Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.
15. Information for California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.
A. Categories of Personal Information Collected:
- Identifiers (email address, name, social login ID)
- Internet or network activity (app usage data, session information)
- Health information (sleep data, collected with your consent)
- Device information (OS version, device model)
B. We Do Not Sell or Share Your Personal Information. piliq does not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising.
C. Your Rights Under CCPA/CPRA:
- Right to Know: Request what personal information we have collected about you
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
To exercise these rights, contact us at picko.corp@gmail.com. We will verify your identity and respond within 45 days.
16. Children's Privacy
The Service is not directed to children under the age of 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at picko.corp@gmail.com and we will promptly delete it.