Legal
Privacy Policy
On this page
This Privacy Policy explains how Drift (“Drift,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you visit driftnightly.com, join our waitlist, or use the Drift mobile application and related services (together, the “Service”). Drift is a sleep-and-relaxation wellness product. It is not a healthcare provider and does not provide medical advice — see our Medical Disclaimer.
1. Who we are
The Service is operated by Drift, a product of Resolvent Technologies (the “Company”). For privacy questions, contact us at privacy@driftnightly.com.
2. Information we collect
We collect only what we need to run the Service. The categories below describe what we collect today and what we will collect once the Drift app launches.
Information you give us
- Email address — when you join the waitlist or create an account.
- Account details — your name (optional), email, and authentication identifiers, handled by our authentication provider.
- Onboarding preferences — answers to a short set-up questionnaire (for example, when you typically struggle to sleep) used to personalize content. You are not required to disclose any medical condition, and we ask you not to send us sensitive health details.
- Payment information — when you subscribe, our payment processors collect and process your payment details. We never receive or store your full card number.
- Communications — messages you send to support.
Information collected automatically
- Usage & product analytics — events such as which content you play, session length, timer use, and feature interactions, used to improve the Service.
- Device & technical data — device type, operating system, app version, language, approximate region (derived from IP), and crash diagnostics.
- Log data — IP address and standard server logs when you load our website.
We do not collect microphone, contacts, photos, or precise GPS location. We do not run third-party advertising or sell your data.
3. How we use information
- To provide, operate, and maintain the Service and play audio content.
- To create and manage your account and process subscriptions.
- To personalize content pacing and recommendations based on your preferences and usage.
- To send service messages (receipts, security, important updates) and, if you opt in, product news. You can unsubscribe from marketing email at any time.
- To analyze and improve performance, reliability, and content quality.
- To protect against fraud, abuse, and security incidents, and to comply with legal obligations.
4. Legal bases for processing (EEA/UK)
If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR/UK GDPR:
- Contract — to provide the Service you sign up for (account, playback, subscription).
- Legitimate interests — to secure, analyze, and improve the Service, balanced against your rights.
- Consent — for marketing email and any optional analytics where consent is required; you may withdraw consent at any time.
- Legal obligation — to meet tax, accounting, and other legal requirements.
5. Who we share information with
We share information only with service providers (“processors”) that help us run the Service, under contracts that require them to protect your data. We do not sell personal information. Current and planned processors include:
| Provider | Purpose |
|---|---|
| Supabase | Authentication & database |
| Stripe | Web subscription payments |
| RevenueCat / Apple / Google | In-app subscription billing & receipts |
| PostHog | Product analytics & diagnostics |
| Cloudflare | Audio storage & content delivery |
| Vercel | Website hosting |
| Email provider | Transactional & waitlist email |
We may also disclose information if required by law, to enforce our Terms of Service, or in connection with a merger or acquisition (you will be notified of any change in ownership of your data).
6. Health & wellness data
Drift is a wellness product, not a medical service. We do not diagnose, treat, or monitor any condition, and we do not knowingly collect medical records or clinical health data. Preferences you share during onboarding are used only to tailor relaxation content. Please do not send us diagnoses, medications, or other sensitive health information. See our full Medical Disclaimer.
7. Data retention
We keep personal information for as long as your account is active or as needed to provide the Service, then delete or anonymize it unless a longer period is required for legal, tax, security, or fraud-prevention purposes. You can ask us to delete your account and associated data at any time (see Your rights).
8. Your rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your information (“right to be forgotten”).
- Port your data to another service.
- Object to or restrict certain processing.
- Withdraw consent where processing is based on consent.
To exercise any of these rights, email privacy@driftnightly.com. We will respond within the timeframes required by applicable law. You also have the right to lodge a complaint with your local data protection authority.
9. California privacy rights (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, to request deletion, to correct it, and to not be discriminated against for exercising these rights. In the past 12 months we have collected the categories described in Section 2 (identifiers, customer records, commercial/subscription information, internet activity, and device data).
We do not “sell” or “share” personal information as those terms are defined under the CCPA/CPRA, and we do not use it for cross-context behavioral advertising. To exercise your California rights, email privacy@driftnightly.com.
10. International data transfers
We operate from the United States, and our providers may process data in the U.S. and other countries. Where required, we use appropriate safeguards (such as the EU Standard Contractual Clauses) for transfers of data out of the EEA/UK.
11. Security
We use industry-standard measures — encryption in transit, access controls, and reputable infrastructure providers — to protect your information. No method of transmission or storage is 100% secure, but we work to protect your data and to notify you and regulators of incidents where required by law.
12. Cookies & analytics
Our website uses only the cookies and similar technologies needed to operate the site and understand aggregate usage. We honor “Do Not Track” / Global Privacy Control signals where applicable. We do not use third-party advertising trackers.
13. Children
The Service is not directed to children under 16 (or under 13 in the United States), and we do not knowingly collect their personal information. If you believe a child has provided us information, contact privacy@driftnightly.com and we will delete it.
14. Changes to this policy
We may update this Privacy Policy from time to time. We will post the new version here with an updated effective date and, for material changes, provide additional notice (for example, by email or in-app).
15. Contact us
Questions about this policy or your data? Email privacy@driftnightly.com.