NoxBlanc AG (“we”, “us”, “our”) operates the NoxBlanc mobile application (“the App”).
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights regarding your data.
Effective date: 20.02.2026
Last updated: 26.02.2026
Data Controller
NoxBlanc AG
c/o Switzerland Innovation Park Ost AG
Lerchenfeldstrasse 3
9014 St. Gallen
Contact: privacy@noxblanc.com
Data We Collect
Account Information
| Attribute | Detail |
|---|---|
| What | Email address, display name. Provided during registration |
| Purpose | Authentication, communication, pilot enrollment |
| Legal basis | Contract performance (FADP Art. 31.2.a) |
| Retention | Until account deletion |
| Storage | NoxBlanc servers (Infomaniak, Switzerland) |
Demographic Data
| Attribute | Detail |
|---|---|
| What | Date of birth, gender, height, weight, temperature sleeping preference, temperature-related conditions — provided during onboarding. Age and BMI are computed from these. |
| Purpose | Configure your mattress settings and personalise your sleep profile |
| Legal basis | Contract performance (FADP Art. 31.2.a) |
| Retention | Until account deletion |
| Storage | NoxBlanc servers (Infomaniak, Switzerland) |
Sleep Data from Apple Health / Health Connect
| Attribute | Detail |
|---|---|
| What | Sleep duration, stages (deep, light, REM, awake), bed/wake times, data source name |
| Purpose | Display sleep metrics in-app for personal tracking |
| Important | This data is read on your device only. It is NEVER transmitted to NoxBlanc servers. |
| Legal basis | Explicit consent (you grant HealthKit/Health Connect permission) |
| Retention | Not stored by NoxBlanc — exists only in your device’s Health app |
| Storage | Your device only |
Fitbit Data (optional)
| Attribute | Detail |
|---|---|
| What | Sleep logs (duration, stages, efficiency), heart rate (resting, zones) |
| Purpose | Display sleep and health metrics, pilot participation |
| Legal basis | Explicit consent (you connect your Fitbit account) |
| Retention | Until Fitbit disconnected or account deleted |
| Storage | NoxBlanc servers (encrypted tokens, raw data logs) |
| Sharing | We access your Fitbit data via Fitbit’s API. We do not share it with third parties. |
Pilot Participation Data
| Attribute | Detail |
|---|---|
| What | Questionnaire responses, timing data, consent records, enrollment status, demographic metadata (sport, athletic level, years of elite competition — entered by NoxBlanc team) |
| Purpose | Sleep optimisation pilots and product development with partner organisations |
| Legal basis | Explicit consent (you provide informed consent before enrollment) |
| Retention | Pilot duration + 10 years (Swiss data protection standards). Consent audit records retained for 10 years. |
| Storage | NoxBlanc servers |
Device Information
| Attribute | Detail |
|---|---|
| What | Device model, operating system version, app version, platform |
| Purpose | Consent audit trail (legally required record of the conditions under which consent was given) |
| Legal basis | Legitimate interest (audit compliance) |
| Retention | Same as consent records (10 years) |
| Storage | NoxBlanc servers |
Journal Entries
| Attribute | Detail |
|---|---|
| What | Daily behavioral notes and answers |
| Purpose | Personal habit tracking |
| Important | Journal entries are stored ONLY on your device. They are never sent to NoxBlanc servers. |
| Retention | Until you uninstall the app or clear app data |
| Storage | Your device only |
Website (noxblanc.com)
| Attribute | Detail |
|---|---|
| What | IP address, browser type, operating system, timestamp, pages visited — collected automatically by the web server |
| Purpose | Anonymous statistical analysis to improve our website |
| Legal basis | Legitimate interest (FADP Art. 31.1) |
| Retention | 90 days (server logs are rotated) |
| Storage | IONOS, Germany |
| Important | We do not use cookies, analytics services, or tracking pixels on our website. |
Data We Do NOT Collect
- Location data
- Contacts, photos, videos, audio, files
- Financial or payment information
- Browsing or search history
- Advertising identifiers (no ads, no tracking)
- We do not use any analytics, crash reporting, or attribution SDKs
Third-Party Services
| Service | Provider | What they process | Privacy policy |
|---|---|---|---|
| Auth0 | Okta, Inc. | Email and password for authentication | https://auth0.com/privacy |
| Fitbit | Google LLC | OAuth authorization. We retrieve sleep and heart rate data from Fitbit’s API — we do not send user data to Fitbit. | https://www.fitbit.com/legal/privacy-policy |
No other third-party services receive your data.
Data Sharing
- We do not sell your personal data.
- We do not share your data with advertisers.
- Anonymised pilot data may be shared with publication partners in anonymized form only, and only if you consent to pilot participation.
- We may disclose data if required by law or court order.
Data Security
- All data transmitted between the App and our servers is encrypted using TLS 1.3.
- Authentication tokens are stored in your device’s secure enclave (iOS Keychain / Android Keystore).
- Fitbit OAuth tokens are encrypted at rest on our servers (AES-256).
- Our API enforces rate limiting and input validation.
- Access to our servers is restricted and authenticated.
Your Rights
Under the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR), you have the right to:
- Access your personal data (request via the App or email privacy@noxblanc.com)
- Rectify inaccurate data (update your profile in the App)
- Delete your account and personal data (On app: Settings > Account > Delete Account, or visit https://noxblanc.com/delete-account)
- Withdraw consent for pilot participation (in-app, at any time)
- Data portability (request an export via privacy@noxblanc.com)
- Lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority
Account Deletion
- You can delete your account at any time from Settings > Account > Delete Account.
- You can also delete your account without the App at https://noxblanc.com/delete-account.
- What happens when you delete your account:
- Your personal information (email, name) is removed
- Your demographic data (date of birth, gender, height, weight, preferences) is deleted
- Your Fitbit data is deleted and Fitbit access is revoked
- Your pilot responses are anonymized (disassociated from your identity) to preserve data integrity
- Consent audit records are retained for 10 years as legally required
- Deletion is processed immediately. Some background cleanup may take up to 30 days.
Children’s Privacy
- NoxBlanc is not intended for children under 16.
- We do not knowingly collect data from children under 16.
- If you believe a child has provided us data, contact privacy@noxblanc.com.
Changes to This Policy
- We may update this Privacy Policy from time to time.
- We will notify you of material changes via the App or email.
- Continued use after changes constitutes acceptance.
Contact Us
NoxBlanc AG
Email: privacy@noxblanc.com
General support: support@noxblanc.com