# Privacy Policy for CPAP Companion
**Effective Date:** June 10, 2026
**Developer:** Muhammad Ilyas
**Contact:** muhammadilyas15@gmail.com
## 1. Introduction
CPAP Companion ("we", "our", "the app") is a personal CPAP therapy log and supply reminder tool. It lets you record your nightly therapy hours, AHI and leak readings from your own machine's display, track when masks, filters and other supplies are due for replacement, and export a summary report for your sleep clinician. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application.
By using CPAP Companion, you agree to the collection and use of information as described in this policy.
## 2. Information We Collect
### 2.1 Information You Provide
All of the following is entered by you, voluntarily, and **stored only on your device**:
- Nightly therapy time (hours and minutes of machine use)
- AHI and leak-rate values you type from your machine's display
- Ramp usage and free-text notes (optional)
- Side effects you tag to a night (e.g., dry mouth, congestion)
- Machine details: nickname, brand, model, prescribed pressure settings, ramp time, humidifier setting, purchase date
- Supply details: type, brand/model, quantity on hand, replacement dates, replacement intervals
- Reminder preferences (bedtime time, supply lead days)
The app requires **no account and no sign-in**, and works fully offline. The app never connects to your CPAP machine — there is no Bluetooth or device pairing of any kind.
### 2.2 Information Collected Automatically
- **Advertising identifiers** — collected by Google AdMob to serve advertisements in the free version
- **Crash and diagnostic data** — device model, OS version, and crash stack traces, collected by Firebase Crashlytics to fix bugs
- **App usage analytics** — aggregated, non-identifying feature-usage events collected by Firebase Analytics to improve the app
- **Device information in support emails** — if you use the Contact Us form, your device model, Android version, and app version are pre-filled into the email body so we can help you; you can remove them before sending
### 2.3 Information from Third-Party Services
None. The app has no sign-in providers.
## 3. How We Use Your Information
We use collected information to:
- Provide core app functionality (therapy diary, trends, compliance meter, supply due dates, reminders)
- Send the optional bedtime, supply-due, and insurance-window reminder notifications you enable
- Generate CSV exports and clinician PDF reports when you request them
- Display advertisements (free version only)
- Improve app performance and fix crashes
- Process your one-time premium purchase through Google Play
**Your therapy data (nightly logs, readings, side effects, machine settings) is never used for advertising, never analyzed on any server, and never transmitted by the app.** All statistics — averages, trends, the compliance meter — are computed locally on your device.
## 4. Data Storage and Security
### 4.1 Local Storage
- All therapy logs, machines, supplies and schedules are stored in a local database in the app's private storage on your device
- Preferences (theme, reminder times, premium status) are stored in the app's private preferences
- No other app can access this data (Android app sandboxing)
### 4.2 Cloud Storage
**None.** CPAP Companion does not upload your therapy data to any server. There is no cloud backup or sync in this version. If a future version adds optional cloud backup, this policy will be updated first and the feature will be strictly opt-in.
### 4.3 Exports You Initiate
When you export a CSV file or clinician PDF report, the file is generated on your device and handed to the Android share sheet. **You choose** where it goes (email, drive, messaging app, etc.). Once shared, the receiving app's privacy policy applies.
### 4.4 Security Measures
- All network communication by embedded SDKs (ads, consent, crash reporting) uses HTTPS/TLS encryption
- Therapy data never leaves the device except through exports you explicitly initiate
- Purchases are processed entirely by Google Play Billing; we never see your payment details
## 5. Data Sharing
### 5.1 We Do NOT Sell Your Data
We do not sell, trade, or rent your personal information to third parties.
### 5.2 Third-Party Services
We use the following third-party services that may collect data:
| Service | Purpose | Data Accessed | Privacy Policy |
|---------|---------|--------------|----------------|
| Google AdMob | Advertising (free version) | Advertising ID, ad interactions, approximate location (coarse, IP-based) | [Google Privacy Policy](https://policies.google.com/privacy) |
| Google UMP | Ad consent management (GDPR) | Consent choices | [Google Privacy Policy](https://policies.google.com/privacy) |
| Firebase Crashlytics | Crash reporting | Crash logs, device state | [Firebase Privacy](https://firebase.google.com/support/privacy) |
| Firebase Analytics | App improvement | Usage patterns, device info | [Firebase Privacy](https://firebase.google.com/support/privacy) |
| Google Play Billing | Premium purchase | Purchase history | [Google Privacy Policy](https://policies.google.com/privacy) |
| Google Play In-App Updates | Update prompts | App version | [Google Privacy Policy](https://policies.google.com/privacy) |
**None of these services receive your therapy data.** Health information is never passed to ad requests; ads are served contextually only.
### 5.3 Ad Personalization
- Free version users see advertisements served by Google AdMob
- AdMob may use device identifiers and usage data for ad personalization
- In the EEA/UK, you are asked for consent before any personalized ads are shown (Google UMP consent form)
- You can opt out of personalized ads through your device settings (Settings → Google → Ads)
- Premium users see no advertisements
## 6. Health Data
### 6.1 Health Information
CPAP Companion stores health-related information that you enter yourself: therapy hours, AHI and leak readings, ramp use, side effects, notes, prescribed pressure settings, and supply replacement history.
### 6.2 Health Data Protection
- Health data is stored **only on your device** — there is no server copy
- Health data is never shared with advertisers, analytics services, or any third party
- Health data leaves your device only when you explicitly export and share it
- Deleting the app, or using Settings → Clear All Data, permanently removes all health data
### 6.3 Medical Disclaimer
CPAP Companion is a personal log and reminder tool and is NOT a medical device or medical advice tool. It does not connect to your CPAP machine; all values are entered by you from your machine's own display. The color-coded reference bands restate published reference ranges and are not an evaluation of your therapy. The app does not diagnose, treat, monitor, or prevent any disease. Always follow your sleep clinician's instructions.
## 7. Children's Privacy
CPAP Companion is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it promptly.
## 8. Your Rights and Choices
### 8.1 Access and Control
- You can view all your data within the app at any time (History, Machines, Supplies screens)
- You can edit or delete any night, machine, or supply
- You can export your complete therapy log as CSV or PDF for your records
- Settings → Clear All Data permanently deletes everything stored by the app
### 8.2 Data Deletion
- All data is local: uninstalling the app, or using Clear All Data, removes everything
- There is no server-side data to request deletion of
- For questions, email us at muhammadilyas15@gmail.com
### 8.3 Notifications
- All reminders are off by default or clearly user-controlled and can be disabled at any time through app Settings, the Reminders screen, or device notification settings
### 8.4 Ad Preferences
- The one-time premium purchase removes all advertisements permanently
- You can opt out of personalized ads via device settings (Settings → Google → Ads)
- EEA/UK users can change their consent choice at any time
## 9. GDPR Compliance (European Users)
If you are located in the European Economic Area (EEA) or UK, you have additional rights:
- **Right to access** — your data is visible in-app; SDK-collected data can be requested from us
- **Right to rectification** — edit any entry directly in the app
- **Right to erasure** — Clear All Data in Settings, or uninstall; for SDK-collected data contact us
- **Right to restrict processing** — decline personalized ads via the consent form
- **Right to data portability** — export your full log as CSV at any time
- **Right to object** — object to data processing for marketing
The app uses Google's User Messaging Platform (UMP) to obtain consent for data processing and personalized advertising in compliance with GDPR.
To exercise any of these rights, contact us at muhammadilyas15@gmail.com.
## 10. Data Retention
- Local therapy data is retained until you delete it or uninstall the app
- Analytics data is retained per Google's standard retention policies (14 months)
- Crash reports are retained for 90 days
- We retain no health data on any server (there is none)
## 11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Updating the "Effective Date" at the top of this policy
- Posting a notice within the app
Your continued use of the app after changes constitutes acceptance of the updated policy.
## 12. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, contact us at:
**Email:** muhammadilyas15@gmail.com
**Developer:** Muhammad Ilyas