This page explains what personal information WakeWithin collects, why we collect it, and what you can do about it. If anything is unclear, email privacy@wakewithin.com.
Who we are
WakeWithin (a trading name) is the data controller for the information described on this page. You can reach us at privacy@wakewithin.com.
What we collect
- Account details. Your email address and a hashed password so we can sign you in.
- Programme progress. Which sessions you have opened and completed, so we can pick up where you left off.
- Purchases. Payment confirmation and receipt data from our payment processor. We do not see your full card details.
- Support messages. If you email us, we keep that thread so we can help.
- Technical data. IP address, device, browser, and standard server logs. Used for security, abuse prevention, and understanding what is broken.
We do not sell your data. We do not build advertising profiles from it.
Why we collect it
Under UK GDPR, we rely on the following legal bases:
- Contract: to deliver the programmes you sign up for or buy.
- Legitimate interests: to keep the service secure, prevent fraud, and improve the product.
- Consent: for optional analytics cookies and marketing emails, which you can withdraw at any time.
- Legal obligation: to meet tax, accounting, and other statutory duties.
Who processes it for us
We use a small set of trusted vendors as processors. Each is bound by a data processing agreement and only handles data on our instructions.
- Hosting and database. Our platform provider hosts the site and stores account data in the EU or UK.
- Payments. Card details are handled by our payment processor. We only receive a confirmation and receipt.
- Email delivery. Transactional and auth emails are sent from notify.wakewithin.com via our email provider.
- Audio delivery. Streaming is served via a content delivery network for speed and reliability.
How long we keep it
Account and progress data is kept while your account is active. If you delete your account, we delete or anonymise it within 30 days, except where we need to keep records for tax or fraud prevention (up to 6 years).
Support emails are kept for two years. Server logs are kept for up to 90 days.
Your rights
You have the right to:
- Ask for a copy of the data we hold about you.
- Ask us to correct it if it is wrong.
- Ask us to delete it (right to erasure).
- Object to processing based on legitimate interests.
- Withdraw consent for analytics and marketing at any time.
- Export your data (portability).
- Complain to the UK ICO at ico.org.uk if you think we have got something wrong.
To exercise any of these, email privacy@wakewithin.com.
Children
WakeWithin is not intended for anyone under 16. We do not knowingly collect data from children.
Security
We use standard encryption in transit and at rest, hashed passwords, least-privilege access, and audit logs on sensitive changes. No system is perfect. If we ever have a breach that affects you, we will tell you and the ICO as required by law.
Changes
If we change this notice materially, we will update the date at the top and, where the change affects you, tell you by email.
See also the cookie notice and the terms of service.