Main ContentFooterAccessibility Statement
Eight Sleep Logo
Eight Sleep Logo
Blog HomeSleepWellnessFitnessScience

Our Commitment to Security and Privacy: How Our Systems Work

EditorialAuthor: Editorial
February 28, 2025

At Eight Sleep, the security and privacy of our customers are paramount. We understand that inviting smart technology into your home requires a significant level of trust, and we take that responsibility seriously. In this post, we want to provide clarity on how our systems are set up, how our support process works, and the safeguards we have in place to protect your privacy.

Our Security Practices

We implement multiple layers of security to protect your data and privacy:

  • Data anonymization by default: Our systems collect data without personal identifiers from the start. When analyzing sleep patterns or temperature preferences across our user base, the systems work with inherently anonymous data.
  • Encryption: All data transmitted between your Pod and our servers, between the app and our servers, and all the data at rest, is encrypted using top industry-standard protocols (TLS and AES-256). Neither our cloud provider or your ISP can get access to your data.
  • Secure authentication: We protect all server access with two-factor authentication and individualized role-based policies.
  • Continuous monitoring: We use best-in-class tools to continuously scan our infrastructure to protect from any potential vulnerabilities or service reliability issues. Our team is on a 100% coverage on-call rotation to handle incidents.

How We Protect Your Data

We believe you should have control over your data. You can review our privacy policy at any time to understand what information is collected and how it’s used. The key points include

  • We do not sell your personal information to third parties.
  • We collect only what is necessary to provide you with Autopilot control, sleep insights, and a reliable service. 
  • When we use data to improve our sleep algorithms or analyze broader trends, we strictly use anonymized data where all personally identifying information has been removed.
  • We don’t store any personal information on the device. 
  • Raw data is stored on the device for a maximum of 24 hours.
  • All data sent from the device to our server systems is anonymous and cannot be immediately linked to any specific individual.
  • If you are ever invited to participate in clinical studies conducted by the Eight Sleep team, you are welcome to join. These are not mandatory and users are not defaulted into them. If you elect to participate, you must provide your consent for the use of your information. These studies require an explicit opt-in and they follow standard scientific procedures, including oversight by an Institutional Review Board (IRB) that ensures ethical practices, and always involve a separate consent process.
  • A report on what types of data we collect can be found here in our help center.
  • You can request a copy of your data, or the full deletion of your data, at any time through a GDPR request in the app (Menu > Help and Support > Data Privacy). 

How Customer Support Access Actually Works

When customers reach out to us with technical issues that cannot be resolved through standard troubleshooting steps, our support team may run automated tests. If those tests are inconclusive, then we may need diagnostic access for an engineer to directly connect to the device. Here’s how this process actually works:

  1. Customer-initiated support: Access to your device is only possible when you, the customer, initiate a support request requiring technical assistance.
  2. Fully automated testing: The vast majority of the support cases can be resolved through a set of standardized tests. These test results are generated automatically, with no human directly interacting with the device. In the rare case that an issue cannot be resolved through automated tests, an engineer may need to connect directly to your device.
  3. Explicit consent necessary: Before any diagnostic access is granted, we require your explicit consent. Our support team will guide you through this process, ensuring you understand what information will be accessed and why it’s necessary.
  4. Physical presence required: Every time an engineer needs direct access to your device, you must be physically present with your Pod. Remote access cannot be initiated without your direct involvement.
  5. Limited scope and duration: Access is temporary and limited to addressing the specific issue you’ve reported. Once your support case is resolved, the diagnostic session ends.
  6. No access without authorization: Without these steps being completed, no one—including our engineering team—can remotely access your device.

Why Diagnostic Access Matters

The ability to diagnose and troubleshoot with customer consent is essential for product improvement. Without this capability, we would be unable to understand or resolve extremely rare issues that only emerge at scale. When customers allow diagnostic access during troubleshooting:

  • Our engineers can identify the root cause of complex technical issues that may not be reproducible in our testing environments.
  • The insights gained help us develop more robust software that benefits all customers.
  • We can resolve edge cases that might otherwise remain unsolved, improving reliability across our entire product ecosystem.

This approach to problem-solving allows us to continuously enhance the quality and performance of your Eight Sleep experience while maintaining strict privacy safeguards.

Our Commitment To You

As technology evolves, so do our security practices. We are committed to:

  • Transparency: Clearly communicating how our products work and how we protect your privacy.
  • Responsiveness: Addressing security concerns promptly and thoroughly.
  • Innovation: Continuously improving our security measures to stay ahead of potential threats.

Security Reporting

We value the feedback of security researchers and our community. If you believe you’ve identified a potential security issue, we encourage you to report it through our responsible disclosure program at security@eightsleep.com.

Your trust is our most valuable asset. We will continue to earn it by maintaining the highest standards of security and privacy protection, ensuring that your Eight Sleep experience remains both restful and secure.