Your Cart

Your cart is currently empty

CONTINUE SHOPPING

Eight Sleep, Inc. Privacy Policy

Last Updated: October 24, 2018
Welcome to the website of Eight Sleep, Inc.!
Eight designs products and tools that track everyday sleep to empower and inspire users to lead healthier and happier lives.

Your privacy is important to us.

Protecting your privacy is really important to us. We pledge to respect your privacy, to be transparent about our data practices, to keep your data safe and to only collect data that helps us improve our products and services. With this in mind, we’re providing this Privacy Policy to explain our practices regarding the collection, use and disclosure of information that we receive through our Services. This Privacy Policy does not apply to any third-party websites, services or applications, even if they are accessible through our Services.
In this Privacy Policy:
  • We’ll refer to Eight Sleep, Inc. as “Eight” or “we” or “us”.
  • We’ll refer to our websites (including www.EightSleep.com, corporate.EightSleep.com, dev.EightSleep.com, community.EightSleep.com and help.EightSleep.com) individually as a Site and collectively as the “Sites”.
  • We’ll refer to all the products and services we provide (including our personal fitness and electronic body monitoring products (“Devices”), the Eight Connect software (“Software”) and Eight mobile applications (the “Apps”)), individually and collectively, as the “Services”.
  • We’ll refer to you, the person or entity accessing our Sites or using our Services, as “you” or “your” or (if you are a purchaser of our Services), our “customer”.

Some other definitions we’ll be using in this Privacy Policy

What is a Data Controller? For general data protection regulation purposes, the “Data Controller” means the organization who decides the purposes for which, and the way in which, any Personal Information is processed. Our customers are the Data Controllers.
What is a Data Processor? A “Data Processor” is an organization which processes Personal Information for a Data Controller. We are the Data Processor for our customers. As a Data Processor, we are bound by the requirements of the General Data Protection Regulations (the “GDPR”).
What is Data Processing? Data processing is any operation or set of operations (whether automated or not) performed upon Personal Information. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
What is Personal Information? Personal information is any information which is about you, from which you can be identified. Personal Information includes information such as an individual's name, address, telephone number, or e-mail address. Personal Information also includes information about an individual's activities, such as information about his or her activity on Sites or our Services, and demographic information, such as date of birth, gender, geographic area, and preferences, when any of this information is linked to personal information that identifies that individual. Personal Information does not include "aggregate" or other non-personally identifiable information. Aggregate information is information that we collect about a group or category of products, services, or users that is not personally identifiable or from which individual identities are removed.

How do we collect Personal Information?

In our service as a Data Processor, we collect Personal Information from Data Controllers in several ways:
  • Information you provide to us directly. In addition to the Personal Information you may provide to us in connection with opening an account with us, you may provide us with Personal lnformation in connection with:
    • Contests and giveaways: Eight may offer opportunities to participate in contests, giveaways and other promotions. Any data you submit in connection with these activities will be treated in accordance with this Privacy Policy, unless the rules for those offers note otherwise.
    • Surveys: Eight may also ask you to participate in surveys (processed by Eight or third parties) that help us understand your use of the Eight Service. Any Personal Information you provide to us (or which is supplied by you or Eight to such third-party survey providers) in connection with these surveys will only be used in relation to that survey and as stated in this Privacy Policy,
  • Information you provide us when you contact us for help.
    • Whenever you contact us for help, we collect your name and email address along with additional information you provide in your request so that we can provide you with assistance and improve the Service. If you contact us when you are already logged in to your account, the web form automatically pre-fills this information, so you don’t have to type it manually. You can also contact us on public forums such as Twitter or Facebook; however, we cannot maintain the privacy of your communication to us if you contact us through these channels.
  • Information we may receive from third parties.
    • If you allow us access to your friends list, your friends’ user IDs, and/or your connection to those friends, that information may be stored and used to make your experience with our Services more social, and to allow you to invite your friends to use our Services as well as provide you with updates if and when your friends join Eight. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to the Services.
    • We may also receive information about you, including Personal information, from other third parties, and may combine this information with other personal information we maintain about you. If we do so, this Privacy Policy governs any combined information that we maintain in personally identifiable format.
  • Using officially sanctioned payment processor integrations
    • Customers who elect to connect their payment processors to us using their payment processor’s official integrations allow us to collect relevant data directly from the payment processor if it exists.

What information do we collect?

When activating a Eight Device, you will be asked to download the Eight App or install Software and enter information about yourself, such as date of birth and gender. We use this information to personalize your sleep stats and sleep recommendations. We may also collect the following types of personal information from you:
  • Your first and last name, username and email address.
  • Your company’s name.
  • Your (and/or your company’s) physical address.
  • Information you choose to provide us through our Services (including, for example, your birthdate, gender and/or phone number).
  • Depending upon the specific Device you use, it can collect data such as the amount of time slept and metrics regarding your sleep quality, and transmit this data to us.
  • If you create your Eight account using a different credential such as a Facebook® or Google+® account, we will ask permission to access basic information from that account, such as your name, location, and friend list. We will access your phone’s contact list for the purpose of letting you identify contacts who are Eight users.
  • When you sync your Device through an App or the Software, data recorded on your Device about your sleep activity is transferred from your Device to our servers. This data is stored and used to provide the Eight Service and is associated with your account. Each time a sync occurs, we log data about the transmission. Some examples, but not limited to, of the log data are the sync time and date, connectivity, and the IP address used when syncing.
  • The Eight Service includes features that require the collection of specific location data, including: GPS signals, device sensors, Wi-Fi access points, and cell tower IDs. We only collect this type of data when you activate a location feature, such as run mapping. We stop collecting this type of data when you deactivate the feature. We may also retain any messages you or other users send through the Service, and may collect information you post to, or collect from, users of the Services. We use this information to operate, maintain, and provide to you the features and functionality of the Services.
  • We may also collect and aggregate information about the use of our Sites and our Services. That information could include information such as your Internet Protocol (IP) address, browser type, operating system, the web page that you were visiting before accessing our Sites, the pages or features of our Sites which you browsed and the time spent on those pages or features, search terms, the links on our Sites that you clicked on and other statistics.
    • An IP or Internet Protocol Address is a unique numerical address assigned to a computer as it logs on to the internet).
    • If you access our Sites using a mobile device, we may collect information such as a device identifier, user settings and the operating system of your device, as well as information about your use of our Services.
  • We may also permit third-party online advertising networks to collect information (through Cookies or similar tracking technology) about your and others’ use of our Services and any of your mobile or web applications, in order to allow those third-party networks to display ads that may be relevant to your interests on our Services as well as on other websites or apps.
    • You may be able to opt-out from allowing those third-party online advertising networks to collect information; please see the "Your Choices" section below.
  • For more detailed information on information we – or third parties associated with us – collect, and how and where it is processed, please see Exhibit A to this Privacy Policy.

What do we use your Personal Information for?

We will use your Personal Information, in compliance with this Privacy Policy to provide you with the best experience possible, to help you make the most of your sleep, and to improve and protect the Services. Any of the information we collect from you may be used in any of the following ways:
  • To operate, maintain, and provide to you the features and functionality of the Services (for example, data and logs are used in research to understand and improve the Services; to troubleshoot the Services; to detect and protect against error, fraud or other criminal activity; and to enforce this Privacy Policy and the Eight Terms of Use).
  • To compile statistics and analysis about your and other customers’ use of our Sites and our Services.
  • To personalize your experience — your Personal Information helps us to better respond to your individual needs (for example, age, gender and sleep quality are used to provide personalized sleep recommendations).
  • To improve our Sites and our Services — we continually strive to improve our Sites offerings based on the information and feedback we receive from you.
  • To improve customer service — your Personal Information helps us to more effectively respond to your customer service requests and support needs.
  • To send periodic emails — the email address you provide may be used to send you information, notifications that you request about changes to our Services, to alert you of updates, and to send periodic emails containing information relevant to your account.
  • If you purchase anything through the use of our Services, then to enable you to purchase products or services from our Sites.
  • We may also use Personal Information you provide to contact you regarding products, services, and offers that we believe you may find of interest. We allow you to opt-out from receiving marketing communications from us as described in the "Your Choices" section below.
  • We store specific location data in your Eight account. If you are using a mapping feature, we will send your location information to our mapping service provider so they can display your location on a map. They are contractually prevented from sharing or using this data for any other purpose.
  • In addition, de-identified data that does not identify you may be used to inform the health and scientific community about trends; for marketing and promotional use; or for sale to interested audiences. See “Do We Disclose any Personal Information to Outside Parties?” to learn more.
  • For more detailed information on information we – or third parties associated with us – collect, and how and where it is processed, please see Exhibit A to this Privacy Policy.
We may also use your Personal Information where necessary for us to comply with a legal obligation, including to share information with government and regulatory authorities when required by law or in response to legal process, obligation, or request.
  • We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose your Personal Information to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas); (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general; and (iii) to stop any activity that we consider illegal, unethical or legally actionable activity.
We will request your consent before we use or disclose your Personal Information for a materially different purpose than those set forth in this Policy. Consent may be obtained by any legally sufficient method. For example, depending on the circumstances and applicable laws, consent may be obtained by providing you with notice and the opportunity to opt-out.

Your Choices About Your Personal Information

We may use the information we collect or receive to communicate directly with you. We may send you emails containing newsletters, promotions and special offers. If you do not want to receive such email messages, you will be given the option to opt out. If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt out from receiving commercial email from us by sending us an email or by writing to us at the address given at the end of this Privacy Policy. Additionally, if we offer user account functionality on any of our Services, we may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us. Please be aware that if you opt out of receiving commercial e-mail from us, it may take up to ten business days for us to process your opt-out request, and you may receive commercial e-mail from us during that period. Additionally, even after you opt out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding our Services (e.g., account verification, purchase and billing confirmations and reminders, changes/updates to features of the Service, technical and security notices).
You may modfy Personal Information that you provide to us from your dashboard or Eight account preferences. If you remove data from your Eight account, it will no longer appear to you or others who use the Eight Service. Backups of that data will remain associated with your Eight account and in our archive servers.
Your Rights to Opt Out. You can opt-out of receiving weekly summaries, achievement notifications, contests, giveaways, surveys and promotional emails by changing the notification preferences in your account settings or by unsubscribing via the “Unsubscribe” link in any Eight email. Opting-out of these emails will not end transmission of important service-related emails that are necessary to your use of the Services. In addition, you may opt out of allowing third-party online advertising networks to collect information from our Sites by adjusting the browser “settings” on your computer or mobile device. Please refer to your mobile device or browser’s technical information for instructions on how to delete and disable cookies, and other tracking/recording tools. Depending on your type of device, it may not be possible to delete or disable tracking mechanisms on your mobile device. Note that disabling cookies and/or other tracking tools prevents us or our business partners from tracking your browser’s activities in relation to the Service, and for use in targeted advertising activities by third parties. However, doing so may disable many of the features available through the Services. If you have any questions about opting out of the collection of cookies and other tracking/recording tools, you can contact us directly.

How do we protect your Personal Information?

We care about the security of your Personal Information. To help protect your privacy and security, we take reasonable steps (such as requesting a unique password to verify your identity before granting you access to your account), and we use commercially reasonable safeguards to preserve the integrity and security of all information collected through the Services. We cannot, however, ensure or warrant the security of any information you transmit to us or guarantee that information on the Services may not be accessed, disclosed, altered, or destroyed. And you are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your email communications from us. Your privacy settings may also be affected by changes to the functionality of third-party websites and services that you add to the Eight Service, such as social networks. We are not responsible for the functionality or security measures of any third party. Upon becoming aware of a breach of your Personal Information, we will notify you as quickly as we can and will provide timely information relating to the breach as it becomes known in accordance with any applicable laws and regulations or as is reasonably requested by you. If you have any concerns over the security of your Personal Information, please contact us at [email protected]

Do we use cookies?

Yes. Cookies are small files that a website or its service provider transfers to your computer’s hard drive through your Web browser (if you allow). These cookies enable the Sites to recognize your browser and, if you have a registered account, associate it with your registered account. We may use both session Cookies and persistent Cookies to identify that you’ve logged in to the Services and to tell us how and when you interact with our Sites. We use cookies to remember information so that you will not have to re-enter it during your visit or the next time you visit the Sites, and to understand and save your preferences for future visits and compile aggregate data about Sites traffic and Sites interaction so that we can offer better Sites experiences and tools in the future. They tell us which parts of the Eight Service you’ve visited so we can figure out which promotions you may like to see or to alert you to software compatibility issues. We may also use Cookies to monitor aggregate usage and web traffic routing on our Services and to customize and improve our Services, to provide custom, personalized content and information, including advertising, and to diagnose or fix technology problems. In addition, we may use Cookies to automatically update your Eight application. Unlike persistent Cookies, session Cookies are deleted when you log off from the Services and close your browser. Although most browsers automatically accept Cookies, you can change your browser options to stop automatically accepting Cookies or to prompt you before accepting Cookies. Please note, however, that if you don’t accept Cookies, you may not be able to access all portions or features of the Sites or the Services. We may also collect information via standard server logs or clear GIFs (also known as “Web beacons”). Web beacons and pixel tags are images embedded in a webpage or email for the purpose of measuring and analyzing usage and activity. Eight, or third-party service providers acting on our behalf, may use web beacons and pixel tags to help us analyze usage and improve our functionality. Social media tools, like widgets and plug-ins, are used so you can share information from Eight on other sites such Facebook and Twitter. These interactive mini-programs collect your IP address, record the pages you visit on our Sites, and set cookies that will enable the widget to function properly. Your interactions with these widgets are governed by the privacy policy of the company providing them, not by this Privacy Policy. We also use the Facebook and Twitter pixel tags to help us understand how effective our marketing is on those sites. If we link or associate any information gathered through passive means with Personal Information, we treat the combined information as Personal Information under this Privacy Policy. Otherwise, we use information collected by passive means in non-personally identifiable form only.
We use the following third-party advertising cookies to present you with opportunities to purchase Eight products on our Site; and retargeting cookies, to present you with Eight advertising on other websites based on your interaction on our Sites and other websites.
  1. Google Adwords Conversion: You can adjust the Google Ads Settings and opt-out of this program.
  2. Twitter Advertising: This cookie allows us to present you with retargeting advertising for Eight products on Twitter. This Twitter FAQ explains how their advertising program works and gives you the option to adjust your Twitter settings.
  3. Facebook Custom Audiences: You can adjust your Facebook advertising settings from within your Facebook account and opt-out of advertisements from within the Facebook application
  4. Mixpanel: We use Mixpanel as our primary analytics tool to understand how our customers use the Eight Service and Mixpanel People to contact you about the use of our product, for example, to proactively assist you if you have trouble syncing your Device. You can read the MixPanel Privacy Policy and opt-out.
  5. We use Google Analytics, New Relic, KissInsights and Optimizely analytics cookies allow us to see how you use our Services so that we can improve your experience. We encourage you to read the Google Privacy Policy. If you prefer to not have data reported by Google Analytics, you can install the Google Analytics Opt-out Browser Add-on. You can read the Optimizely Privacy Policy and opt-out. You can also read the New Relic privacy policy.

“Do Not Track” options will not affect how we use your Personal Information

Although we do our best to honor the privacy preferences of our customers, we are not able to respond to Do-Not-Track signals from your browser at this time. As discussed above, we track webSites and app usage information through the use of cookies for analytic and internal purposes only. Because we do not collect this information to track you across websites or apps over time, your selection of the “Do Not Track” option provided by your browser will not have any effect on our collection of cookie information for analytics or internal purposes.

Who at Eight may access your Personal Information?

Designated members of our staff may access Personal Information to help our customers with any questions they have, including help using our Services, investigating security issues, or following up on bug fixes with a customer. This activity is logged in our system for compliance, and we maintain different levels of access for its employees depending on their role in our company. For certain payment processors, only the Data Protection Officer has the ability to access additional business metrics from the payment processor (for purposes of investigating potential security breaches and fraud, or otherwise with the permission of the customer). In some cases, Personal Information may be accessible to certain types of involved with the operation of the Services (administration, sales, marketing, legal, system administration).

Do we disclose any Personal Information to outside parties?

Except as set out below, we do not sell, trade, or otherwise transfer to outside parties your Personal Information. Non-personally identifiable visitor information, however, may be provided to other parties for marketing, advertising, or other uses.
  • We may share your Personal Information with other companies owned by or under common ownership as Eight, which also includes our subsidiaries (i.e., any organization we own or control).
    • These companies will use your Personal Information in the same way as we can under this Privacy Policy.
  • We may disclose your Personal Information to third-party service providers (for example, payment processing, data storage and processing facilities, and email management, or identifying and serving targeted advertisements, content or service fulfillment, or providing analytics services) that assist us in our work. These companies are obligated by contract to safeguard any Personal Information they receive from us.
    • We limit the Personal Information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such Personal Information.
  • We may contract with third-party service providers to assist us in better understanding our Sites visitors.
    • These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.
  • We may also release your Personal Information when we believe release is appropriate to comply with the law, enforce our Sites policies, or protect our or others’ rights, property, or safety.
    • In particular, we may release your Personal Information to third parties as required to (i) satisfy any applicable law, regulation, subpoena/court order, legal process or other government request, (ii) enforce our Terms of Use Agreement, including the investigation of potential violations thereof, (iii) investigate and defend ourselves against any third party claims or allegations, (iv) protect against harm to the rights, property or safety of Eight, its users or the public as required or permitted by law and (v) detect, prevent or otherwise address criminal (including fraud or stalking), security or technical issues.
  • If you ask us to do so, we may share your Personal Information with the public and other users of the Services. Any information or content that you voluntarily disclose for public posting to the Service, such as user-generated content, becomes available to the public. If you remove information that you posted to the Services, copies may remain viewable in cached and archived pages of the Service, or if other users of the Services have copied or saved that information.
  • We may share or sell aggregated, de-identified data that does not identify you, with partners and the public in a variety of ways, such as by providing research or reports about health and sleep. When we provide this information, we perform appropriate procedures so that the data does not identify you and we contractually prohibit recipients of the data from re-identifying it back to you.
  • You can direct us to share data with other parties. For example, you might authorize us to link your Eight account with a third-party app; send status updates to your Facebook or Twitter account; or direct us to share data with your employer as part of a wellness program. Once you direct us to share your data with a third party, that data is governed by the third-party’s privacy policy.
  • We may also share certain information such as your location, browser and cookie data and other data relating to your use of our Services with our business partners to deliver advertisements (“ads”) that may be of interest to you.
    • We may allow third-party ad servers or ad networks to serve advertisements on the Services. These third-party ad servers or ad networks use technology to send, directly to your browser or mobile device, the ads and ad links that appear on the Services, and will automatically receive your IP address when they do so. They may also use other technologies (such as cookies, JavaScript, device identifiers, location data, and clear gifs, see above) to compile information about your browser’s or device’s visits and usage patterns on the Services, and to measure the effectiveness of their ads and to personalize the advertising content. We do not sell, rent, or share the information we collect directly from you or about you from third parties with these third-party ad servers or ad networks for such parties’ own marketing purposes. Please note that an advertiser may ask us to show an ad to a certain audience of users of our Sites (for example, based on demographics or other interests). In that situation, Eight determines the target audience and Eight serves the advertising to that audience and only provides anonymous aggregated data to the advertiser. If you respond to such an ad, the advertiser or ad server may conclude that you fit the description of the audience they are trying to reach. This Privacy Policy does not apply to, and we cannot control the activities of, third-party advertisers. Please consult the respective privacy policies of such advertisers or contact such advertisers for more information.
  • Your Personal Information may also be transferred to another company in the event of a transfer, change of ownership, reorganization or assignment of all or part of our businesses or assets.
    • This will occur if the parties have entered into an agreement under which the collection, use and disclosure of the information is limited to those purposes of the business transaction, including a determination whether or not to proceed with the business transaction. You will be notified via email or prominent notice on our websites for thirty (30) days of any such change in ownership or control of your personal information or as otherwise may be required or permitted by law.

How do we handle global transfers and processing of your Personal Information?

Although we welcome people from all over the world, keep in mind that no matter where you live or where you happen to use our services, your Personal Information may be shared. This means that we may collect your Personal Information from, transfer it to, and store and process it in the United States and other countries outside of where you live. For example, some of our third-party providers may be located in different countries. Where this is the case, we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this Privacy Policy. By submitting your Personal Information, you’re agreeing to this transfer, storing or processing. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that we may transfer information, including Personal Information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction. If we transfer your Personal Information from the E.U. and process it in the United States, we do so in accordance with applicable law. With respect to information received or transferred, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Where our third-party supplies are in the U.S. we have ensured that their services fall under the EU-U.S. Privacy Shield Framework, the Swiss-U.S. Privacy Shield Framework and European Commission-approved standard contractual clauses. We comply with the E.U.-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Principle of Onward Transfer

In the context of an onward transfer of data to a third party, a Privacy Shield organization has responsibility for the processing of Personal Data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. We shall remain liable under the Principles if its agent processes such Personal Data in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

Retention of your Personal Information

We retain your Personal Information for as long as we need to fulfill our Services (for example, for as long as you maintain an account with us). Generally, if you deactivate your account with us, data that can identify you will be removed from the Eight Service, including but not limited to your email, name, photo(s), friends list and links to sites such as Facebook and Twitter. Backup copies of this data will be removed from our server based upon an automated schedule, which means it may persist in our archive for a short period. Eight may continue to use your de-identified data after you deactivate your account. In addition:
  • We may keep data linked to cookies and other online identifiers up to three years.
  • If we are involved in litigation or a governmental or regulatory investigation, then we keep data throughout the period of litigation or investigation and for 5 years after that. If a settlement means that we have to keep data for longer, then we keep data for the period required to administer the settlement. If we provide data to law enforcement agencies, then we keep a record of this for one year beyond the end of the investigation.

Third-party Links

This Privacy Policy only applies to our Sites, so when you link to other websites you should read those separate and independent privacy policies. Your browsing and interaction on any third-party websites, app, or service, including those that have a link or advertisement on our Sites, are subject to that third party’s own rules and policies. We are not responsible for the practices employed by websites, mobile apps, or services linked to or from the Service, including the information or content contained therein. In addition, you agree that we are not responsible for and we do not have any control over any third parties that you authorize to access your Personal Information. However, we seek to protect the integrity of our Sites and welcome any feedback about these websites.

Children’s Online Privacy Protection Act Compliance

Our Sites, products and services are all directed to people who are at least 18 years old or older. We strive to comply with the requirements of COPPA (Children’s Online Privacy Protection Act). If this server is in the United States, and you are under the age of 13, do not use this Sites. We do not knowingly collect personal information from children under the age of 18 or your country’s age of minority. If you nevertheless believe that your child has provided us with their personal information, please contact us at [email protected] and we will delete it.

Online Privacy Policy Only

This Privacy Policy applies only to information collected through our Sites and not to information collected offline.

Your Consent

By using our Sites, you consent to this Privacy Policy.

Your Rights

Other rights you have include the rights to:
  • Withdraw your consent for us to process your Personal Information.
    • You have the right to withdraw consent where you have previously given your consent to the processing of their Personal Information.
  • Object to the processing of your Personal Information.
    • You have the right to object to the processing of your Personal Information if the processing is carried out on a legal basis other than consent
  • Ask for a copy of your Personal Information.
    • This is known as a Subject Access Request. If you would like a copy of some or all your Personal Information, please email [email protected]
  • Ask us to correct your Personal Information.
    • It is your right to lodge an objection to the processing of your Personal Information if you believe that the legal ground “relating to your particular situation” applies. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defense of a legal claims.
  • Ask us to transfer your Personal Information to other organizations.
  • Ask us to erase certain categories or types of information.
    • If you choose to remove your Personal Information, you acknowledge that we may retain archived copies of your Personal Information in order to satisfy our legal obligations, or where we reasonably believe that we have a legitimate reason to do so.
  • Ask us to restrict certain processing.
    • You have the right to object to processing of Personal Information. Where we have asked for your consent to process information, you have the right to withdraw this consent at any time.
  • “Opt out” of certain sharing of Personal Information.
    • You may limit or "opt out" of our sharing your Personal Information with third parties.
    • For further information on opting out, please see the “Your Choices” section of this Privacy Policy.
  • Lodge a complaint.
    • You have the right to bring a claim before a competent data protection authority.
In compliance with the Privacy Shield Principles, we are committed to resolving any complaints about our collection or use of your Personal Information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our Privacy Officer as follows: Eight Sleep, Inc., Attn: Privacy Officer, 146 Duane St. #5A, New York, NY USA 10013; or [email protected] If we are unable to satisfactorily resolve any complaint relating to the Privacy Shield, or if we fail to acknowledge your complaint in a timely fashion, you can submit your complaint to TRUSTe, which provides an independent third-party dispute resolution service based in the United States. TRUSTe has committed to respond to complaints and to provide appropriate recourse at no cost to you. To learn more about TRUSTe's dispute resolution services or to refer a complaint to TRUSTe, visit here. If neither we nor TRUSTe resolves your complaint, you may pursue binding arbitration through the Privacy Shield Panel. To learn more about the Privacy Shield Panel, visit here.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page: but any future changes will not affect data that was collected under a previous version of this Policy. If we are going to use Personal Data collected through the Sites in a manner materially different from that stated at the time of collection, then we will notify users via email and/or by posting a notice on our Sites for 30 days prior to such use or by other means as required by law.

Contacting Us

If you have any questions, comments, or concerns about this privacy policy, please contact us using the following contact information:
Eight Sleep, Inc.
Attn: Privacy Issues
146 Duane St. #5A
New York, NY USA 10013
[email protected]

EXHIBIT A

Advertising

This type of service allows Personal Information to be utilized for advertising communication purposes displayed in the form of banners and other advertisements on the Apps and the Services, possibly based on User interests. This does not mean that all Personal Information is used for this purpose. Information and conditions of use are shown below.
Some of the services listed below may use Cookies to identify Users or they may use the behavioral retargeting technique, i.e. displaying ads tailored to the User’s interests and behavior, including those detected outside our Apps. For more information, please check the privacy policies of the relevant services.
In addition to any opt out offered by any of the services below, the User may opt out of a third-party service's use of cookies by visiting the Network Advertising Initiative opt-out page.

Bing Ads (Microsoft Corporation)

Bing Ads is an advertising service provided by Microsoft Corporation.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy – Opt Out.

Outbrain (Outbrain Inc.)

Outbrain is an advertising service provided by Outbrain Inc.
Personal Information collected: Cookies and various types of Personal Information as specified in the privacy policy of the service.
Place of processing: US – Privacy Policy – Opt Out.

Taboola Monetize Content (Taboola Inc.)

Taboola is an advertising service provided by Taboola Inc.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy – Opt Out.

Analytics

The services contained in this section enable us to monitor and analyze web traffic and can be used to keep track of User behavior.

Facebook Ads conversion tracking (Facebook, Inc.)

Facebook Ads conversion tracking is an analytics service provided by Facebook, Inc. that connects data from the Facebook advertising network with actions performed on our Apps.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy.

Google Ads conversion tracking (Google Inc.)

Google Ads conversion tracking is an analytics service provided by Google Inc. that connects data from the Google Ads advertising network with actions performed on our Apps.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy. Privacy Shield participant.

Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Personal Information collected to track and examine the use of our Apps, to prepare reports on its activities and share them with other Google services. Google may use the Personal Information collected to contextualize and personalize the ads of its own advertising network.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy – Opt Out.

Hotjar Form Analysis & Conversion Funnels (Hotjar Ltd.)

Hotjar is an analytics service provided by Hotjar Ltd. Hotjar honors generic Do Not Track headers. This means your browser can tell its script not to collect any of your Personal Information. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here.
Personal Information collected: Cookies and Usage Data.
Place of processing: Malta – Privacy Policy – Opt Out.

Google Tag Manager (Google Inc.)

Google Tag Manager is an analytics service provided by Google Inc.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy.

MixPanel (MixPanel)

MixPanel is an analytics service provided by Mixpanel Inc.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy – Opt Out.

SumoMe Content Analytics (Sumo Group Inc.)

SumoMe Content Analytics is an analytics and heat mapping service provided by Sumo Group Inc. SumoMe Content Analytics is used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy.

Yahoo Advertising conversion tracking (Yahoo! Inc.)

Yahoo Advertising conversion tracking is an analytics service provided by Yahoo! Inc. that connects data from the Yahoo advertising network with actions performed on our Apps.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy.

Commercial affiliation

This type of service allows our Apps to display advertisements for third party products or services. Ads can be displayed either as advertising links or as banners using various kinds of graphics. Clicks on the icon or banner posted on the Application are tracked by the third-party services listed below, and are shared with our Apps. For details of which data are collected, please refer to the privacy policy of each service.

ShareAsale (ShareAsale.com Inc.)

ShareAsale is a banner commercial affiliation service provided by ShareAsale.com Inc.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy.

Contacting the User

Mailing list or newsletter (our Apps)

By registering on the mailing list or for a newsletter, your email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning our Apps and our Services. Your email address might also be added to this list as a result of signing up to the App or Service or after making a purchase.
Personal Information collected: email address.

Content performance and features testing (A/B testing)

The services contained in this section allow us to track and analyze your response concerning web traffic or behavior regarding changes to the structure, text or any other component of our Apps.

Google Website Optimizer (Google Inc.)

Google Website Optimizer is an A/B testing service provided by Google Inc.
Google may use Personal Information to contextualize and personalize the ads of its own advertising network.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy.

Handling payments

Payment processing services enable our Apps to process payments by credit card, bank transfer or other means. To ensure greater security, our Apps shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction. Some of these services may also enable the sending of timed messages to you, such as emails containing invoices or notifications concerning the payment.

Amazon Payments (Amazon)

Amazon Payments is a payment service provided by Amazon.com, Inc., which allows Users to make online payments using their Amazon credentials.
Personal Information collected: various types of Data as specified in the privacy policy of the service.
Place of processing: See the Amazon privacy policy – Privacy Policy.

Apple Pay (Apple Inc.)

Apple Pay is a payment service provided by Apple Inc., which allows Users to make payments using their mobile phones.
Personal Information collected: various types of Data as specified in the privacy policy of the service.
Place of processing: US – Privacy Policy.

PayPal (PayPal Inc.)

PayPal is a payment service provided by PayPal Inc., which allows Users to make online payments.
Personal Information collected: various types of Data as specified in the privacy policy of the service.

Heat mapping and session recording

Heat Mapping services are used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of User behavior.
Some of these services may record sessions and make them available for later visual playback.

Hotjar Heat Maps & Recordings (Hotjar Ltd.)

Hotjar is a session recording and heat mapping service provided by Hotjar Ltd.
Hotjar honors generic „Do Not Track” headers. This means the browser can tell its script not to collect any of the User's data. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here.
Personal Information collected: Cookies, Usage Data and various types of Data as specified in the privacy policy of the service.
Place of processing: Malta – Privacy Policy – Opt Out.

Infrastructure monitoring

This type of service allows our Apps to monitor the use and behavior of its components so its performance, operation, maintenance and troubleshooting can be improved.
Which Personal Information is processed depends on the characteristics and mode of implementation of these services, whose function is to filter the activities of our Apps.

Sentry (GetSentry, LLC)

Sentry is a monitoring service provided by GetSentry, LLC.
Personal Information collected: various types of Data as specified in the privacy policy of the service.
Place of processing: US – Privacy Policy.

Interaction with external social networks and platforms

This type of service allows interaction with social networks or other external platforms directly from the pages of our Apps. The interaction and information obtained through the Apps are always subject to the User’s privacy settings for each social network. This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.

Twitter Tweet button and social widgets (Twitter)

The Twitter Tweet button and social widgets are services allowing interaction with the Twitter social network provided by Twitter Inc.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy.

Interaction with live chat platforms

This type of service allows you to interact with third party live chat platforms directly from the pages of an App, and for contacting and being contacted by the App’s support service. If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if you do not actively use the service. Moreover, live chat conversations may be logged.

Zopim Widget (Zopim Technologies Pte Ltd)

The Zopim Widget is a service for interacting with the Zopim live chat platform provided by Zopim Technologies Pte Ltd.
Personal Information collected: Cookies and Usage Data.
Place of processing: Singapore – Privacy Policy.

Interaction with online survey platforms

This type of service allows you to interact with third party online survey platforms directly from the pages of our Apps. If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if you do not actively use the service.

Hotjar Poll & Survey widgets (Hotjar Ltd.)

The Hotjar Poll & Survey widgets are services that enable interaction with the Hotjar platform provided by Hotjar Ltd.
Hotjar honors generic “Do Not Track” headers. This means the browser can tell its script not to collect any of the User's data. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here.
Personal Information collected: Cookies, Usage Data and various types of Data.
Place of processing: Malta – Privacy Policy – Opt Out.

Interaction with support and feedback platforms

This type of service allows you to interact with third party support and feedback platforms directly from the pages of our Apps. If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service.

Zendesk Widget (Zendesk)

The Zendesk Widget is a service for interacting with the Zendesk support and feedback platform provided by Zendesk Inc.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy.

Managing contacts and sending messages

This type of services makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with you. These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.

MailChimp (The Rocket Science Group, LLC.)

MailChimp is an email address management and message sending service provided by The Rocket Science Group, LLC.
Personal Information collected: email address.
Place of processing: US – Privacy Policy.

Managing landing and invitation pages

This type of service helps with building and managing landing and invitation pages (pages for presenting a product or service), where you may add your contact information such as an email address. Managing these pages means that these services will handle the Personal Information collected through the pages, including Usage Data.

Instapage (Instapage, Inc.)

Instapage is a landing page management service provided by Instapage, Inc., that allows our Apps to collect the email addresses of Users interested in its service. Instapage allows us to track and analyze your response concerning web traffic or behavior regarding changes to the structure, text or any other component of the created landing pages.
Personal Information collected: Cookies, email address and Usage Data.
Place of processing: US – Privacy Policy.

Managing support and contact requests

This type of service allows our Apps to manage support and contact requests received via email or by other means, such as the contact form. The Personal Information processed depends on the information provided by you in the messages and the means used for communication (e.g. email address).

Zendesk (Zendesk)

Zendesk is a support and contact request management service provided by Zendesk Inc.
Personal Information collected: various types of Personal Information as specified in the privacy policy of the service.
Place of processing: US – Privacy Policy.

Platform services and hosting

These services have the purpose of hosting and running key components of our Apps, therefore allowing the provision of our Apps from within a unified platform. Such platforms provide a wide range of tools to us – for example, analytics, user registration, commenting, database management, e-commerce, payment processing – that imply the collection and handling of Personal Information. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Information is stored.

Shopify (Shopify Inc.)

Shopify is a platform provided by Shopify Inc. that allows us to build, run and host an e-commerce website.
Personal Information collected: various types of Personal Information as specified in the privacy policy of the service.
Place of processing: Canada – Privacy Policy.

Remarketing and behavioral targeting

This type of service allows our Apps and our partners to inform, optimize and serve advertising based on your past use of our Apps. This activity is performed by tracking Usage Data and by using Cookies, information that is transferred to the partners that manage the remarketing and behavioral targeting activity. In addition to any opt out offered by any of the services below, the User may opt out of a third-party service's use of cookies by visiting the Network Advertising Initiative opt-out page.

AdRoll (AdRoll, Inc.)

AdRoll is an advertising service provided by AdRoll, Inc.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy – Opt Out.

AdWords Remarketing (Google Inc.)

AdWords Remarketing is a remarketing and behavioral targeting service provided by Google Inc. that connects the activity of our Apps with the Adwords advertising network and the Doubleclick Cookie.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy – Opt Out.

Facebook Remarketing (Facebook, Inc.)

Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Facebook, Inc. that connects the activity of our Apps with the Facebook advertising network.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy – Opt Out.

Facebook Custom Audience (Facebook, Inc.)

Facebook Custom Audience is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of our Apps with the Facebook advertising network.
Personal Information collected: Cookies and email address.
Place of processing: US – Privacy Policy – Opt Out.

Tag Management

This type of service helps us to manage the tags or scripts needed on our Apps in a centralized fashion.
This results in Personal Information flowing through these services, potentially resulting in the retention of this Personal Information.

Segment (Segment Inc.)

Segment is a tag management service provided by Segment.io, Inc.
Personal Information collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy. Privacy Shield participant.

Traffic optimization and distribution

This type of service allows our Apps to distribute their content using servers located across different countries and to optimize their performance.
Which Personal Information is processed depends on the characteristics and the way these services are implemented. Their function is to filter communications between our Apps and your browser. Considering the widespread distribution of this system, it is difficult to determine the locations to which the contents that may contain Personal Information is transferred.

Cloudflare (Cloudflare)

Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc. The way Cloudflare is integrated means that it filters all the traffic through our Apps, i.e., communication between our Apps and the User's browser, while also allowing analytical data from our Apps to be collected.
Personal Information collected: Cookies and various types of data as specified in the privacy policy of the service.
Place of processing: US – Privacy Policy.

User database management

This type of service allows us to build user profiles by starting from an email address, a personal name, or other information that the User provides to our Apps, as well as to track User activities through analytics features. This Personal Information may also be matched with publicly available information about you (such as social networks' profiles) and used to build private profiles that we can display and use for improving our Apps. Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on our Apps.

Intercom (Intercom Inc.)

Intercom is a User database management service provided by Intercom Inc. Intercom can also be used as a medium for communications, either through email, or through messages within our product(s).
Personal Information collected: email address and various types of Personal Information as specified in the privacy policy of the service.
Place of processing: US – Privacy Policy.

Eight Sleep

25 West 26th St. New York, NY 10010

©2019 Eight Sleep All Rights Reserved

+1 888 699 4015