Privacy Policy

/

Last updated: May 16, 2026

1、Introduction

This Privacy Policy explains how MuseRest AI ("We", "Us", or "Our") collects, uses, and discloses information relating to users when they access or use Our iOS mobile application and other online products and services (collectively, the "Services"), as well as when they contact Our customer service team, interact with Us on social media, or otherwise engage with Us.

Users are requested to read this Policy carefully to clearly understand the rules governing the processing of personal information. Provisions specific to residents of certain jurisdictions are set forth in the designated sections of this Policy.

We reserve the right to amend this Privacy Policy from time to time. Upon amendment, the effective date indicated at the beginning of this Policy will be updated. In the case of material changes, we will provide separate notice to users. By continuing to use the Application, users shall be deemed to have voluntarily agreed to all the amended terms of this Privacy Policy.

2、Information We Collect

When users register an account, use the features of the Services, participate in interactive activities, make purchases, communicate with Us via social media, request customer support, or otherwise interact with Us, We shall, within the scope set forth in this Privacy Policy, lawfully collect the relevant personal information of users. The specific categories and details of information collected are as follows:

2.1 Information Actively Provided by Users

Personal information that users voluntarily fill in or submit, including but not limited to information generated during account registration, profile editing, preference settings, feedback submission, and social interactions. The specific details and purposes are as follows:

  • Account Registration Information: email address, account password (not email password) – used for account registration, login authentication, and account security protection.

  • Profile Information: nickname, avatar, gender, date of birth, language preference – used for profile display.

  • Preference Information: preferred musical instruments, music genres, song types – used to provide reference for AI creation features.

  • Feedback Information: feedback content, contact information, application version, operating system version, device model – used to process user feedback and optimize product iterations.

  • Social Interaction Information: friend request data – used to enable social features and manage friend interactions.

2.2 Information Automatically Collected When Users Use the Services

During users’ use of the Services or interaction with Us, We will automatically collect certain usage data. With respect to health-related data such as sleep tracking and sleep sound data, We shall strictly process such data in accordance with the original collection purpose, shall not infer medical-related characteristics, and shall not use such data for medical purposes including disease diagnosis, treatment, or prevention. The specific categories of automatically collected information are as follows:

  • Device Information: device identifier (on iOS platforms, the Identifier for Vendor (IDFV), which may be reset by users; We do not collect permanent, non-resettable device identifiers such as IMEI), device name, device type (iPhone/iPad/Apple Watch), device model, operating system version – used for device management, session management, and security verification. The device identifier is used solely for device identification and security management within this Application, and we do not engage in cross-application user tracking.

  • sleep tracking Data: sleep onset time, wake-up time, sleep duration, sleep stages (awake / light sleep / deep sleep / REM), sleep score – used to generate sleep reports and AI-powered analysis.

  • Sleep Sound Data: audio files, snoring duration and frequency, sleep-talking duration and frequency, abnormal sound duration and frequency, ambient decibel level – used to analyze sleep quality and assess the sleep environment.

  • Training Record Data: the type and duration of breathing exercises and meditation sessions: –the used to improve AI creation reference configurations and support the operation of local AI services.

  • Session Information: session token, unique device identifier (IDFV), device name, device type (iPhone/iPad/Apple Watch), session activation status, last active time, session creation time – user creation time, device login control (only one device may remain online per account), and multi-device login management.

  • Usage Calendar Data: daily usage records of sleep, training, etc. – used to generate usage overviews and retain historical usage data.

  • Local AI Service Data: conversation messages, AI persona settings, user profile, episodic memory (including significant events and reminders extracted from conversations), intent recognition results – used to enable AI conversational interaction, intelligent memory management, proactive care (proactive questioning and recall triggers), and generation of sleep recommendations. Such data is processed entirely on the user’s local device and is never uploaded to cloud servers.

Special Provisions Regarding Sensitive Data:

Sleep sound data contains personal biometric features and records of private activities, and therefore constitutes sensitive personal information / special category data as defined under the GDPR. We shall obtain users’ separate explicit consent for the collection of such data, and shall implement the following special protective measures:

  1. Raw audio files are stored solely on the user’s local device and are never uploaded to the cloud;

  2. Only anonymized statistical values (duration and frequency) are stored in the cloud; such statistical values cannot be used to identify voiceprint characteristics;

  3. Users may disable the sleep sound monitoring feature at any time in the Application settings, upon which we will cease collection of such data;

  4. Users may independently delete relevant data from both local and cloud storage; such deletion is irreversible.

For the information collected based on user consent as described above, users may withdraw their consent at any time through the following means:

  1. disabling the relevant feature on the corresponding function page within the Application (e.g., disabling sleep sound monitoring, disabling social features);

  2. revoking the relevant permission in the device system settings (e.g., revoking HealthKit access, revoking microphone access).

Withdrawal of consent shall not affect the lawfulness of processing activities carried out prior to such withdrawal. After withdrawal, we will cease further data processing and delete the relevant data as agreed.

2.3 Third-Party Health Application Data

Upon users’ active authorization, We may receive sleep-related data from the health application on users’ devices (e.g., Apple HealthKit). Such data shall be used solely for generating sleep reports and performing AI‑powered sleep analysis, shall not be used to infer medical characteristics, and shall be strictly prohibited from being used for advertising, marketing, or unrelated user profiling. Users may revoke HealthKit data access permissions at any time in their device system settings.

2.4 Third-Party Login Information

When users create or log in to their accounts with Us through a third‑party service account, We shall obtain, within the scope of users’ authorization, the following basic identifier information from the third‑party platform:

  • Sign in with Apple: Apple ID sub‑identifier, associated email address – used for application account association and login verification.

  • Sign in with Google: Google ID, associated email address, user name, user avatar – used for application account association, login verification, and user information auto‑population.

2.5 Subscription and Payment Information

When users purchase subscriptions or products, we will collect transaction‑related data. Client‑side payment processing is completed independently by the Apple App Store, and for web‑based checkout We additionally offer PayPal. We shall not collect sensitive payment information such as bank card numbers or payment account credentials.

  • Subscription Information: subscription type, product ID, subscription status, start and end dates, auto‑renewal status, Apple Original Transaction ID, PayPal subscription ID – used for membership entitlement management.

  • Purchase Records: transaction ID, original transaction ID, product ID, product type, product name, amount, currency type, quantity, payment method, payment status, payment time, cancellation time, refund time – used for subscription order management.

  • Membership Purchase Logs: product ID, transaction ID, original transaction ID, purchase type, quantity, hash value of receipt data, processing status – used for purchase record auditing.

  • Refund Records: order ID, refund amount, refund reason, refund status, payment provider refund ID – used for refund process management.

  • App Store Notification Logs: notification UUID, notification type, subtype, transaction ID, original transaction ID, hash value of payload data, processing status, error message – used for processing App Store server notifications.

2.6 AI Creation‑Related Data

When users use AI creation features, we process data in accordance with the principles of privacy by design. Only necessary metadata is retained in the cloud. AI creation prompts (original user‑uploaded data) and the AI computation process are used solely to fulfill the particular creation request; upon completion of processing, such data shall be destroyed and shall not be retained on Our servers, nor shall they be used for AI model training, nor shared with any third party.

  • AI Creation Records: creation type, audio playback URL (i.e., the audio file), audio name, description – used to provide users with ongoing access to their resources.

  • AI Reference Settings: request date, personal preferences, training record information, sleep tracking data, sleep trends (sleep tracking data covering more than one day), custom notes – used to construct prompts necessary for AI creation.

  • Mixing Formula: formula name, material composition, volume parameters – processed for mixing playback and editing.

Privacy Protection Statement:

  • AI Creation Records: Only AI creation records are stored in the cloud. Audio files generated through the AI creation features shall be retained until the user deletes their account or manually deletes such files. Users may manually delete such files at any time within the Application.

  • AI Reference Settings: Each category of data’s access permission may be toggled on or off independently.

3、How We Use Information

We strictly adhere to the principle of data minimization, and shall process users’ personal information only within the purposes set forth in this Privacy Policy, and shall not use such data beyond the agreed scope. The specific usage scenarios, categories of data involved, and legal bases are as follows:

3.1 Providing and Maintaining Core Services

Purpose of Processing: to provide users with core services including sleep tracking, training guidance, and music creation.

Categories of Information Involved: account information, device information, sleep data, training data, personal preferences, mixing formula.

Legal Bases:

  1. General Personal Information: necessary for the performance of a contract (under the GDPR, pursuant to Article 6(1)(b));

  2. Sensitive Personal Information (sleep tracking data, sleep sound data): based on users’ explicit consent (under the GDPR, pursuant to Article 6(1)(a) in conjunction with Article 9(2)(a)). Such data is essential for providing sleep tracking and analysis services; refusal to consent will result in the inability to use core sleep features.

Specific Uses:

  1. Sleep tracking Feature: processes users’ sleep tracking data and sleep sound data (processing occurs locally on the device; only acoustic statistical values such as snoring frequency and ambient noise levels are extracted for subsequent cloud analysis at the user’s option) to generate sleep reports;

  2. Sleep Trend Analysis: processes users’ sleep tracking data and sleep sound data to display visualized data trends (does not involve any cloud storage);

  3. AI Analysis Report: generates AI‑powered sleep data analysis based on users’ sleep tracking data;

  4. Breathing and Meditation Training: records users’ training data to provide local viewing for users and as a basis for AI creation;

  5. Music and Mixing Playback: provides music and mixing creation services and music playback services for users.

3.2 AI Creation and Local AI Services

Purpose of Processing: to provide AI music creation and local AI conversation.

Categories of Information Involved: sleep tracking data, training record data, personal preferences, AI reference settings, AI creation records, local AI service data.

Legal Bases:

  1. General Personal Information: necessary for the performance of a contract (under the GDPR, pursuant to Article 6(1)(b));

  2. Sensitive Personal Information (sleep tracking data, sleep sound data): based on users’ explicit consent (under the GDPR, pursuant to Article 6(1)(a) in conjunction with Article 9(2)(a)).

Specific Uses Include:

  1. AI Music Creation: invokes cloud‑based AI to generate audio content based on data selected under users’ AI reference setting permissions and the chosen creative factors;

  2. AI Conversational Interaction: users run AI models on their local devices to generate conversation replies; through intent recognition, local AI models are provided to invoke and query local sleep data, training records, and other services;

  3. Intelligent Memory Management: extracts important information from local conversations and stores it locally to provide a coherent local AI conversation experience;

  4. Proactive Care Service: uses local AI to proactively initiate conversations when the user is idle or at specified times. This feature only takes effect when the user is actively using the Application and does not involve any background notifications;

  5. Sleep Recommendation Generation: generates sleep recommendations locally based on conversation records, adds them to AI reference settings, and applies information desensitization processing locally.

Privacy Protection Statement:

  • AI Creation: as described in Section 2.6, such data is used solely to process the particular creation request, shall be destroyed upon completion, shall not be retained on Our servers, and shall not be used for training AI models or shared with other users.

  • Local AI Services: all AI computation and data storage are performed entirely on the user’s local device.

3.3 Social Features

Purpose of Processing: to enable friend management and the sharing of sleep reports with friends.

Categories of Information Involved: Social Interaction Information, sleep tracking data (excluding sleep sound data for this purpose).

Legal Bases:

  1. General Personal Information: necessary for the performance of a contract (under the GDPR, pursuant to Article 6(1)(b));

  2. Sensitive Personal Information (sleep tracking data): based on users’ explicit consent (under the GDPR, pursuant to Article 6(1)(a) in conjunction with Article 9(2)(a)).

Specific Uses Include:

  1. Friend Management: processes friend requests – used for sending friend requests, accepting or rejecting such requests, and deleting friends;

  2. Friend Sleep Report Sharing: shares the user’s sleep reports (covering the most recent 7 days) with the user’s confirmed friends (i.e., friends whose friend requests the user has accepted).

Privacy Protection Statement:

  • The shared data includes only sleep tracking data, and excludes sleep sound data and AI‑related data. Data sharing permissions may be freely enabled or disabled on the relevant feature page.

  • Users may terminate a friendship or disable report sharing permissions at any time. After termination or disabling, such friend will no longer be able to view the user’s sleep reports.

3.4 Account Security

Purpose of Processing: to secure user accounts and manage login devices and sessions.

Categories of Information Involved: Account Registration Information, Session Information, Device Information.

Legal Basis: legitimate interests (under the GDPR, pursuant to Article 6(1)(f)).

The specific legitimate interests are: preventing account unauthorised access, detecting anomalous login behaviour, and maintaining the overall security and stability of the Services.

Specific Uses Include:

  1. Login Verification: verifies the user’s identity to prevent unauthorised access;

  2. Device Management: manages the user’s login devices and session status;

  3. Session Management: maintains secure sessions for multi‑device logins.

3.5 Product Improvement

Purpose of Processing: to optimize product features and improve service quality through user feedback and de‑identified usage data.

Categories of Information Involved: Feedback Information, de‑identified usage data.

Legal Basis: legitimate interests (under the GDPR, pursuant to Article 6(1)(f)).

The specific legitimate interests are: analyzing product usage trends, optimizing product features, and enhancing user experience.

Specific Uses Include:

  1. Process user‑submitted feedback to improve product features;

  2. Collect de‑identified usage data to analyze product usage trends and performance.

Privacy Protection Statement:

  • When submitting feedback, users should avoid proactively providing any sensitive personal information (such as real name, health status, biometric data, etc.). If we discover that feedback contains sensitive data, we will promptly delete or anonymize it.

3.6 Membership Services

Purpose of Processing: to manage subscription entitlements, verify membership status, and provide cloud data synchronization services.

Categories of Information Involved: Subscription Information, Purchase Records, sleep tracking data.

Legal Basis: based on users’ explicit consent (under the GDPR, pursuant to Article 6(1)(a) and Article 9(2)(a)).

Specific Uses Include:

  1. Subscription Management: processes users’ subscription information and purchase records;

  2. Entitlement Verification: verifies users’ membership status and corresponding entitlements;

  3. Cloud Data Synchronization: provides cloud synchronization services for sleep tracking data (excluding sleep sound data) to subscribing users.

Privacy Protection Statement:

  • For cloud data synchronization, users may withdraw synchronization permissions at any time. After withdrawal, they will no longer be able to use the cloud synchronization service, but their local core features will not be affected. Users may manually delete their cloud‑synchronized data at any time in the settings.

4、Information Storage

4.1 Storage Location

Our core servers are deployed on Alibaba Cloud in the United States (Silicon Valley region). As we operate in the United States and other countries/regions, user information may be transferred to and stored in the United States. Certain private data is stored only on the user’s local device and is not uploaded to the cloud.

Where required by law, We will provide adequate protection for the transfer of personal data in accordance with applicable laws, for example by obtaining users’ consent, relying on an adequacy decision by the European Commission, or implementing the Standard Contractual Clauses (SCCs).

4.2 Data Storage Strategy

We adopt a tiered “cloud + local” storage model. The specific storage allocation criteria are as follows:

  • Cloud + Local Synchronized Storage: Profile Information, Preference Information, Account Registration Information, Device Information, Session Information, Third‑Party Login Information, Mixing Formula.

  • Local Storage with Member‑Only Cloud Synchronization: sleep tracking data (only records with a duration of 90 minutes or more may be synchronized to the cloud; records falling short of this duration will be automatically deleted and shall not be stored locally or in the cloud), AI analysis reports.

  • Local Storage Only (Not Uploaded to the Cloud): sleep tracking data, Training Record Data, Usage Calendar Data, AI Reference Settings, Local AI Service Data, Sleep Sound Data, Third‑Party Health Application Data.

  • Cloud Storage Only: Social Interaction Information, Feedback Information, Subscription and Payment Information.

  • Cloud Stores Only Metadata: AI Creation Records (only metadata is stored in the cloud; complete prompts and AI thinking processes are not included).

  • Short‑Term Cache: verification codes (automatically deleted upon expiry after 3 minutes).

4.3 Data Retention Periods

We set data retention periods strictly in accordance with the purposes of processing. Where there is no longer a lawful basis for retention, data will be automatically deleted. The specific retention rules are as follows:

  • Verification Codes: valid for 3 minutes; immediately invalidated after 5 consecutive incorrect attempts; automatically deleted upon use or expiry. Daily sending limit: 5 times per email address, 10 times per access identifier; counters reset the following day.

  • Sleep Sound Data: local audio files are retained until the user actively deletes them or deletes their account. Users may delete all sleep sound data for any date at any time within the Application. After withdrawal of consent, We will cease collecting new sound data and users may manually delete existing data.

  • sleep tracking Data: for subscribing users, data synchronized to the cloud is retained as long as the user uses the Application; upon account deletion, such data is permanently deleted together with the account data. Data is retained until the user actively deletes it or deletes their account.

  • AI Creation Prompts and Thinking Processes: used solely to process the particular request; destroyed upon completion and not retained.

  • AI Creation Generated Audio: retained for the duration of the user’s account; users may delete it at any time within the Application.

  • AI Conversation Records: stored locally; users may manually select a cleanup policy (7 days / 30 days / never), or manually clear all records.

  • Sleep Recommendation Records: stored locally; the current day’s recommendation is overwritten when the next day’s recommendation is generated.

  • Messages: client‑side local cache retains the most recent 30 days of messages; cloud storage retains messages for 45 days (excluding system messages). When a user deletes a message, it is also deleted from the cloud. Friend requests are valid for 24 hours.

  • Server Access Logs: retained for up to 30 days for purposes of website operation, technical issue diagnosis, and abuse prevention.

  • Feedback and Error Reports: retained for up to 24 months for investigation and community standards purposes, after which they are deleted or aggregated.

  • Session Information: session validity period is 7 days; sessions are deleted when the user actively logs out, when a new device login invalidates the old session, or upon session expiry.

  • Account Deletion: cooling‑off period of 3 days. Permanent deletion is executed after the cooling‑off period ends; after deletion, data cannot be recovered.

  • Other Data: retained for the duration of the user’s use of the Application, until the user deletes such data or deletes their account.

We will not retain personal data for longer than necessary for the purposes for which it is processed, unless applicable law requires a longer retention period.

4.4 Data Transfer and International Transfer

Our core servers are deployed on Alibaba Cloud in the United States (Silicon Valley region). When users use our services, their data will be processed and stored in the United States.

As a result, we and our service providers process information in countries which may not provide equivalent levels of data protection in your home jurisdiction. Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law, such as by obtaining your consent, relying on the European Commission’s adequacy decisions, or executing Standard Contractual Clauses. Where relevant, you may request a copy of these Standard Contractual Clauses by emailing us at support@muserestai.com.

5、Information Sharing

We will not sell users’ personal information. We will share user data only to a limited extent and solely in the following compliant scenarios:

5.1 Sharing with User Authorization

  • Friend Functionality: manage friends (each user may add only one friend).

  • Friend Permission Control: users may independently set sleep report sharing permissions.

5.2 Service Providers and Processors

We engage qualified third‑party service providers to process certain data on our behalf, and have entered into Data Processing Agreements with them to ensure that they process data in compliance with our instructions. The specific partners are as follows:

  • Alibaba Cloud: provides cloud server hosting (US Silicon Valley region) for storing designated cloud data. Alibaba Cloud acts as a processor. Its parent company is located in China, but user data is stored only in the US region, and We have not authorised it to transfer such data to China or any other region. In addition, Alibaba Cloud provides AI model API services, primarily used for generating AI analysis reports. Such services are also called only in the US region and do not store users’ prompts. Please note: as a Chinese company, Alibaba Cloud may be subject to the laws of China; however, because your data remains stored in the US and We have not authorised any transfer, the practical impact of such laws on your data is extremely limited.

  • TempoLor: provides cloud‑based AI music generation technical services. When you use the music generation feature, We transmit only non‑original user data that has been anonymised and de‑identified and cannot be used to identify any specific individual. We never transmit your email address, identity information, raw audio, raw private sleep data, or any sensitive personal content. TempoLor acts solely as a processor providing one‑time music generation services; it does not retain such data, use it for marketing, or share it with any third party.

  • Apple: processes subscription purchase information for App Store billing. Apple processes such data in accordance with its own privacy policy.

  • PayPal: acts as a payment processor for user subscriptions and one‑time purchases. We transmit only order IDs and amounts to PayPal, and do not transmit users’ sleep data, health data, or other personal information. PayPal processes such data in accordance with its own privacy policy.

Cross‑border Transfer Statement: The processors listed above may be located in China or the United States. Where user data needs to be transferred cross‑border to such processors, We will implement adequate safeguards in accordance with applicable data protection laws, including obtaining users’ explicit consent, implementing the EU Standard Contractual Clauses (SCCs), or relying on an adequacy decision where applicable.

5.3 Legal Requirements

We may share users’ personal information where required by laws and regulations, legal process, litigation, or compulsory request from government authorities.

5.4 Financial Incentive Programs

We currently do not offer any financial incentive programs (such as rewards for surveys or referrals). If We offer such programs in the future, We will separately provide users with the terms and conditions of participation, including how to participate, the nature of the incentives, and the reasonable relationship between the value of users’ personal information and the incentives offered. Users may opt out of any such program at any time.

6、Information Security

We implement both technical and administrative safeguards to comprehensively protect users’ personal information. The specific protective measures are as follows:

  1. Encryption in Transit: all data transmissions are encrypted using HTTPS/TLS;

  2. Storage Security: sensitive data is stored in encrypted form; passwords and verification codes are encrypted or hashed;

  3. Access Control: token‑based authentication mechanism supporting multi‑device session management;

  4. Privacy by Design:

  • No storage of precise geolocation information (e.g., GPS coordinates).

  • Sleep sound audio files are stored only on the local device and not uploaded to the cloud.

  • Only metadata for AI creation records is stored in the cloud; complete prompts and AI thinking processes are not included.

  • Email addresses are masked when displayed (e.g., exa***@email.com).

  1. Security Protection: prevents security risks such as SQL injection, XSS attacks, and CSRF attacks;

  2. File Upload Security: restricts file types and sizes to prevent malicious file uploads;

  3. Account Password Security: after 5 consecutive incorrect password attempts, the account will be temporarily locked for 30 minutes to prevent brute‑force attacks.

6.1 Data Protection Impact Assessment

Given that the sleep data, health data, and sound data processed by Us fall within the definition of special categories of personal data under the GDPR, We have completed a comprehensive Data Protection Impact Assessment (DPIA). The assessment confirms that:

  1. We have implemented appropriate technical and organisational measures to protect users’ sensitive data;

  2. Data processing complies with the principles of data minimisation and purpose limitation;

  3. All high‑risk data processing activities have been identified and mitigated;

  4. DPIA reviews are conducted periodically to ensure ongoing compliance.

7、Users’ Rights

Pursuant to applicable data protection laws and regulations, users enjoy the following statutory rights and may exercise independent control over their personal information:

7.1 Access and Rectification

Users may view and modify their profile information within the Application, including nickname, avatar, gender, date of birth, language preference, etc. The specific path is: Profile → Edit Information.

Users may view their various categories of data through the following paths within the Application:

  • Sleep tracking data and sleep sound data: Home → Sleep Report / Sleep Trends.

  • Training records: Profile → Breathing Exercise / Meditation History.

  • AI creation records and mixing formulas: Profile → Creation Records.

  • Friend information: Profile → Friend Center.

  • Subscription information: Profile → Member Center.

7.2 Deletion

  • Message Deletion: users may delete messages; upon deletion, the messages are also removed from the cloud simultaneously.

  • Mixing Formula Deletion: users may delete mixing formulas they have created.

  • AI Creation Record Deletion: users may delete AI creation records, and the related files are simultaneously deleted from the cloud.

  • Sleep Sound Data Deletion: users may delete sleep sound data for all dates.

  • sleep tracking Data Deletion: users may delete sleep tracking data for all dates.

  • Social Data Deletion: users may delete all friend relationships and friend sharing permission settings.

  • Profile Data Deletion: users may delete all profile information and user preferences.

  • Account Deletion: users may request account deletion in Settings → Account & Security.

When you delete your sleep tracking data, any historical reports previously shared with friends will also become invalid immediately, and such friends will no longer be able to view such data.

All data is subject to hard deletion and cannot be recovered after deletion.

7.3 Account Deletion

  • After a deletion request is submitted, a 3‑day cooling‑off period applies.

  • During the cooling‑off period, users may cancel the deletion request at any time.

  • After the cooling‑off period ends, We will immediately delete all of the user’s personal information and data.

  • After deletion, data cannot be recovered.

7.4 Withdrawal of Consent

For personal information processed on the basis of users’ consent, users have the right to withdraw such consent at any time. The specific methods are as follows:

  • Sleep Sound Data: disable the sleep sound monitoring feature in the function settings; upon disabling, we will cease collecting sleep sound data.

  • sleep tracking Data Upload: disable the sleep tracking upload feature in the function settings; upon disabling, We will cease cloud storage of sleep tracking data for subscribing users (free users’ data is stored only locally).

  • Local AI Services: disable the corresponding feature toggles in Settings → Advanced Settings (e.g., disable sleep recommendation feature, disable proactive questioning feature, etc.); delete episodic memory and recall triggers in the memory management section of the AI conversation page.

  • Social Features: remove friend relationships or adjust permission settings in friend settings.

  • HealthKit Data: revoke this Application‘s access to HealthKit in the device system (Settings → Privacy & Security → Health), or disable HealthKit synchronization within the Application.

  • Device Permissions: revoke the Application’s microphone, notification, and other permissions on the corresponding feature page of the device system.

  • Other Consent Matters: contact us to withdraw consent via in‑app feedback or by sending an email to support@muserestai.com.

Withdrawal of consent shall not affect the lawfulness of processing activities carried out prior to such withdrawal.

7.5 Permission Management

  • Users may choose whether to enable and record sleep sound data.

  • Users may choose whether to enable sleep tracking data upload.

  • Users may manage friends’ data viewing permissions.

  • Users may choose whether to use daily information, personal preferences, training information, sleep records, sleep trends, and custom notes in the AI reference settings as AI references.

  • Users may control the toggles for local AI service features (e.g., sleep recommendations, proactive questioning) in the advanced settings.

  • Users may manage episodic memory and recall triggers on the AI conversation page and delete memory data that is no longer needed.

7.6 Additional Rights for European Users

If users are located in the European Economic Area (EEA), Switzerland, or the United Kingdom, users also have the following rights:

  • Right to Restriction of Processing: in certain circumstances, users may request that we restrict the use of their data.

  • Right to Data Portability: users have the right to receive the personal data they have provided to Us in a structured, commonly used, and machine‑readable format. Users may also request that we transmit such data directly to another controller, where technically feasible. We will provide data exports in CSV or JSON format. Portability requests may be submitted by emailing support@muserestai.com, and We will respond within one month of receiving a valid request.

  • Right to Withdraw Consent: users may withdraw their consent at any time; such withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal.

  • Right to Lodge a Complaint: users have the right to lodge a complaint with the data protection authority in their country of residence.

    • For users located in the EEA, the list of supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

    • For users located in the UK, complaints may be submitted to the Information Commissioner‘s Office (ICO) at: https://ico.org.uk/make-a-complaint/.

7.7 Exercising Rights and Verification

To exercise any of the above rights, please contact us via in‑app feedback or by sending an email to support@muserestai.com. We will respond to users‘ requests within 30 days. Before processing a request, We may require users to verify their identity.

If a user designates an authorised agent to exercise rights on their behalf, we may require the user to provide written proof of authorisation, and may still require the user to verify their identity directly with Us.

7.8 California Consumer Privacy Rights (CCPA/CPRA)

If a user is a California resident, they have the following rights:

  • Right to Know: the right to request disclosure of the categories and specific pieces of personal information we have collected, used, shared, and sold about the user.

  • Right to Delete: the right to request deletion of the user’s personal information that We have collected (subject to statutory exceptions).

  • Right to Correct: the right to request correction of inaccurate personal information.

  • Right to Limit Processing: the right to request limitation of the processing of the user’s sensitive personal information.

  • Right to Opt‑Out: We do not sell users’ personal information, nor do We use users’ personal information for cross‑context behavioural advertising without their explicit consent.

To exercise CCPA rights, please send an email to support@muserestai.com with the subject line “CCPA Rights Request”. We will respond to users‘ requests within 45 days. After identity verification, users may also exercise rights through an authorised agent.

8、Children‘s Privacy

This application is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will promptly delete that data.

9、Updates to This Privacy Policy

We may update this Privacy Policy from time to time. The updated policy will be posted within the Application. Material changes will be notified to users via in‑app notice or email. By continuing to use the Application, users agree to the updated Privacy Policy.

10、Contact Information

If users have any questions, comments, or suggestions regarding this Privacy Policy, please contact Us through the following methods:

  • In‑app feedback: Settings → Feedback

  • Email: support@muserestai.com