sleep sounds : x

Privacy Policy

Version: 1.0 (Singapore) Last Revised: 10 May 2026 Publisher: Vongsion (Beijing) Technology Co., Ltd.
Important Notice: This Privacy Policy applies to users of sleep sounds : x in Singapore and is designed to comply with the Singapore Personal Data Protection Act 2012 (PDPA). This App is intended for users aged 18 and above only. If you are under 18, please do not use this App.

Contents

  1. About This Policy
  2. Data We Collect
  3. How We Use Your Data
  4. Data Sharing & Third Parties
  5. Overseas Data Transfers
  6. Data Retention & Security
  7. Your Rights Under PDPA
  8. Age Restriction
  9. Future Subscription Services
  10. Policy Changes & Notification
  11. Contact & DPO

01 About This Policy

Vongsion (Beijing) Technology Co., Ltd. ("we", "us", or "our") operates the mobile application sleep sounds : x ("App"). This Privacy Policy explains what personal data we collect, why we collect it, how it is used and shared, and what rights you have under the Singapore Personal Data Protection Act 2012 (PDPA).

When you first launch the App, you will be prompted to review and agree to this Privacy Policy and our Terms of Service. By tapping "Agree and Continue", you confirm that you have read, understood, and agreed to this Privacy Policy. If you do not agree, please do not use the App.

No account required. sleep sounds : x does not require you to register or log in. Audio content may be downloaded on demand via a content delivery network when a connection is available. We do not collect your name, email address, phone number, or any directly identifying information.

Our personnel may remotely access Firebase Analytics and Crashlytics data for the limited purposes of app performance analysis, crash diagnosis, and responding to user data requests submitted under Section 7. Such access is conducted in compliance with all applicable data protection laws and is subject to internal access control policies.

02 Data We Collect

We collect only the minimum data necessary to operate and improve the App. All data is collected automatically via the Firebase SDK when you use the App.

Data Type Specific Items Collection Method Purpose Personal Data (PDPA)
Device Information Device model, operating system version Automatically via Firebase SDK App performance analysis May be considered personal data when combined with other information
Usage Behaviour E.g. sound type selected, session duration, timer settings Automatically via Firebase Analytics Improve sound features and user experience May be considered personal data when combined with other information
App Activity Data First install timestamp, app version number, screen views, session start/end events — automatically recorded by the Firebase Analytics SDK as part of standard SDK initialisation Automatically via Firebase Analytics SDK App performance analysis and feature usage measurement May be considered personal data when combined with other information
Crash & Diagnostics Data Crash logs, stack traces, app performance metrics — automatically recorded by the Firebase Crashlytics SDK when the App encounters an error or performance issue Automatically via Firebase Crashlytics SDK Crash reporting and app stability monitoring May be considered personal data when combined with other information
App Instance Identifier Firebase App Instance ID — a non-advertising, app-installation identifier automatically assigned by Firebase SDK upon first App launch Automatically assigned by Firebase SDK Used solely to locate and process your data deletion request (Section 7). Not used for advertising, tracking, or profiling. Unique installation identifier — may constitute personal data
Android Advertising ID (AAID) Android Advertising ID — a resettable, device-level advertising identifier Automatically via Google Play Services (accessed by Firebase SDK) Measuring ad campaign attribution (understanding which marketing channels drive App installs) — not used for personalised advertisements. See Section 3 for details. Device-level advertising identifier — may constitute personal data. You may reset or opt out via Android Settings.

We do not collect your name, email address, phone number, precise location data, health or biometric information, financial details, or microphone or camera data. The App Activity Data and Crash & Diagnostics Data listed above are automatically recorded by the Firebase SDK and are used solely for performance analysis, crash reporting, and app stability monitoring. The Firebase App Instance ID is used exclusively for processing data deletion requests (Section 7). The Android Advertising ID (AAID) is collected and used based on the legitimate interests exception (PDPA s.17B) solely for measuring advertising attribution as described above; you may object to this processing at any time by contacting our DPO at dpo@vongsion.com, or by resetting your AAID or opting out of ad personalisation via Android Settings → Privacy → Ads, after which we will no longer be able to perform attribution for your device.

How to Stop Data Collection

Data collection is tied to your App installation. You may stop all Firebase data collection at any time by:

  • Uninstalling the App — this stops all ongoing data collection immediately;
  • Resetting your AAID — to stop advertising attribution specifically, you may reset your AAID or enable "Opt out of Ads Personalisation" via Android Settings → Privacy → Ads at any time;
  • Requesting data deletion — to delete previously collected data, please follow the Data Deletion Process in Section 7.

03 How We Use Your Data

We use the data collected for the following purposes:

Purpose Data Used Legal Basis (PDPA)
Improve App functionality and user experience Usage behaviour data Legitimate interests exception (PDPA s.17B)
Detect abnormal usage and ensure App security Device information, usage behaviour Legitimate interests exception (PDPA s.17B)
Monitor app stability and diagnose crashes Crash & diagnostics data Legitimate interests exception (PDPA s.17B)
Measure advertising attribution (understanding which marketing channels drive App installs) Android Advertising ID (AAID) Legitimate interests exception (PDPA s.17B). You may object to this processing at any time by contacting our DPO at dpo@vongsion.com, or by resetting your AAID via Android Settings → Privacy → Ads.
About the Android Advertising ID (AAID). We collect your AAID solely to measure the effectiveness of our marketing campaigns — for example, to understand whether an install came from a particular ad channel. We do not display advertisements inside the App, and we do not use the AAID to serve personalised ads to you. Collection and use of the AAID is based on the legitimate interests exception under PDPA s.17B. You may object to this processing at any time by contacting our DPO at dpo@vongsion.com, or by resetting your AAID or enabling "Opt out of Ads Personalisation" via Android Settings → Privacy → Ads. After opt-out, attribution measurement will cease for your device.

Legitimate Interests

For the purposes that rely on the legitimate interests exception under PDPA section 17B, we have conducted a Legitimate Interests Assessment balancing your privacy interests against our business purposes. A summary of this assessment is available upon request by emailing dpo@vongsion.com.

You have the right to object to processing based on legitimate interests at any time. To do so, please email dpo@vongsion.com with the subject line "Objection to Legitimate Interests Processing". We will acknowledge your objection within 72 hours and provide a substantive response within 30 days. Where we agree to cease processing, we will do so in accordance with the deletion process described in Section 7. If you remain dissatisfied, you may lodge a complaint with the PDPC at www.pdpc.gov.sg.

04 Data Sharing & Third Parties

We share data only with the third party listed below and only for the stated purpose. We do not sell your personal data.

Third Party Data Shared Purpose Privacy Reference
Google Firebase
(Analytics, Crashlytics)
Device information, usage behaviour data, crash & diagnostics data, Android Advertising ID (AAID) App performance analysis, crash reporting, and advertising attribution measurement Firebase Privacy

We may also disclose personal data if required to do so by law, court order, or any governmental or regulatory authority, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

05 Overseas Data Transfers

Your data is stored and processed on Google Cloud servers, which may be located outside Singapore, including in the United States. We are required by the PDPA (section 26) to ensure that any overseas recipient of your personal data provides a standard of protection comparable to that under the PDPA.

We meet this obligation through contractual arrangements. Specifically:

  • All data transferred to Google LLC (via Firebase Analytics and Crashlytics) is governed by Google's Data Processing Terms, which include contractual safeguards consistent with the requirements of PDPA section 26, requiring Google to maintain a standard of data protection comparable to the PDPA. We have assessed that Google's Data Processing Terms provide a standard of protection that, in our reasonable assessment, is comparable to the PDPA, having regard to the PDPC's guidance on overseas transfers. You may review Google's Data Processing Terms at cloud.google.com/terms/data-processing-addendum.

Google LLC additionally maintains internationally recognized security certifications, including ISO 27001, and participates in the APEC Cross-Border Privacy Rules (CBPR) system. These certifications provide additional assurance that Google maintains data protection standards comparable to those required under the PDPA.

Our personnel may remotely access Firebase Analytics and Crashlytics data for the limited purposes of app performance analysis, crash diagnosis, and responding to user data requests submitted under Section 7. Such access is restricted to authorised personnel and is subject to internal data protection policies and technical safeguards designed to ensure a standard of protection comparable to that required under the PDPA.

06 Data Retention & Security

Retention

Data Type Retention Period Basis for Retention
Usage behaviour and device data (Firebase Analytics) 14 months from collection App improvement purposes
Crash & diagnostics data (Firebase Crashlytics) 90 days from collection App stability monitoring
Android Advertising ID (AAID) and attribution data (Firebase) 14 months from collection, or until you reset your AAID or opt out of ad personalisation via Android Settings — whichever is earlier Advertising attribution measurement; processing ceases upon opt-out

After the applicable retention period, data is automatically deleted or anonymised in accordance with Firebase's data lifecycle management. Aggregated, anonymised statistics that cannot be linked to any individual may be retained for longer periods for product improvement purposes.

Security

We implement the following measures to protect your data:

  • Data in transit and at rest is encrypted on Google Cloud infrastructure.
  • Access to data within Firebase is restricted to authorised personnel only.
  • We conduct periodic reviews of our data protection practices.

While we take reasonable steps to protect your data, no method of electronic storage or transmission is completely secure. In the event of a data breach that is likely to result in significant harm, we will notify the Personal Data Protection Commission (PDPC) within 3 calendar days, as required under the PDPA. Where the breach is likely to result in significant harm to affected individuals, we will also notify those individuals as soon as reasonably practicable, as required under the PDPA.

07 Your Rights Under the PDPA

As a user in Singapore, you have the following rights under the PDPA:

Right Description How to Exercise
Right of Access Request information about the personal data we hold about you and how it is used. Email: dpo@vongsion.com
Subject: "Data Request"

We will respond within 30 days.
Right of Correction Request correction of inaccurate or incomplete personal data we hold about you.
Right to Withdraw Consent & Request Deletion You may withdraw your consent to our processing of your personal data at any time. Upon withdrawal, we will cease processing and delete your data in accordance with the process below. You may also request deletion where the purpose for which your data was collected is no longer being served by us.
Right to Object to Legitimate Interests Processing You may object to our processing of your personal data based on the legitimate interests exception (PDPA s.17B). Where we agree to cease processing, we will do so in accordance with the process below.

Data Deletion Process

Because we do not collect any account identifiers, deletion requests are processed using your device's Firebase App Instance ID, which uniquely identifies your App installation. When you contact us:

  1. We will acknowledge your request within 72 hours.
  2. We will process and complete your request within 30 days. Upon completion, your personal data will be deleted via Firebase's data deletion tools. Residual copies in Firebase's backup systems may take additional time to be fully purged in accordance with Firebase's standard data lifecycle management. For the purposes of PDPA compliance, your data is treated as deleted from the date we confirm completion of your deletion request.
  3. Aggregated, anonymised statistics that cannot identify you individually will be retained in accordance with our legitimate business purposes.

Lodge a Complaint

If you believe we have not handled your personal data in accordance with the PDA, you may lodge a complaint with the Personal Data Protection Commission (PDPC):

We encourage you to contact us first so we can address your concerns directly.

08 Age Restriction

sleep sounds : x is intended for users aged 18 and above only. If you are under 18 years of age, you are not permitted to use this App.

We do not knowingly collect personal data from individuals under the age of 18. We have designated the App's target audience as "18 and over" in our Google Play store listing and have confirmed this designation within the Google Play Console's Target Audience settings. We do not knowingly permit use of the App by individuals under 18.

If we discover or are notified that we have inadvertently collected data from a user under the age of 18, we will:

  1. Immediately terminate that user's access to the App.
  2. Process the deletion of all data associated with that user in accordance with our Data Deletion Process (Section 7).

If you are a parent or guardian and believe your child has used this App, please contact us immediately at support@vongsion.com.

09 Future Subscription Services

sleep sounds : x is currently provided free of charge. We do not offer any paid subscriptions or in-app purchases at this time.

We may introduce an optional subscription tier in the future to provide enhanced content or features. If and when we do so:

  • We will notify all existing users of the new subscription option at least 14 days in advance via an in-app notification displayed on your next App launch, and through the App store update release notes.
  • All core free features will remain available at no cost and will not be removed or restricted in order to compel subscription purchases.
  • Detailed subscription terms, pricing, billing cycles, cancellation policy, and applicable refund rights will be published separately and communicated to you before any subscription is offered.
  • If a subscription is introduced, we will update this Privacy Policy to describe any additional data collected in connection with payment processing (which will be handled by Google Play — we will not collect your payment card details directly). Any such update will be treated as a material change and will be notified to you at least 14 days in advance in accordance with Section 10. Any updated data protection or liability provisions applicable to paid users will be clearly identified in the revised policy.

The statements in this Section regarding possible future subscription services reflect our current intentions and may be adjusted based on business needs, subject to compliance with applicable laws. Any subscription offering will be governed by the terms published at that time, which will supersede the statements in this Section.

10 Policy Changes & Notification

We may update this Privacy Policy from time to time. The updated Policy will always be accessible within the App and via the App store listing.

How We Notify You

We notify users of changes to this Privacy Policy through the following channels:

  • In-app pop-up notification (material changes): For material changes that affect your rights or our data practices (e.g. new data types collected, new third-party sharing, subscription introduced), an in-app pop-up will be displayed on your next App launch. You will be asked to review and confirm your acceptance before continuing to use the App. The pop-up will appear at least 14 days before the changes take effect.
  • In-app badge indicator (non-material changes): For non-material changes (e.g. typographical corrections, contact detail updates, clarifications that do not affect your rights or our data practices), we will update the document date and display a red dot badge on the Privacy Policy entry in Settings → Privacy. The badge will remain visible until you open and view the updated document. No confirmation or acceptance is required for non-material changes.
  • App update release notes: Changes may also be described in the "What's New" section of the App store update where applicable.

Material vs Non-Material Changes

  • Material changes (e.g. new data types collected, new third-party sharing, subscription introduced) — at least 14 days' advance notice; in-app pop-up confirmation required. The pop-up notice will also disclose any non-material corrections made since the previous version.
  • Non-material changes (e.g. typographical corrections, contact detail updates, clarifications that do not affect your rights or our data practices) — the document date is updated and a red dot badge is displayed on the Privacy Policy entry in Settings → Privacy until you open and view the updated document. No confirmation or acceptance is required.

If you do not agree to any updated Privacy Policy, please uninstall the App prior to the effective date of the changes.

11 Contact & Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact our Data Protection Officer (DPO):

Data Protection Officer
Vongsion (Beijing) Technology Co., Ltd.
Beijing, People's Republic of China

Email: dpo@vongsion.com
Subject line: Privacy / Data Request

We will acknowledge your enquiry within 72 hours and provide a substantive response within 30 days. If additional time is required, we will inform you before the 30-day period expires.

For complaints that remain unresolved after contacting us, you may refer the matter to the Singapore Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.