← back
privacy
what the room sees.
Ambielo is a small object on a nightstand that watches your chest from
across the room, and an app that turns what it sees into a calm story of
your night. To do that, it records some things. This page is what it
records, where it lives, and how to make it stop.
what we collect
- Breath rate — breaths per minute, sampled a couple of times a second by the sensor.
- Heart rate — when the radar can read it cleanly.
- Presence — whether a person is in the sensor's field, and a derived sleep stage.
- Timestamps — when each sample was taken.
- A device identifier — a short name in the sensor's firmware (e.g.
cesar-bedroom-01); you name your own when you pair it.
- Your morning check-in — an optional one-tap slider (how the night felt) and, if you choose, a couple of spoken or typed words. See your voice below.
- Your schedule and rituals — bedtime, wake time, and the wind-down / morning steps you set. These stay on your phone.
We do not record video. The radar measures distance and motion, not
images. We do not track which apps you open or what you read or browse.
your voice
The morning check-in lets you leave a few words about the night. If you
speak them, the audio is transcribed on your device — by
Apple's on-device speech recognition — and the audio is discarded the
moment the transcript is ready. We never upload the recording, and only
the text is saved, and only when you tap save. You can always type
instead, or skip it entirely.
apple health
Reading from Apple Health is off by default and only
turns on if you flip the switch in Privacy. When on, Ambielo reads your
heart rate, heart-rate variability, respiratory rate, and sleep from
Apple Health (for example, from an Apple Watch) so it can compare the
watch against the sensor and tune its accuracy. That health data is
stored the same way the sensor's is — on our own relay, never with a
third party — and is used only to make the measurement better. It is
never used for advertising, never sold, and never shared.
Writing Ambielo's data back into Apple Health is a separate switch, also
off by default. Health data is never stored in iCloud. Ambielo is a
wellness tool, not a medical device, and nothing here is diagnosis.
the permissions we ask for, and why
- Bluetooth — only while pairing, to hand the sensor your Wi-Fi so it can come online.
- Location — only to pre-fill your Wi-Fi network name at pairing (iOS treats the network name as location-sensitive). Nothing about your location is stored or sent.
- Microphone & speech recognition — only for the optional voice note, transcribed on-device as above.
- Notifications — only for the gentle wake and the optional bedtime reminder, scheduled locally on your phone.
- Apple Health — only if you opt in, as above.
- Focus / app shielding — if you set up a wind-down that quiets distracting apps, you pick those apps yourself in Apple's system picker. Your selection stays on your device and is opaque to us — we never see or store which apps you chose.
where it lives
-
On a relay we run — a small server on Fly.io. Each
sample, and your check-ins, are appended to a file partitioned by your
account. It is a relay, not an analytics vendor.
-
On your phone — your schedule, rituals, app-shield
selection, and session history stay in local storage and never leave
unless you export them.
-
Who you are vs. what your breath was — your sign-in
(email, passkey, or Sign in with Apple) is handled by Clerk, an
identity provider. Clerk knows who you are; Clerk never sees your
breath, your heart, or your nights. That boundary is deliberate and
non-negotiable.
-
Nowhere else. No third-party analytics. No tracking
pixels or SDKs. No advertising network. No data brokers. No cross-app
tracking, so iOS never has to ask you about it.
how long we keep it
Indefinitely, until you delete it. We are building a real product and the
early nights teach us how to build it. If that's not comfortable, the
delete button works in one tap.
your rights — exercise them anytime
-
Export — Settings → Privacy → Export my data.
You get a file with every sample tied to your account.
-
Delete — Settings → Profile → Delete account.
Your nights, your check-ins, and every account tied to you are removed
from the room and from our server. Your sign-in is revoked. Nothing is
recoverable after this.
Under GDPR Articles 15 and 17, and under California's CCPA / CPRA, you
have the right to access and delete this data. The two controls above are
how you exercise it — no email required.
what we don't yet have
Ambielo is early. Some things a mature product has — formal
data-processing agreements, a third-party privacy audit, a published
security review — we do not have yet. We will, before we ship to anyone
we don't know personally. Until then, the honest thing to say is: read the
code, and trust the founder.
what changes when we ship
When Ambielo starts taking paid orders, this page becomes a full privacy
policy with named processors, retention windows, jurisdictional detail,
and a designated data-protection contact. Right now, the founder is the
contact.
contact
Cesar Lopez, the founder, is reachable directly at
cesar@ambielo.com. The relay's
source lives in the same repository as this page; you can read every line
of what we collect and what we do with it.
Last updated 3 June 2026. Effective from this date. The mission is to
restore the ritual of falling asleep — including the part where you feel
safe in your own bedroom.