Privacy Policy

Sleep Hacker

Last updated: January 12th,2026

1. Introduction

This privacy policy explains how Sleep Hacker collects and processes your personal data when you use our website, services, and products, including any subdomains of our website and any information you provide when you:

  • Purchase a product or service

  • Sign up to our email list or newsletter

  • Book coaching or courses

  • Participate in a competition, giveaway, or survey

  • Contact us via forms, email, or social media

By providing us with your personal data, you confirm that you are at least 13 years of age.

Sleep Hacker is the data controller and is responsible for your personal data (referred to as “we”, “us”, or “our” in this policy).

Data Controller

Sleep Hacker
Reykjavík, Iceland
Email: [your email address]

If you have any questions about this privacy policy or how we handle your data, please contact us using the details above.

This policy complies with:

  • The EU General Data Protection Regulation (GDPR)

  • Icelandic Act No. 90/2018 on Data Protection and the Processing of Personal Data

2. What Data We Collect

Personal data means any information that can identify you as an individual. It does not include anonymised data.

We may collect and process the following categories of personal data:

a) Communication Data

This includes any communication you send to us via:

  • Contact forms

  • Email

  • Text messages

  • Social media messages or comments

Purpose:
To communicate with you, keep records, and establish, pursue, or defend legal claims.

Lawful basis:
Legitimate interests (responding to enquiries, record-keeping, and legal protection).

b) Customer Data

This includes information related to purchases or bookings, such as:

  • Name

  • Billing and delivery address

  • Email address

  • Phone number

  • Purchase details

  • Payment confirmation details

We do not store full card details. Payments are processed securely by third-party payment providers.

Purpose:
To deliver products and services and maintain transaction records.

Lawful basis:
Performance of a contract or steps taken at your request prior to entering a contract.

c) User Data

This includes information about how you use our website and services, including:

  • Pages viewed

  • Content interactions

  • Information you submit for publication (e.g. testimonials or comments)

Purpose:
To operate and administer our website, ensure security, maintain backups, and provide relevant content.

Lawful basis:
Legitimate interests in managing and improving our website and business.

d) Technical Data

This includes:

  • IP address

  • Browser type and version

  • Device information

  • Time zone and location settings

  • Page views, navigation paths, and session duration

This data is collected via analytics and tracking tools.

Purpose:
To analyse website usage, improve performance, protect our systems, and understand marketing effectiveness.

Lawful basis:
Legitimate interests in operating, securing, and growing our business.

e) Marketing Data

This includes:

  • Your marketing preferences

  • Email subscription status

  • Communication preferences

Purpose:
To send newsletters, offers, educational content, promotions, and relevant advertising.

Lawful basis:
Consent and/or legitimate interests (to grow and develop our services).

You may opt out of marketing communications at any time by using the unsubscribe link or contacting us directly.

3. How We Use Your Data

We may use Customer Data, User Data, Technical Data, and Marketing Data to:

  • Deliver relevant website content and advertising (including social media advertising)

  • Measure and improve marketing effectiveness

  • Communicate about relevant products and services, including:

    • Online courses

    • Coaching programs

    • Digital resources

    • Webinars and live events

We will only use your personal data for the purpose for which it was collected, or a reasonably compatible purpose.
If we need to use your data for a new purpose, we will inform you and explain the lawful basis.

4. Sensitive Data

We do not collect sensitive personal data, including:

  • Health data

  • Genetic or biometric data

  • Racial or ethnic origin

  • Religious or philosophical beliefs

  • Sexual orientation or sex life

  • Political opinions

  • Trade union membership

We also do not collect information relating to criminal convictions or offences.

5. Failure to Provide Data

If we are legally required to collect personal data, or it is required to fulfil a contract with you, and you do not provide it when requested, we may not be able to deliver the product or service.
If this occurs, we will notify you promptly.

6. Legal Obligations and Profiling

We may process your personal data without your knowledge or consent where required or permitted by law.

We do not carry out:

  • Automated decision-making

  • Automated profiling with legal or significant effects

7. Your Data Protection Rights

Under GDPR and Icelandic law, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data

  • Object to or restrict processing

  • Withdraw consent at any time

  • Lodge a complaint with the Icelandic Data Protection Authority (Persónuvernd)