Skip to main contentLast updated July 15, 2025
This Privacy Notice for Apalos Ltd (doing business as Apalos) (“we”, “us”, or “our”), describes how and why we might access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you:
- Visit our website at https://eyerhythm.com or any website of ours that links to this Privacy Notice
- Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at benedict@eyerhythm.com.
Summary of Key Points
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
Do we process any sensitive personal information? We do not process sensitive personal information.
Do we collect any information from third parties? We do not collect any information from third parties.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
How do we keep your information safe? We have adequate organisational and technical processes and procedures in place to protect your personal information.
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
Account and Session Data. When you create an account and use our application, we automatically collect:
- Session data (start/end times, duration, quality assessment)
- Blink detection metrics (timestamps, blink rate, blink duration)
- Calibration data (eye aspect ratio thresholds and calibration parameters)
- Device information (device type, operating system platform, timezone)
- Fatigue alerts and session quality metrics
Video and Camera Data. We do not collect, store, or transmit any video or camera data. All camera processing for blink detection happens entirely on your device using on-device machine learning. Your video stream never leaves your device.
Sensitive Information. We do not process sensitive personal information.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- To deliver and facilitate delivery of services to the user. We process your blink detection data and session information to provide you with fatigue tracking, personalized calibration, and session history features.
- To improve our Services. We use aggregated, anonymised analytics to understand how our application is used and to improve performance and features.
- To save or protect an individual’s vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.
Anonymous Analytics. We use privacy-focused analytics services that do not collect personally identifiable information:
- Error tracking: We use Sentry to collect anonymous error reports and performance data to help us fix bugs and improve stability. No personal data is included in these reports.
- Usage analytics: We use Aptabase for anonymous, aggregated usage analytics in our desktop application. This service does not use cookies or persistent identifiers.
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law.
If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. We may rely on the following legal bases:
- Consent. We may process your information if you have given us permission to use your personal information for a specific purpose.
- Performance of a Contract. We may process your personal information when we believe it is necessary to fulfil our contractual obligations to you.
- Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations.
- Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party.
In Short: We may share information in specific situations described in this section and with service providers who help us operate our Services.
Service Providers. We use the following third-party service providers to operate our Services:
- Supabase: We use Supabase to securely store your account information, session data, and calibration data. Supabase acts as a data processor on our behalf and is contractually bound to protect your data.
- Authentication Providers: If you choose to sign in with Google, GitHub, or Apple, we receive basic profile information (name, email) from these providers to create your account.
We may also need to share your personal information in the following situations:
- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honour this Privacy Notice.
In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this Privacy Notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law.
We retain your account information, session data, and calibration data for as long as you maintain an active account. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information.
You can delete your account and all associated data at any time through the application.
In Short: We aim to protect your personal information through a system of organisational and technical security measures.
We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.
In Short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. If you become aware of any data we may have collected from children under age 18, please contact us at benedict@eyerhythm.com.
8. What Are Your Privacy Rights?
In Short: Depending on your location, you have rights that allow you greater access to and control over your personal information.
In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right to:
- Request access and obtain a copy of your personal information
- Request rectification or erasure
- Restrict the processing of your personal information
- Data portability (if applicable)
- Not to be subject to automated decision-making
9. Controls for Do-Not-Track Features
Most web browsers include a Do-Not-Track (“DNT”) feature. We do not currently respond to DNT browser signals as no uniform technology standard for recognising and implementing DNT signals has been finalised.
10. Do United States Residents Have Specific Privacy Rights?
In Short: If you are a resident of certain US states, you may have specific privacy rights regarding your personal information.
Residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia may have specific rights including:
- Right to know whether we are processing your personal data
- Right to access your personal data
- Right to correct inaccuracies in your personal data
- Right to request deletion of your personal data
- Right to obtain a copy of your personal data
- Right to non-discrimination for exercising your rights
11. Do We Make Updates to This Notice?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated “Revised” date at the top of this Privacy Notice. We encourage you to review this Privacy Notice frequently.
If you have questions or comments about this notice, you may email us at benedict@eyerhythm.com or contact us by post at:
Apalos Ltd
86-90 Paul Street
London, London ECZA 4NE
United Kingdom
13. How Can You Review, Update, or Delete the Data We Collect From You?
Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. To request to review, update, or delete your personal information, please submit a data subject access request. 
