sl33p·space
Sign In
Hackathon Project

Privacy Policy

Last updated: 14 May 2026

sl33p-space is an open-source prototype developed for the Google Cloud Rapid Agent Hackathon (MongoDB track, “Building Agents for Real-World Challenges”). It is not a commercial product. The source code is available under the MIT License at github.com/pixjobs/sl33p-space.

This policy explains what data we collect, why, and how we protect it. We take your privacy seriously even though this is a hackathon project.

1. Data Controller

The data controller is the sl33p-space project maintainer, contactable via GitHub Issues.

2. What We Collect

  • Authentication data — When you sign in with Google via Firebase Authentication, we receive your name, email address, and profile photo. We do not receive or store your Google password.
  • Sleep session data — Mood selections, session duration, sleep quality ratings, review notes, and factors you choose to log (e.g. caffeine, exercise).
  • Generated content — Music prompts, soundscape preferences, and AI-generated audio tracks created through your use of the service.
  • Usage analytics — API call counts and service usage metrics (e.g. number of generations per month). These are used for rate-limiting and cost monitoring, not behavioural profiling.
  • Timezone — Your browser’s timezone, used to personalise greetings and sleep recommendations.

3. Legal Basis (GDPR Art. 6)

We process your data on the basis of consent (Art. 6(1)(a) GDPR). By signing in, you consent to the processing described in this policy. You may withdraw consent at any time by deleting your account or contacting us.

4. How We Use Your Data

  • Personalise soundscapes and sleep recommendations based on your mood and history.
  • Track sleep patterns to surface insights and trends over time.
  • Enforce generation quotas and rate limits.
  • Monitor platform costs and API usage (aggregated, not individually targeted).

We do not sell your data, use it for advertising, or profile you for marketing purposes.

5. Data Storage & Security

  • Database: MongoDB Atlas with encryption at rest (AES-256) and in transit (TLS 1.2+). X.509 certificate authentication is used for database access.
  • Infrastructure: Google Cloud Platform, europe-west1 region (Belgium). Cloud Run containers with Secret Manager for credential storage.
  • Audio files: Generated tracks are stored in Google Cloud Storage with restricted access.

6. Admin Pseudonymisation

Administrative views use deterministic pseudonymised identifiers (e.g. “Cosmic Penguin”) instead of raw email addresses. Only the authenticated admin account can access aggregate platform statistics. Individual user data is not exposed to other users.

7. Third-Party Services

  • Google Cloud Platform — Hosting, compute, and storage (Privacy Notice)
  • Firebase Authentication — Identity and sign-in (Privacy Policy)
  • MongoDB Atlas — Database hosting (Privacy Policy)
  • Google Lyria API — AI music generation (processed via Google Cloud; no user data is sent beyond the text prompt)

8. Cookies

We use a single functional session cookie to maintain your authentication state across page loads. We do not use tracking cookies, analytics cookies, or advertising cookies.

9. Data Retention

Your data is retained for as long as your account is active. You may request deletion at any time. Upon request, all personal data (profile, sessions, generated tracks) will be permanently deleted within 30 days.

10. Your Rights (GDPR)

If you are in the European Economic Area or the United Kingdom, you have the right to:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Correct inaccurate or incomplete data.
  • Erasure — Request deletion of your data (“right to be forgotten”).
  • Data portability — Receive your data in a structured, machine-readable format.
  • Restriction — Request that we limit processing of your data.
  • Objection — Object to processing of your data.
  • Complaint — Lodge a complaint with your local supervisory authority (e.g. the UK ICO).

To exercise any of these rights, open an issue at github.com/pixjobs/sl33p-space/issues.

11. Children

This service is not directed at individuals under the age of 16. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the application. The “Last updated” date at the top reflects the most recent revision.


For questions or concerns, please open an issue on GitHub.

About · Privacy · Terms · GitHub