Project Sleep
Data Protocol

Privacy Policy

Last updated: April 2026

Project Sleep respects your privacy and is committed to protecting the information needed to keep the platform secure, stable, and usable.

General Policy

This Privacy Policy explains what information we collect, how we use it, and how we protect it when you access our website, account system, downloads, and related services.

By using Project Sleep, you agree to the collection and use of information in accordance with this Privacy Policy.

Data Collection

  • Download Statistics: We may track download counts for ROMs, kernels, tools, and related files to understand usage, demand, and service reliability. This information is generally aggregated and is not intended to directly identify individual users.
  • Device Information: When you use OTA-related or device-specific services, we may process limited device and software information, such as device model, build version, or compatibility-related identifiers, in order to provide the correct files, updates, or support.
  • Website Analytics: We may use privacy-conscious analytics and traffic monitoring tools to improve stability, performance, content quality, and overall user experience.
  • Service Usage Logs: We may record limited platform activity such as authentication requests, download events, compatibility requests, and related technical events to maintain reliability, diagnose issues, and protect the service.
  • Email Communications: We may send transactional emails required for account access and security, including verification codes, password reset links, account-related notifications, and important service notices.

Third-Party Sign-In

If you choose to sign in using third-party providers such as Google or GitHub, we may receive limited account information required to authenticate your identity, maintain your account, and support the related login process.

Security Verification

To protect authentication and account recovery systems from spam, bots, and abuse, we may use automated security verification and abuse-prevention measures. This may involve processing limited technical request data for security validation.

Account Verification Retention

Accounts that do not complete email verification within 24 hours may be automatically deleted, together with related temporary verification records. After deletion, the same email address may be used to register again.

Trusted Service Providers

We work with trusted service providers to support authentication, security, and platform infrastructure, including services such as Google, GitHub, and Cloudflare.

As part of using these services, our domain and technical configuration may go through verification steps required by each provider so that related features can operate securely and in accordance with their requirements.

Data Protection

We use industry-standard security measures to protect user data. Data transmitted between users and our services is protected using HTTPS/TLS.

Data stored on supported Cloudflare infrastructure, including services such as D1 and R2, is encrypted at rest by Cloudflare. Passwords are not stored in plain text and are handled using secure hashing mechanisms.

Data Retention

We only retain the data needed to keep the service running properly, keep your account secure, and maintain a stable user experience. If the data is no longer needed for those purposes, we may remove it periodically.