Somryst Website and Application Privacy Notice

Last Updated: January 28, 2026

Overview

Nox Medical LLC., and its affiliated parties (“Nox Medical,” “Nox,” ”we,” or “us”), are committed to protecting your privacy. We understand that health is a very private subject, and we want you to feel comfortable visiting our website and engaging with our applications and services. We provide this Website and Application Privacy Notice (“Notice”) to inform individuals about the personal data we collect, how we use, disclose, and protect that information as well as what choices you may make regarding your information.

 

Scope and Definitions

This Privacy Notice applies to the Somryst websites and services provided through those sites, including the Somryst web-based and mobile applications (the “Somryst Application”). This Notice is incorporated into and is a part of the terms of use of the Somryst Application (the “Terms of Use”). We encourage you to review both this Notice and the Terms of Use.

When used in this Notice, “personal data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual (“data subject”), and includes “personal data” or “personal information” as defined in applicable data protection laws. Data that cannot be associated with you, such as aggregated, de-identified, or anonymized information (“Anonymous Information”), is not personal data. Nox commits to keep Anonymous Information in its de-identified state, and will make no efforts to re-identify such data.

This Notice does not apply to Protected Health Information (“PHI”) as defined in the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended (“HIPAA”). For information regarding how we collect, use, and disclose PHI that we receive as a covered entity under HIPAA, please see our Notice of Privacy Practices. We may also maintain your PHI on behalf of other third parties subject to HIPAA, including, for example, Clinical Partners, Clinicians, Health Plan Sponsors, or Pharmacy Partners who are our business partners or customers. Where we maintain your PHI on behalf of any third party subject to HIPAA, we will maintain that information in accordance with the applicable Business Associate Agreement that Nox may enter into with each third party.

Clinical Partners are hospitals, clinics, practices or other medical groups or health care systems that have  contracted with Nox to permit use of the Service by their respective Clinicians and Patients;  

Clinicians are practitioners, patient advocates, coaches or other individuals who (as employees of or contractors  to a Clinical Partner) provide health care or related services to Patients; 

Health Plan Sponsors are organizations, including employers, that establish and maintain a health insurance plan for their members, employees, or participants;

Pharmacy Partners are pharmacies  that have contracted with Nox to facilitate the use of the Service by their respective Clinicians and  Patients; and 

Patients are individual patients of the Clinical Partner who receive medical treatments or other  health care services from one or more Clinicians, or individuals who are properly authorized representatives of  any such patient.  

 

By accessing and using the Somryst Application, or any part thereof, you agree that you have read and understand this Privacy Notice, and that in exchange for access to the Somryst Application, you accept and consent to the privacy practices described in this Notice.

What is Contained in this Privacy Notice

You can navigate to particular topics by going to the desired heading below:

1. Overview
2. Scope
3. Information We Collect 
4. How We Use Your Information 
5. How We Share and Disclose Your Information 
6. How We Protect Your Information 
7. Cookies and Usage Reports 
8. International Transfers of Information 
9. Your Choices 
10. Links to Other Sites 
11. Changes to this Privacy Notice 
12. Children 
13. Contact Information 
14. Additional Regional Privacy Considerations
    

Information We Collect

The table below provides you with details about the information we collect, how we obtain that information, how it is used, who it is shared with and how long we keep it. Please see the subsequent sections for further explanation about Nox’s data processing activities. 

The following table provides examples of the types of information that we collect in various contexts and how we use that information.

In addition to collecting information from you directly, we may receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources.

 

How We Use Your Information

In addition to the purposes and uses described above, we use information in the following ways:

• To identify you when you visit our websites and use our web and mobile applications.
• To provide you with the services and products for which you request or register.
• To respond to your inquiries related to support or employment opportunities, or to respond to your other requests.
• To generate statistics regarding the composition and nature of user feedback.
• To monitor the effectiveness and safety of our products in the market and help us improve our products.
• To conduct analytics (e.g., to enhance user experiences on our Somryst Application).
• To send marketing and promotional materials, including information relating to products and services.
• For internal administrative purposes, as well as to manage our relationship with you.
• To detect security incidents, and to protect against malicious, deceptive, fraudulent, or illegal activity, including attempts to manipulate or violate our policies, procedures, and terms and conditions.
• To comply with legal obligations, to establish or exercise our rights, to defend against a legal claim, and to investigate, prevent, or take action regarding possible misconduct.

Although the sections above describe our primary purposes for collecting and using your information, in many situations, we have more than one purpose. For example, if you submit an application for a job posting, we may collect your information in anticipation of employing you, but we also collect your information as we have a legitimate interest in contacting you about the status of your application and evaluating your qualifications for the position. As a result, our collection and processing of your information is based on different contexts upon your consent, our need to perform a contract of employment, our obligations under law, and/or our legitimate interest in conducting our business.

 

How We Share and Disclose Your Information

To the extent necessary for purposes of communicating with you or fulfilling your requests for content, materials, and opportunities, we may share your information with the entities identified below and any of the entities that we elect to share such information with, subject to any legal or contractual limitations. In addition to the specific situations discussed elsewhere in this Privacy Notice, we disclose information to others in the following situations:

• Affiliates and Acquisitions. We may share your information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires (or proposes to acquire) our company, any of our affiliates, business, or our assets, we will also share your information with that company, including at the negotiation stage.
• Trusted Third Parties/Service Providers. We may share your information with service providers. Among other things, service providers may help us to administer our Somryst Application, conduct surveys, provide technical support, process payments, and assist in the fulfillment of orders.
• Other Disclosures for Legal and Regulatory Compliance Reasons. We may disclose information when we are legally required to do so, such as in response to subpoenas, warrants, or court orders, or in connection with any other legal process, or to comply with applicable laws and regulations. We may also disclose your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for products or services by a third-party intermediary.
• Disclosures with Your Consent. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this policy, and if you provide consent we may disclose your information to those entities.
• Public. Some parts of our Somryst Application may provide the opportunity to post comments or other content in a public forum. If you decide to submit information on these pages, that information may be publicly available.

We, our affiliates, or our respective trusted business parties and third-party service providers may also produce reports on the Somryst Application’s traffic or usage patterns and share these reports with us, or our business partners and others. In addition to the uses described above, Nox Health may also use and disclose certain aggregated, anonymized information, such as usage data related to the Somryst Application, to our affiliates, subsidiaries, trusted business partners, or other trusted third parties. Such information may also be shared with other users or the general public for advertising, informational, or comparison purposes.

 

How We Protect Your Information

We use reasonable efforts to protect your personal data from unauthorized access, use, or disclosure. However, no method of transmission over the Internet, or method of electronic storage, is fully secure and impenetrable. Therefore, we cannot guarantee the security of your personal data. In the event that we are required by law to inform you of any unauthorized access to your personal data, we may notify you electronically, in writing, or by telephone, if permitted to do so by law. You agree to immediately notify us of any breach of security of the Somryst Application, any breach of this Privacy Notice, or any breach of the Terms of Use of which you become aware.

Some areas of our Somryst Application permit you to create an account. When you do, you will be prompted to create a password. You are responsible for maintaining the confidentiality of your user identification and your password, and you are responsible for any access to or use of your account by someone else that has obtained your user identification or your password, whether or not such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account.

 

Cookies and Usage Reports

By placing a small file known as a “cookie” on your computer (or other device), Nox Health’s, and its third-party service providers’, servers may passively gather information about a visitor’s use of the Somryst Application for several reasons, including, but not limited to, the following: statistics collection and analysis, Somryst Application optimization, analytics (as described below), market research, and maintenance of user login information. The information that we and our third-party service providers track with cookies may include, but is not necessarily limited to, the type of browser (such as Google Chrome or Internet Explorer) and Internet-connected device being used to access the Somryst Application, your Internet Protocol (“IP”) address, your home domain or Internet service provider, your referrer URL (which is the URL for the website that you were viewing prior to visiting the Somryst Application), how you were directed to the Somryst Application, which specific pages you access, how long you view each page, the time and date you gain access and the total number of visitors to the Somryst Application and any portions thereof. We may also use your IP address to determine the general physical location of your computer or device and understand from what geographic locations visitors come.

Our Somryst Application allows you to define which cookies you will allow on your computer and will respect those settings. Certain cookies labeled “Strictly Necessary Cookies” are required for our applications to function.

 

International Transfers of Information

Nox Medical. is a multinational company and maintains offices around the world, including in the United States, Canada, Portugal, and in Iceland. As a result, your personal data may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. Nonetheless, where possible, we take steps to treat personal data using the same privacy principles that apply pursuant to the law of the country in which we first received it. By submitting your personal data to us, you agree to the transfer, storage and processing of your personal data in a country other than your country of residence including, but not necessarily limited to, the United States. If you are visiting the Somryst site or Application or any part thereof from outside of the United States of America, please be aware that your information may be transferred to, stored or processed in the United States, where our servers are located and our central database is operated. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country,and have put in place the required legal data transfer mechanisms necessary to protect your data  By using any portion of the Somryst Application, you understand and consent to the transfer of your information to our facilities in the United States and those third parties with whom we share it as described in this Privacy Notice. If you would like more information concerning our attempts to apply the privacy principles applicable in one jurisdiction to personal data when it goes to another jurisdiction, you can contact us using the contact information below.

 

Your Data Rights and Choices

You may have certain rights and choices regarding your personal data.  Depending on your jurisdiction, and subject to applicable law, you may make the following choices:

• Manage Contact and Emails. You may choose to provide us with your e-mail address for the purpose of allowing us to send you free newsletters, surveys, announcements of new products and services, and other information we think you may find useful. If you decide at any time that you no longer wish to receive these emails, you can update your preferences while logged into your account or unsubscribe from our email list by following the unsubscribe instructions in the emails that you receive. If you decide not to receive promotional emails, we may still send you service-related communications.
• Manage Services Communications. You may choose to provide us with your mobile phone number by affirmatively opting into SMS text messages for the purpose of service-related communications. Neither your mobile phone number nor communications-related personal data will be shared with third parties for other purposes. You may opt-out of SMS communications by texting “STOP” to the Somryst SMS number. 
• Access Your Personal Information. You may access your personal data while logged into your account. Additionally upon request, we will grant reasonable access to the personal data that we hold about you, including in some cases the right to data portability. You may request access to your personal data by contacting us at the address described below.
• Modify/Update Your Personal Information. You may make changes to your personal data while logged into your account, or you may request that we modify or update your inaccurate or out-of-date personal data by contacting us at the address described below.
• Delete Your Personal Information. In certain circumstances, you may request that we delete your personal data. If required by law, we will delete your personal data after such a request is made. You should note that there are some situations in which we may decline to delete your personal data. For example, we may keep your personal data as needed to comply with our legal obligations, where permitted by law, to resolve disputes, and/or to enforce any of our agreements. You may request deletion of your personal data by contacting us at the address provided below.
• Object to Certain Processing of Your Personal Information. In certain circumstances, you may object to the processing of your personal data or request that we restrict processing of your personal data. Where our processing is based upon your consent, you may revoke consent by contacting us at the address provided below. If you revoke your consent or object to processing, we may no longer be able to provide you services. In some cases, we may limit or deny your request if the law permits or requires us to do so, or if we are unable to adequately verify your identity.

Links to Other Sites

For your convenience, some hyperlinks may be posted on the Somryst Application that link to other websites not under our control (the “Linked Websites”). We are not responsible for, and this Privacy Notice does not apply to, the privacy practices of any Linked Websites or of any companies that we do not own or control. We cannot be responsible for the privacy practices of any such Linked Websites, nor do we endorse any of these Linked Websites, the services or products described or offered on such Linked Websites, or any of the content contained on the Linked Websites. We encourage you to seek out and read the privacy policy of each website that you visit. In addition, should you happen to initiate a transaction on a Linked Website, even if you reached that site through Somryst Application, the information you submit to complete that transaction becomes subject to the privacy practices of the operator of the applicable Linked Website. You should read each Linked Website’s privacy policies to understand how Personal Information that is collected about you is used and protected.

 

Changes to this Privacy Notice

We may change this Privacy Notice from time to time. The effective date of this Privacy Notice is specified by the version date located at the end of this Privacy Notice. All updates and amendments to this Privacy Notice are effective immediately when posted on the SleeCharge Application. We expressly reserve the right to make any changes to this Privacy Notice at any time, without prior notice to you. This Privacy Notice is not intended to and does not create any contractual or other legal right in or on behalf of any party other than Nox Health.

 

Children

The Somryst Application is intended for a general audience and is not intended for use or viewing by children under sixteen (16) years of age, and we do not knowingly collect information about children or sell products to children.

 

Contact Information

Should you have any questions about this Privacy Notice or our privacy practices, please contact us at the appropriate address below.

Nox Medical, LLC.
Data Privacy and Security Officer
100 Kimball Place, Suite 100
Alpharetta, GA 30009 

Tel.(844) 475-3376.

Fax. (678) 669-2274

privacy@noxmedical.com 

You may also contact  your local supervisory authority.

 

Additional Regional Privacy Considerations

Nox has adopted a global approach on privacy with the intent of providing individuals with strong privacy protections regardless of where they reside. We recognize and implement high standards for privacy rights. If you have any questions or concerns regarding the privacy provisions relevant to you, or you wish to exercise any of these rights, please contact our Privacy Officer by using the contact information provided in Section 17 “Contact Information.”

Controlling Law: There are many US state-specific privacy laws with new ones coming into effect every year. Because California’s privacy protections are viewed by many to be the most comprehensive in the US, we refer US-based individuals to the California Consumer Privacy Act of 2018 (“CCPA”), and as of January 1, 2023 the California Privacy Rights Act of 2020 (“CPRA”), for personal data protection.

Our Processing of US Personal Data:  We collect and have collected in the last 12 months all of the information described in Section 3 of our Privacy Statement from and about US residents. You should refer to that section for more detail, but this information generally falls into the categories listed in the chart in Section 3 to the extent it is personally identifiable. The chart also indicates the data subjects whose personal data we collect, the purposes of processing, and the categories of third parties to whom we recently disclosed the data leading up to the effective date of this Statement. 

We have not sold or shared (as defined in the CCPA and other U.S. state comprehensive privacy laws) personal data covered by this Privacy Notice in the preceding 12 months. We also do not knowingly sell or share the personal data of individuals under 16 years of age.

 US Privacy Rights: Under applicable US law, you have the right to:

• Request access to your personal data as it is processed and stored by us;
• Correct or delete your personal data that we hold unless Nox is legally required to retain it;
• Restrict or object to our processing of your personal data;
• Lodge a complaint; and
• Opt out of “sale” of your personal data.

You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with a signed written document permission stating that the agent is authorized to make the request on your behalf. Your agent may contact us via the information provided above to make a request on your behalf. If you are submitting a request through an authorized agent, we may, as permitted by law, require: 

• The authorized agent to provide proof that you gave the authorized agent signed permission to submit the request.
• You to verify your identity directly with us.
• You to directly confirm with us that you have provided the agent with your permission to submit the request on your behalf.

Subject to applicable law, we may not discriminate against you for exercising any of the above-listed rights or any other rights under the CCPA or similar U.S. state comprehensive privacy laws, including by: 

• Denying you goods or services.
• Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
• Providing you a different level or quality of goods or services.
• Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

California law requires that Nox indicate whether it honors “Do Not Track” settings in your browser concerning targeted advertising. “Do Not Track” is a standard that is not currently in use by Nox. As it is not currently in use, Nox adheres to the standards set out in this Privacy Notice and does not monitor or follow any Do Not Track browser requests.

Marketing opt-out: You may opt out of marketing communications by contacting us using our online form or you may email us at privacy@noxmedical.com or call (844) 475-3376 to submit an inquiry.

Contact: Please contact us as described in Section 17 for more information or to exercise a request regarding your US privacy rights. 

Supervisory Authority:

If you are concerned about Nox’s compliance with US laws relating to the privacy of your personal data, you may contact your Attorney General’s Office.

List of Attorneys General: https://www.naag.org/find-my-ag/ 

 

Washington Consumer Health Data Privacy Notice

This Washington Consumer Health Data Privacy Notice applies to “consumer health data” collected from Washington state residents and those whose consumer health data is collected through Somryst by Nox Medical LLC (“Somryst,” “Nox,” “Nox Medical,” “we,” “us,” or “our”) or affiliated website on which it is posted, as well as those whose consumer health data is collected in the State of Washington. This notice applies to Washington residents and those whose consumer health data is collected in Washington. Consumer health data means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status, under the Washington State My Health My Data Act (MHMDA).  See also our other privacy notices that provide disclosures about personal information that is not consumer health data subject to MHMDA.

This notice does not apply where an exception or exemption applies such as with respect to protected health information under the Health Insurance Portability and Accountability Act (“HIPAA”) and data that is subject to the Gramm-Leach-Bliley Act (“GLBA”).  When we are a covered entity, we provide separate HIPAA and GLBA privacy notices to certain customers and consumers as required under applicable laws and regulations.  Most consumer health data we process is regulated under HIPAA or GLBA or is processed for a necessary function. 

Consumer Health Data Collected

The personal information, including consumer health data, we collect varies based on your relationship with us. For example, if you visit our website we may collect personal information through tracking technologies essential to running our website. 

We may collect the following categories of consumer health data:

• Individual health conditions, treatment, diseases, or diagnosis;
• Social, psychological, behavioral, and medical interventions;
• Health-related surgeries or procedures;
• Use or purchase of prescribed medication;
• Bodily functions, vital signs, symptoms, or measurements of other types of consumer health data;
• Diagnoses or diagnostic testing, treatment, or medication;
• Reproductive or sexual health information;
• Data that identifies a consumer seeking health care services; and
• Other information that may be processed to derive or infer data related to the above or other consumer health data.

The categories of consumer health data above may include the following personal information, when collected in connection with your past, present, or future physical or mental health status:

• Identifiers such as name, contact information, online identifiers, and government-issued ID numbers;
• Characteristics of Protected Classifications under state or federal law such as age and medical conditions;
• Commercial Information such as transaction information and purchase history;
• Internet or Network Activity Information such as browsing history, interactions with our website, Internet Protocol (IP) address, Media Access Control (MAC) address; operating system and version; Internet browser type and version;
• Audio, Electronic, Visual and Similar Information such as call and video recordings;

We process any deidentified consumer health data only in a deidentified fashion and will not attempt to reidentify such data.

Why We Collect and Use Consumer Health Data

To the extent we collect your Consumer Health Data as described above, we may use it for the following purposes:

• Services and Support. To provide and operate our Services, communicate with you about your use of the Services, provide you with information about our Services, including information about health care, health related services, resources and benefits that will help you manage your health; sending administrative information to you, such as changes to our terms, conditions, and policies; provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments and claims, communicate with you about the Services, complete transactions, provide quotes; and to provide our insurance products or services requested by consumers;
• Analytics and Improvement. To better understand how you access and use the Services, and for other internal research and analytical purposes, such as to evaluate and improve our Services and business operations and for internal quality control and training purposes;
• Research and Surveys. To administer surveys and questionnaires, such as for customer engagement purposes;
• Infrastructure. To maintain our facilities and infrastructure and undertake quality and safety assurance measures;
• Authentication. To authenticate or confirm your identity;
• Security and Protection of Rights. To protect the Services and our business operations; to protect our rights or those of our stakeholders; to prevent and detect fraud, unauthorized activities and access, and other misuse; conduct risk and security control and monitoring; where we believe necessary, to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Use as well as any additional terms specific to the site;
• Compliance and Legal Process. To comply with the law and our legal obligations, to respond to legal process and related to legal proceedings;
• General Business and Operational Support. To consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions; and
• Business Transfers. To consider and implement mergers, acquisitions, reorganizations, and other business transactions, and where necessary to the administration of our general business, accounting, recordkeeping, and legal functions.
• Deidentification. We may also aggregate or de-identify data by removing identifying details so it no longer identifies an individual. If we de-identify the data, we will not attempt to reidentify it.

Categories of Sources

We generally collect personal information, including consumer health data, from the following categories of sources:

• Directly from you and automatically;
• Our affiliates; and
• Our vendors

Our Sharing of Consumer Health Data

The categories of third parties and other recipients with whom we may share consumer health data as necessary to provide our products and services requested by consumers are: 

• Our affiliates 
• Or business customers (as directed by that business partner);
• Government or public authorities if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request, (b) to enforce our agreements, policies, and terms of service, (c) to protect the security or integrity of our services, (d) to protect the property, rights, and safety of us, our users, or the public from harm or illegal activities, (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person, or (f) to investigate and defend ourselves against any third-party claims or allegations.

How to Exercise Your Rights

MHMDA grants certain rights including a right of access and deletion, subject to certain exceptions.

Upon request, Nox will provide you with a copy of personal data we hold about you, correct your personal data, or delete your personal data. You may also object to processing of your personal data or opt-out of automated decision making processes.

Please note, pursuant to the law, certain personal data is exempt from the above requests. To exercise any of these rights, please use our online form, email privacy@noxmedical.com, or call (855-617-6691).

We may request additional information from you, if necessary, to verify your identity or find your unique records in our systems. If you are the authorized representative making an access, correction or deletion request, we must take steps to verify your authority. This will require you to provide written proof of your authority.

We respect your right to privacy, and will not take any negative actions against you for asserting your rights. 

If your request to exercise a right under the MHMDA is denied, you may appeal the denial. A method for submitting an appeal will be contained in our response.  If your appeal is unsuccessful, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.

 

Contact

If you have any questions on the processing of your personal data, please contact us using the details below.

Nox Medical, LLC.
Data Privacy and Security Officer
100 Kimball Place, Suite 100
Alpharetta, GA 30009 

Tel.(844) 475-3376.

Fax. (678) 669-2274

privacy@noxmedical.com 

You may also contact  your local supervisory authority.