Document Number LGL-COM-009291 REV. 0
Nitelog App Privacy Notice
June 1, 2023
Breas Medical AB, Breas Medical, Inc., Breas Medical Ltd., Breas Medical SRL, Breas Medical GmbH,
and their respective affiliates (“BREAS” “We” “Our” “Us”) is strongly committed to protecting the
privacy of your (“Your” “You”) personal information. This Privacy Notice explains Our data
collection and use practices with respect to the Nitelog App, which is used to enhance the use of
the Z1 Auto and/or Z2 Auto device. Nitelog’s functionality ranges from device remote control to
data viewing via its embedded Bluetooth capability. Please note all Z1 and Z2 functions can be
controlled without the use of this mobile app directly through the device.
The Nitelog App is to be used solely in conjunction with the software embedded in the Breas
device (“Device”) you purchased or obtained the right to use.
You agree to accept Our Terms of Use and this Privacy Notice prior to connecting your Device to
the Nitelog App. Your relationship with Us may also be governed by separate privacy notices if
You use other Breas products and services.
We collect, store and use your data in the manner set out in this Privacy Notice to provide you the
Nitelog App service for the purpose of complying with our obligations to you when you create an
account and/or store data in the cloud.
In this Privacy Notice, the terms "You" and "Yours" refer to the person using the Nitelog App and
Device.
The Privacy Notice is outlined in accordance with local data protection laws. Breas is responsible
to ensure that your personal data, including any special category data (such as health data), is
processed and protected under the principles and safeguards in the local legislation applicable to
You. Our Privacy Notice provides You with information about Your rights, and the privacy
practices that govern how We process Your data.

Why We process Your personal data
We process Your personal data only if You consent to the processing for purposes outlined in Our
Privacy Notice while You use the Nitelog App.

Our legal basis for processing
We process Your personal data on the legal basis that processing is required to provide You with
the Nitelog App. We are required to comply with Our legal obligations when processing Your
personal data. We rely on Your consent for Breas to process any health data that is classified as
special category data.

What data is collected and how We use Your data
We collect data when You upload your device data to Our cloud by using the Nitelog App.
Once You have accessed the Nitelog App and downloaded the data from Your device, You can
choose to store the data on Your mobile device, upload to the secure data cloud or delete the
data stored on Your mobile device.
If You choose to view the data in the App or store Your data in Our data cloud, the following is
collected:
Document Number LGL-COM-009291 REV. 0

Compliance Data
• Usage Date Range – The days for which the compliance report is being run.
• Required Hours Per Day – The number of hours of therapy required per
• day to be compliant.
• Required % of Compliant Days – The percentage of days of therapy in the
• date range that are required for compliance.

Usage Detail
• Days in Range – The number of days within the date range.
• Number of Days Used – The total number of days of therapy within the
• date range.
• Number of Compliant Days – The number of days within the range with
• the minimum hours of therapy.
• Percentage of Compliant Days – Percentage of days within the date range
• which meet the minimum hours of therapy.
• Compliant Pass / Fail – Shows whether the amount of therapy passes or fails
• the compliance requirements.

Therapy Data
• Pressure Average – The average of the 95th percentile pressure values that
• is delivered during the compliance period.
• AHI (Apnea Hyponea Index) – The AHI is the total number of Apnea/ Hypopnea
• events divided by the number of hours in the therapy time.
• AHI Average – The average AHI during the compliance period.
Treatment Settings (Date of Report)
• S/N – serial number of the Z1/Z2
• Mode – CPAP or APAP
• Min pressure – Minimum pressure setting for the APAP range.
• Max pressure – Maximum pressure setting for the APAP range.
• CPAP pressure – Programmed therapy pressure.
• Ramp Time – Length of time the ramp is set for.
• Ramp Start Pressure – Starting pressure of the ramp.
• Z-Breathe – Current Z-Breathe setting - CPAP/APAP-1, 2, 3
Sleep, Device and smart device identification data are used to: (i) calculate Sleep Goals and (ii)
Apnea Hypnoea Index scoring. This data does not personally identify You or any other users of the
Nitelog App.

When You contact Breas with a question
If You contact Us, we will respond by using the same email address You provided to answer Your
Nitelog App or Device question.

Special Category Data
We do not intentionally collect or maintain, and do not want You to provide Breas, any personal
data information related to Your race or ethnic origin, political opinions, religious or philosophical
beliefs or any other sensitive information. We only collect the special categories of personal data
(health data) described in this Privacy Notice.

Data stored only on the Nitelog App and/or data cloud
All sleep data generated through the Nitelog App is stored directly on the device until You
manually log out of the app and if You choose, Our secure data cloud in the Server located in the
US. Data is stored for twelve (12) months on a rolling basis. If You logout of the App the data is
deleted from the device and will need to be resynced either from the cloud or the device.

Document Number LGL-COM-009291 REV. 0
If You delete the Nitelog App from your smart device, all Device data on this device will be deleted
as well. We do not have access to any data stored on Your smart device.

How Breas protects Your data
We use a combination of technical and administrative security controls to maintain the security of
Your data. For example, We use strong encryption when You allow the transmission of data from
the Nitelog App to Our Device data cloud and when Your data is at rest either on the Nitelog App
or in Our Device data cloud (if You choose to store Your data there). Despite the security
measures employed by Breas, You should be aware that it is impossible to guarantee absolute
security with respect to data protection. If We confirm that your personal data has been subjected
to a data breach, We will follow applicable data breach notifications laws.
If You choose to store Your Device data in the Nitelog App on Your smart device, We recommend
that You:
• enable the remote data wipe function on Your smart device as this allows You to remotely
erase personal data from Your smart device if it goes missing (refer to Your smart device user
instructions)
• enable PIN or fingerprint security on Your smart device (refer to Your smart device user
instructions)
• avoid unsafe modification of the smart device operating system such as “rooting” or
“jailbreaking”
• keep Your operating system up-to-date with security patches
• update Your Nitelog App whenever updates are available from the App Store™ and Google
Play™ store. Ensure that You always have the latest version installed on Your smart device.
We will make reasonable efforts to ensure that the personal data collected is the minimum
necessary to fulfill the purposes described in this Privacy Notice.

Sharing Your Data with Third Parties
We do not sell or rent Your personal data. We only share Your personal data in accordance with
this Privacy Notice, with Your consent, and only to the extent permitted by applicable law.
• We may share Your personal data with any affiliate or subsidiary of Breas, and any
company owned or controlled by Breas.
• We may share Your personal data if some or all of the business of Breas is transferred to
another entity by way of merger, sale of its assets or otherwise.
• We may share Your personal data in limited circumstances and in a controlled and secured
manner, with third-party data processors and service providers We engage to provide
certain aspects of the Nitelog App service on Our behalf. These data processors and
service providers are contractually required to keep Your personal data confidential and to
Use Your personal data for the sole purpose of performing the services We asked them to
provide. They may not use Your personal data for any other purpose.
• We may share Your personal data if We are required to do so by law.
You control what healthcare or home medical equipment provider You want to share Your
Device data with.

Contacting Breas by email
Whenever you send Us an email or to privacy@breas.com, any personal data provided in the email,
including the email address, will be stored on Our servers in the United States or EU and may be
processed by one of Our Breas affiliates.

Document Number LGL-COM-009291 REV. 0

Your Personal Data Rights
Subject to local laws and when applicable, You can request that we:
• provide a copy of personal data We have about You on file
• delete Your personal data from Our systems
o If we have a legal obligation to retain any of Your personal data, We will inform You of
this obligation.
• send You a copy of the personal data You knowingly and actively provided Us
o We will transmit a copy of this data to another data controller upon Your request.
• restrict how we process Your personal data if:
o the accuracy of the data is being disputed;
o processing is unlawful and You oppose its deletion;
o the data is no longer needed by Breas but needed for Your personal legal reasons.
You can send Us a request by emailing Us at privacy@breas.com. Your rights are not absolute, and
We will assess them upon your request.
When You send Us Your request, We may need to verify Your identity prior to disclosing Your
personal data or taking any action.

Use of the Nitelog App by children
We do not knowingly collect personal data from children. The Nitelog App is not intended for, or
directed to, children. If You are under 13 years of age or otherwise considered a minor under the
laws of your country of residence, please do not download or use the Nitelog App at any time or in
any manner. If a parent or legal guardian becomes aware that their child has provided Us with
personal data without appropriate consent, please contact Us by sending an email
to privacy@breas.com. If We confirm that a user is a minor and has provided Us with their
personal data, We will delete their information from Our databases.

Privacy Notice Updates
We may update this Privacy Notice from time to time. We encourage You to review this Privacy
Notice regularly. Each Privacy Notice includes the date on which it was last updated. If We change
this Privacy Notice, We will notify you as appropriate. If We make a material change, We will ask
you to review and re-accept the Privacy Notice. Your continued use of the Nitelog App and the
Device confirms Your acceptance of Our Privacy Notice, as amended. If You do not agree to Our
amended Privacy Notice, You may choose to discontinue using the Nitelog App and the Device.
Questions and complaints
If You have questions or concerns about this Privacy Notice, or You want to make a complaint
about a possible breach of local privacy laws, please contact our Data Protection Officer at:
• privacy@breas.com
• +46 031 86 88 00
• Breas Medical AB, Företagsvägen 1, 435 33 Mölnlycke, Sweden

Your right to lodge a complaint with a supervisory authority
If You are unsatisfied with Our response to Your personal data question or request, You have the
right to complain to a supervisory authority in the location where You live or work, or where the
alleged infringement of Your personal data rights took place.
If You ask Us, We will attempt to provide You with information about relevant complaint options
that may be applicable to Your circumstances.