CPAP Data Privacy: Why It Matters and How CPAP Clarity Protects You

Your CPAP Machine Knows a Lot About You

Every night, your CPAP machine quietly records a detailed picture of your health. It tracks how many times your breathing stops or becomes shallow (apnea and hypopnea events), how your respiratory rate and tidal volume change throughout the night, and whether your airway collapses or your brain briefly forgets to signal a breath.

On machines like the ResMed AirSense 11 (opens in new tab), the SD card captures per-second pressure readings, leak rates, respiratory flow signals, and timestamped annotations of every individual event. It also records how long you wore your mask and when you took it off. Over weeks and months, this data paints a remarkably detailed portrait of your sleep health.

This is not just "machine data." It is health data. And health data deserves careful handling.

Why CPAP Data Privacy Matters

You might wonder: who would care about my CPAP numbers? The answer is more people than you'd expect.

Insurance implications. In the United States, many insurers require CPAP compliance data to continue covering your equipment. The standard threshold is 4 or more hours of use on at least 70% of nights. If your data is stored on a third-party server, you may not control who accesses it or how it's used in coverage decisions. Some users have had equipment recalled or coverage denied based on compliance data they didn't know was being shared.

Employer wellness programs. As workplace wellness platforms expand, health data collected by connected devices can sometimes flow into employer-sponsored programs. While legal protections exist (HIPAA in the U.S. covers healthcare providers, not necessarily app companies), the boundaries aren't always clear.

Data breaches. Cloud-stored health data is a target. Medical records are worth more on the black market than credit card numbers because they contain persistent identifiers: dates of birth, diagnostic codes, treatment histories. When a CPAP platform stores your data on their servers, it becomes part of their attack surface.

None of this means you should be afraid of using CPAP analysis tools. It means you should understand how each tool handles your data so you can make an informed choice.

How Different Tools Handle Your Data

ResMed myAir

myAir syncs your therapy data automatically over cellular or Wi-Fi to ResMed's cloud servers. From there, your data is accessible through ResMed's AirView clinical portal, which your doctor (and their staff) can access. ResMed's privacy policy permits them to use aggregated data for research and product development.

This is convenient, and for many users, the tradeoff is acceptable. But it means your nightly therapy data lives on servers you don't control, and you can't easily delete it or restrict who sees it.

SleepHQ

SleepHQ is a community-driven cloud platform. You upload your SD card data to their servers, where it's stored in your account. This gives you access to detailed charts and reports from any device.

The tradeoff is similar to myAir: your health data lives on someone else's infrastructure. You need an account, which means an email address and password tied to your therapy records. SleepHQ is transparent about their approach, but cloud storage inherently means your data exists outside your control. For a full feature comparison, see our SleepHQ vs CPAP Clarity breakdown.

OSCAR

OSCAR (Open Source CPAP Analysis Reporter) is a free, open-source desktop application. It reads your SD card data and processes everything locally on your computer. Nothing is uploaded. Nothing is synced. Your data stays on your hard drive.

From a privacy standpoint, OSCAR is excellent. The limitation is usability: it requires installation, runs only on desktop, and has a steep learning curve. For a comparison of features, see our CPAP analysis tool overview.

CPAP Clarity

CPAP Clarity takes the same privacy-first approach as OSCAR, but in your browser. When you drag your SD card's DATALOG folder onto the import area at cpapclarity.com, everything happens locally. Your CPAP data is never uploaded to any server. There is no account to create, no cloud sync, no backend that touches your health information.

Your data is processed using JavaScript running in your browser, then stored in IndexedDB (your browser's built-in local database) so you can return to it later without re-importing. When you close the tab or clear your browser data, it's gone.

How Browser-Only Processing Works

When people hear "web app," they often assume their data is being sent to a server somewhere. CPAP Clarity works differently.

Traditional web apps send your data to a server for processing, then send results back to your browser. CPAP Clarity skips the server entirely. The code that reads and interprets your EDF files (the format ResMed uses to store signal data) runs as JavaScript in your browser. Your computer does all the work. The CPAP Clarity servers deliver the website code itself (HTML, CSS, JavaScript), but they never see, receive, or store a single byte of your health data.

Think of it like a calculator app on your phone. The app was downloaded from a store, but your calculations happen on your device. Nobody at Apple or Google sees the numbers you type in. CPAP Clarity works the same way with your sleep data.

What About the PDF Reports?

CPAP Clarity generates detailed PDF reports you can download for doctor appointments. These are also created entirely in your browser using a client-side rendering library. The PDF is assembled on your device and saved to your downloads folder. No server is involved.

Once you have the PDF, what you do with it is your choice. You might email it to your doctor, print it for an appointment, or keep it for your own records. The key distinction is that sharing is always your decision, never automatic. Nothing is sent anywhere unless you explicitly choose to send it.

What Cookies and Analytics We Do Use

Transparency means being upfront about everything, not just the parts that sound good. Here's what CPAP Clarity does collect:

Google Analytics 4. We use GA4 to understand how people use the site: which pages get visited, how long people stay, and what features they use. GA4 tracks page views and interactions, but it has no access to your CPAP data. It doesn't know your AHI, your leak rate, or anything about your therapy. It sees the same kind of information every website collects: page URLs, browser type, general geographic region.

Google AdSense. Articles on the site may display ads served by Google AdSense. AdSense uses cookies for ad personalization based on your general browsing history, not your CPAP data. You can opt out of personalized ads through Google's ad settings.

No health data in analytics. Ever. This is a hard rule in our codebase. The analytics layer and the data processing layer are completely separate. Your therapy metrics never touch any network request. You can verify this yourself using your browser's developer tools: open the Network tab while using the dashboard and you'll see zero outbound requests containing health data.

For the complete details, read our Privacy Policy.

Your Rights and Control

Your data belongs to you. Here's what that means in practice:

Clear your data anytime. CPAP Clarity stores your imported sessions in your browser's IndexedDB. You can wipe it all with one click from the dashboard. Once cleared, it's gone. We have no copy, no backup, no way to recover it, because we never had it in the first place.

Re-import whenever you want. Your SD card is the source of truth. You can clear your browser data, switch computers, or use a different browser, and re-import your SD card to start fresh. Your machine keeps recording regardless.

No account means no data trail. There's no profile to delete, no email to unsubscribe, no account history to request. You're anonymous by default.

Inspect the code. CPAP Clarity's data processing runs in your browser as JavaScript. If you're technically inclined, you can open your browser's developer tools and watch exactly what happens when you import your data. Every file read, every calculation, every storage operation is visible and verifiable.

Privacy as a Feature, Not a Footnote

Most tools treat privacy as a legal page buried in the footer. At CPAP Clarity, privacy is an architectural decision baked into the code. We don't protect your data by promising not to look at it. We protect it by never having it.

Your CPAP data tells a story about your health. You should be the one who decides who reads it.

Start analyzing your CPAP data privately →