Privacy Policy

Information We Collect

Information You Provide Directly:

• Account Information: Your name (optional) and email address.
• Dream Content: The text of your dreams, personal notes, and any custom symbol meanings you define.
• Payment Information: When you subscribe, our payment processor, Stripe, collects your payment information. We do not store your full credit card details on our servers.

Information We Collect Automatically:

• Usage Data: We log your activity to improve the service, such as features used, streak data, and achievements earned.
• Device Information: Standard logs including your IP address, browser type, and operating system for security and analytics.

Information We Generate:

• AI-Generated Data: Interpretations, themes, mood analysis, archetype analysis, dream landscape coordinates, and text embeddings generated from your Dream Content. This data is linked to your account to provide you with personalized features.

How We Use Your Information

• To Provide the Service: To create and maintain your account, generate dream interpretations, display your journal, and provide personalized analytics and gamification features.
• To Communicate With You: To send you transactional emails, such as password resets and daily dream briefings (if you opt-in).
• To Improve the Service: To understand how our users interact with the Service and to train our AI models using Anonymized Data only.
• For Security: To protect the Service from abuse, fraud, and security threats.

How We Share Your Information

We do not sell your personal data. We only share it with trusted third-party providers who are essential for operating our Service, under strict data processing agreements:

• AI Service Provider (OpenAI): We send your Dream Content to OpenAI to generate interpretations. Their use of the data is governed by our data processing agreement with them.
• Payment Processor (Stripe): To process your subscription payments.
• Email Provider (e.g., Resend): To send you transactional emails.
• As Required by Law: We may disclose your information if required by law or in the good-faith belief that such action is necessary to comply with a legal obligation.

Data Security

We implement robust technical and organizational measures to protect your information:

• Encryption: Your data is encrypted in transit (using TLS/SSL) and at rest by our cloud database provider.
• Password Hashing: Your password is never stored in plaintext. It is securely hashed using the industry-standard bcryptjs algorithm.
• Access Control: Our application logic is designed to ensure you can only access your own data.

Data Retention

We retain your personal data as long as your account is active. If you delete your account, your personal data will be soft-deleted and then permanently removed from our production systems in accordance with our data retention policy (typically within 30-90 days). Anonymized and aggregated data may be retained indefinitely for research and service improvement.

Your Rights (GDPR & CCPA)

Regardless of your location, we extend the following rights to all our users:

• The right to access: You can request a copy of the personal data we hold about you.
• The right to rectification: You can request that we correct any inaccurate or incomplete data.
• The right to erasure: You can delete your account and associated data at any time from your security settings.
• The right to object to processing: You can opt-out of non-essential communications.

To exercise these rights, please contact us using the app's built-in chat functionality.

Contact Us

If you have any questions about this Privacy Policy, please contact us using the app's built-in chat functionality.