Privacy Policy
Last Updated: 12/15/2025
Introduction
At Dreamin, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application ('the App'). By using Dreamin, you agree to the collection and use of information in accordance with this policy. The App is operated by Dreamin and is designed for users aged 13 and above.
Data Controller
The data controller responsible for your personal data is: Dreamin, Alexanderplatz 1, 10178 Berlin, Germany. For privacy-related inquiries, please contact us at info@getdreamin.app.
Information We Collect
We collect the following types of information: 1. Account Information: When you create an account, we collect your email address, name (optional), and authentication credentials. 2. Dream Content: The text, voice recordings (if you use voice input), and any associated metadata (date, time, emotion tags, dream type) that you voluntarily submit. All dream content is encrypted before storage. 3. Generated Content: AI-generated images and videos created from your dreams, stored securely in our systems. 4. Usage Data: Information about how you use the App, including features accessed, frequency of use, and interaction patterns (anonymized). 5. Device Information: Device type, operating system version, unique device identifiers, and App version for technical support and optimization. 6. Payment Information: If you subscribe to premium features, payment data is processed through our payment processor (Adapty/Apple/Google), and we only store transaction IDs and subscription status.
How We Use Your Data
We use your personal data for the following purposes: 1. Service Provision: To provide AI-powered dream analysis, generate visualizations and videos, and maintain your dream journal. 2. AI Processing: Your dream content is sent to OpenAI's GPT models for analysis and to FAL.ai for image/video generation. These services process data according to their own privacy policies. 3. App Improvement: To analyze usage patterns (in aggregated, anonymized form) to improve features and user experience. 4. Technical Support: To respond to your support requests and troubleshoot technical issues. 5. Communication: To send you service-related notifications, updates, and (with your consent) promotional content. 6. Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our rights and those of other users. We do not use your dream content for marketing purposes or share it with third parties except as explicitly stated in this policy.
Data Sharing and Third-Party Services
We value your privacy and will NEVER sell your personal data. We only share data with the following trusted third-party service providers: 1. OpenAI: For AI-powered dream analysis. Your dream content is sent to OpenAI's API for processing. OpenAI's data processing is governed by their Data Processing Agreement (DPA) and privacy policy. 2. FAL.ai: For AI image and video generation from your dreams. Your dream descriptions are sent to FAL.ai's API for visual content creation. 3. Supabase: Our backend database and authentication provider, hosting encrypted dream data in secure cloud infrastructure. 4. Adapty: Our subscription management platform, processing payment data through Apple App Store and Google Play Store. 5. Legal Requirements: We may disclose your information if required by law, court order, or governmental request, or to protect our rights and safety. All third-party processors are required to protect your data in accordance with GDPR, KVKK, and other applicable data protection laws. Data transfers to countries outside the EU/EEA are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards.
Data Retention and Deletion
We retain your personal data only as long as necessary to provide our services and comply with legal obligations: 1. Account Data: Retained as long as your account is active. 2. Dream Content: Retained as long as your account is active or until you delete specific dreams. 3. Account Deletion: If you delete your account, all your personal data (including dream content, generated images/videos, and account information) will be permanently deleted immediately (within 24 hours). This action is irreversible. 4. Backups: Deleted data may remain in encrypted backups for up to 30 days for technical recovery purposes, then permanently purged. 5. Anonymized Data: Aggregated, anonymized analytics data may be retained indefinitely for statistical purposes, but cannot be linked back to you.
Data Security Measures
We implement industry-standard security measures to protect your data: 1. Encryption: All dream content is encrypted at rest using AES-256 encryption. Data in transit is protected using TLS/SSL. 2. Access Controls: Strict access controls ensure that only authorized personnel can access systems containing personal data, and only when necessary. 3. Secure Infrastructure: Our data is hosted on Supabase's secure cloud infrastructure with regular security audits and compliance certifications. 4. Authentication: Secure authentication mechanisms, including bcrypt password hashing and optional two-factor authentication. 5. Regular Audits: We conduct regular security assessments and vulnerability testing. However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
Your Rights (GDPR/KVKK Compliance)
Under GDPR (EU), KVKK (Turkey), and other data protection laws, you have the following rights: 1. Right to Access: Request a copy of all personal data we hold about you. 2. Right to Rectification: Correct any inaccurate or incomplete personal data. 3. Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data by deleting your account in the App settings. 4. Right to Data Portability: Export your data in a machine-readable format (JSON) from the App. 5. Right to Object: Object to processing of your personal data for certain purposes. 6. Right to Restriction: Request temporary restriction of data processing. 7. Right to Withdraw Consent: Withdraw your consent at any time (where processing is based on consent). To exercise any of these rights, contact us at privacy@getdreamin.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
Cookies and Tracking
The Dreamin mobile app uses minimal essential cookies and tracking: 1. Essential Cookies: Necessary for authentication, session management, and core app functionality. These cannot be disabled. 2. No Marketing Cookies: We do not use cookies for advertising or marketing tracking. 3. Analytics: We collect anonymized usage statistics to improve the App. You can opt out of analytics in the App settings. The App does not track you across other apps or websites.
Age Restrictions and Children's Privacy
Dreamin is intended for users aged 13 and above. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal data, please contact us at privacy@getdreamin.app, and we will promptly delete such information. For users aged 13-16 in the EU, we require parental consent where mandated by local law.
International Data Transfers
Your data may be processed in countries outside your country of residence, including the United States (OpenAI, Supabase) and other locations where our service providers operate. These transfers are protected by: 1. Standard Contractual Clauses (SCCs) approved by the European Commission. 2. Data Processing Agreements (DPAs) with all third-party processors. 3. Adequacy decisions where applicable. We ensure that all international transfers comply with GDPR, KVKK, and other applicable data protection regulations.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by: 1. Updating the 'Last Updated' date at the top of this policy. 2. Sending an in-app notification or email (for significant changes). Your continued use of the App after changes become effective constitutes acceptance of the updated policy. We encourage you to review this policy periodically.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: Email: info@getdreamin.app Data Protection Officer (if applicable): info@getdreamin.app For GDPR-related inquiries (EU users), you may also contact your local data protection authority.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: Email: info@getdreamin.app Data Protection Officer (if applicable): info@getdreamin.app For GDPR-related inquiries (EU users), you may also contact your local data protection authority.