Privacy Policy

Last updated: March 12, 2026

This Privacy Policy explains how Dream Buddy ("we", "us", or "our") collects, uses, and protects your information when you use our service at dreambuddy.io ("Service"). We are committed to handling your personal data — especially your dream content — with care and transparency.

1. Information We Collect

We collect the following categories of information:

  • Account information — your email address, used to create and manage your account
  • Dream journal entries — the text, mood tags, and metadata you submit when logging dreams
  • Usage data — pages visited, features used, and general interaction patterns within the app, collected to improve the Service
  • Billing information — payment details are collected and stored directly by Polar.sh; we never see or store your full card number
  • Device and technical data — IP address, browser type, and operating system, collected automatically when you use the Service

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process your dream entries through AI to generate analysis, dream sign detection, and personalised insights
  • Manage your subscription and process payments
  • Send transactional emails (e.g. login links, billing receipts)
  • Respond to support requests
  • Improve and develop new features based on usage patterns
  • Comply with legal obligations

We do not use your dream content for advertising, and we do not sell your personal information to third parties.

3. Third-Party Services

To operate the Service, we share limited data with the following trusted third-party providers:

  • Supabase — our database and authentication provider. Your account data and dream journal entries are stored on Supabase's infrastructure.
  • OpenRouter / OpenAI — AI providers used to analyse your dream entries. Your dream text is sent to these services solely to generate your analysis. They are contractually prohibited from using your content to train models.
  • Polar.sh — our payment processor. They handle all billing data in compliance with PCI-DSS. We receive only subscription status and billing metadata.
  • Vercel — our hosting and infrastructure provider. Traffic to the Service passes through Vercel's network.

Each of these providers has their own privacy policy governing how they handle data. We select providers who meet high standards for data security and privacy.

4. Cookies and Tracking

We use essential cookies and session tokens to keep you logged in and to operate the Service securely. We do not currently use third-party advertising cookies or tracking pixels. If this changes, we will update this policy and notify you.

5. Data Security

We take the security of your data seriously. Your data is stored on Supabase's infrastructure, which is encrypted at rest and in transit. Access to your data is restricted to systems and personnel who need it to operate the Service. No method of transmission or storage is 100% secure, but we use industry-standard practices to protect your information.

6. Data Retention

We retain your account data and dream journal entries for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g. billing records).

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that we correct inaccurate data
  • Deletion — request that we delete your account and personal data
  • Portability — request an export of your dream journal entries in a portable format
  • Objection — object to certain types of processing

To exercise any of these rights, contact us at contact@dreambuddy.io. We will respond within 30 days.

8. Children's Privacy

Dream Buddy is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13 without parental consent, we will delete that information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice within the Service before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us at contact@dreambuddy.io.