Privacy Policy

Last updated: April 10, 2026

Dreem ("we," "our," or "us") operates the Dreem mobile application (the "App") available on the Apple App Store and Google Play Store. This Privacy Policy explains in detail how we collect, use, process, disclose, and safeguard your personal information when you use our App and related services. We understand that dream content and personal life context are deeply intimate — we treat all such data with the highest level of care, discretion, and security. Please read this policy carefully before using the App. By creating an account or using the App, you acknowledge that you have read and agree to the practices described in this Privacy Policy.

OnlyVibeApps is the data controller responsible for your personal information collected through the Dreem App. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable regional privacy laws.

We built Dreem because we believe dream interpretation can be a powerful tool for self-understanding. That requires you to trust us with deeply personal content — your inner world, your fears, your aspirations, and your relationships. We take that trust seriously. We are committed to using your data only to serve you, never to profit from it at your expense.

When you create a Dreem account, we collect the following: - Your full name and display name - Your email address - A profile avatar or photo (optional) - Encrypted password hash (we never store your raw password) - Account creation date and timestamp - Preferred language and region settings

If you choose to sign in using a third-party identity provider such as Google Sign-In or Apple Sign-In, we receive only your name and email address from that provider. We do not receive, access, or store your password for those external accounts. The OAuth token used for authentication is stored securely and used only to verify your identity.

Dreem's core value proposition is that it interprets your dreams in the context of your actual life — not with generic, one-size-fits-all meanings. To enable this, you may voluntarily share structured information about key dimensions of your life, which we call "Aspects." These may include: - Relationships: details about significant people in your life, relationship dynamics, ongoing situations - Career and Professional Life: your work environment, challenges, ambitions, workplace relationships - Physical and Mental Health: health conditions, ongoing concerns, treatment, wellness goals - Personal Goals and Aspirations: short-term and long-term goals you are working toward - Other Life Areas: any additional context you choose to provide

This information is entirely voluntary. You can choose not to provide any Aspect data, though doing so will result in less personalized interpretations. Aspect data is stored securely in your account and used solely to contextualize your dream analysis. It is never shared with third parties for any purpose.

Every dream you record in the App is stored and associated with your account. Dream data includes: - The full text of your dream description, whether typed or transcribed from voice - The date and time the dream was recorded - The title or name you assign to the dream entry (if any) - Any mood or emotion tags you apply manually - Notes or reflections you add after the interpretation

We treat dream content as sensitive personal data. Your dreams may reveal information about your subconscious thoughts, emotional states, relationships, traumas, desires, and fears. We handle this information with commensurate care.

Dreem provides a voice-to-text feature so you can record your dreams immediately upon waking, without needing to type. Here is exactly how this works: - When you activate voice recording, your device's microphone captures the audio - The audio is transmitted in real-time over an encrypted connection to the Google Cloud Speech-to-Text API - Google's service transcribes the speech into text - The resulting transcription is returned to the App and stored as your dream entry text - The raw audio recording is NOT stored on our servers — it is processed ephemerally and discarded immediately after transcription - The transcription is subject to Google's Cloud Speech-to-Text data processing terms; Google does not use API-submitted audio to train its general models

When you submit a dream for interpretation, Dreem's AI system generates a comprehensive analysis. All AI-generated content is stored in your account and includes: - A concise summary of the dream narrative - A detailed psychological and symbolic interpretation of the dream - Mood and emotional tone analysis (e.g., anxious, hopeful, conflicted) - Identified symbols, archetypes, and motifs within the dream - Named entities extracted from the dream: people, places, animals, objects - Thematic connections between dream elements and your life context Aspects - An overall significance assessment - Suggested areas of focus or reflection based on the interpretation

This AI-generated content belongs to you and is stored persistently in your account so you can revisit, reflect on, and build upon previous interpretations over time.

Dreem includes a "Discuss with AI" feature that allows you to have a conversational, interactive dialogue with the AI to explore your dream more deeply. When you use this feature: - All messages you send to the AI are stored as part of the associated dream entry - All AI responses are stored alongside your messages - Conversation history persists so you can revisit past discussions - The context of your life Aspects and the dream's AI analysis is passed to the AI to ensure continuity and relevance in the conversation

We store your preferences regarding: - Push notification settings (enabled/disabled, and which types of notifications you allow) - Email communication preferences - In-app notification behavior

We store your in-app configuration including: - Theme preferences (light/dark mode, color schemes) - Language and locale settings - Dashboard layout preferences - Dream journal view settings

We collect anonymized, aggregated analytics data to understand how the App is used and to improve its performance and features. This data is collected via PostHog and includes: - Screens and features accessed, in what order, and for how long - Session duration and frequency of use - Feature adoption rates (e.g., how many users use voice recording vs. typing) - Funnel analysis (e.g., onboarding completion rates) - Button and interaction tracking

This analytics data is not linked to your personal identity and does not include the content of your dreams or life context data.

We use Sentry for crash reporting and error monitoring. When the App encounters an error or crash, Sentry automatically sends a report that includes: - The type of error and the code location where it occurred - Your device model and operating system version - The App version running at the time of the error - A stack trace identifying the sequence of code that led to the crash

Crash reports do not include your dream content, personal life context, or any personally identifiable information.

Dreem operates on a freemium model. Your first three dream interpretations are free. Additional interpretations require a paid subscription (Basic or Pro plan). All payment transactions are processed exclusively through the Apple App Store (for iOS) or Google Play Store (for Android) using RevenueCat as our subscription management layer. We do not collect, access, process, or store: - Credit card numbers, debit card numbers, or any financial account details - Bank account information - Billing addresses

We receive only the following from RevenueCat: - A confirmation that a valid subscription exists - The subscription tier (Basic or Pro) - The subscription status (active, expired, grace period, or cancelled) - An anonymized subscriber identifier used to verify entitlements

The primary purpose of collecting your data is to provide you with personalized dream interpretation. Specifically, we use your data to: - Authenticate your identity and manage your account session securely - Display your dream journal and previously analyzed entries - Generate contextually-rich AI dream interpretations by passing your dream content and relevant life context Aspects to our AI provider - Provide continuity in the "Discuss with AI" conversational feature by maintaining chat history - Track your dream interpretation usage against your plan's allowance (free interpretations remaining, or unlimited for paid subscribers) - Send you in-app and push notifications about your dream analysis, reminders, and account-related communications

We use anonymized, aggregated analytics data to: - Identify friction points in the user experience and resolve them - Understand which features are most valued and prioritize improvements accordingly - Test new features and designs - Monitor App performance and stability - Fix bugs and crashes identified through Sentry error reports

We may use your email address to: - Send transactional emails (e.g., account verification, password reset, subscription confirmation) - Notify you of significant changes to the App or this Privacy Policy - Respond to support requests you initiate

We do not send unsolicited marketing emails. If we introduce a newsletter or promotional communications in the future, we will obtain your separate, explicit consent before sending them.

We may use your information to: - Comply with applicable laws and legal obligations - Respond to valid legal process (subpoenas, court orders, regulatory requests) - Detect, investigate, and prevent fraud, abuse, or security incidents - Enforce our Terms of Service

We want to be explicit about uses we categorically refuse: - We do not sell your personal data, dream content, or life context to any third party, ever - We do not share your data with advertisers or advertising networks - We do not use your data to build behavioral advertising profiles - We do not use your dream content or life context to train AI models for any purpose other than generating your individual interpretations in real-time - We do not use profiling to make automated decisions about you that produce legal or similarly significant effects without your knowledge and consent - We do not share your data with employers, insurance companies, government agencies (except when legally compelled), or any other entities beyond those described in this policy

We engage the following third-party service providers who process your data on our behalf, subject to strict data processing agreements that prohibit them from using your data for any purpose other than providing their service to us:

Supabase (Database, Authentication, and Storage): Supabase provides our cloud database infrastructure, user authentication system, and secure file storage. Your dream content, life context Aspects, account information, AI analysis results, and chat history are stored in Supabase's PostgreSQL database. Supabase implements row-level security (RLS) policies at the database level, which means your data is cryptographically scoped to your user account — no other user's queries can access it, and even our own backend queries are constrained by these policies. Supabase's infrastructure is hosted on AWS and complies with SOC 2 Type II and ISO 27001 standards.

Google Cloud — Speech-to-Text API: When you use voice recording, your audio is sent to Google Cloud's Speech-to-Text service for transcription. The audio is processed ephemerally; Google does not store the audio or use API-submitted content to train its general speech recognition models. This processing is governed by Google Cloud's data processing addendum.

Google — Gemini AI (Dream Analysis): Your dream descriptions, relevant life context Aspects, and chat messages are sent to Google's Gemini AI API to generate interpretations and conversation responses. We send only the minimum data necessary for the analysis. We use API configurations that instruct the model not to retain conversation history beyond the immediate request. This processing is governed by Google's API terms of service.

RevenueCat (Subscription Management): RevenueCat receives anonymized user identifiers and purchase receipts from Apple or Google to verify your subscription status. RevenueCat does not receive your dream content, life context, or any personal information beyond what is necessary to validate your entitlement.

PostHog (Product Analytics): PostHog receives anonymized, aggregated behavioral analytics data — screen views, feature interactions, session durations. PostHog does not receive your name, email, dream content, or any personally identifiable information.

Sentry (Error Monitoring): Sentry receives crash reports and error logs containing technical diagnostic information such as device model, OS version, App version, and stack traces. Sentry does not receive dream content or personally identifiable information.

We may disclose your information to government authorities, law enforcement, or courts if we are legally required to do so pursuant to a valid subpoena, court order, warrant, or other legal process. When legally permitted, we will notify you of such requests. We will provide only the minimum information legally required and will resist overly broad requests.

If OnlyVibeApps undergoes a merger, acquisition, bankruptcy, reorganization, or sale of all or a material portion of its assets, your personal information may be transferred to or acquired by the successor entity. We will provide notice through the App and via email before your data becomes subject to a materially different privacy policy, and we will ensure the successor entity provides equivalent or greater privacy protections.

We may share your information with additional third parties in circumstances not described above if we first obtain your explicit, informed consent.

• Dream content or life context Aspects with any third party for advertising, research, or commercial purposes without your explicit consent
• Your data with data brokers or data aggregators
• Your information with other Dreem users — your dream journal is always private to you alone

All personal data is stored in Supabase's cloud database infrastructure, which operates on AWS and adheres to SOC 2 Type II and ISO 27001 compliance standards. Data protection measures include: - Encryption at rest using AES-256 for all stored data, including dream content, Aspects, and AI analysis results - Encryption in transit using TLS 1.3 for all network communications between your device and our servers - Database-level row-level security (RLS) policies ensuring that each authenticated user can only read and write their own records - Secure key management practices for encryption keys

We implement multiple layers of access control: - Passwords are hashed using bcrypt with a high cost factor before storage — we never store or have access to your raw password - User sessions are managed using short-lived JWT (JSON Web Tokens) with automatic expiry - Third-party OAuth tokens (for Google/Apple sign-in) are stored securely and scoped to authentication only - Employee access to production database systems is restricted to authorized engineering personnel on a strict need-to-know basis - All access to production systems is logged and audited

We maintain an incident response plan for potential data breaches or security incidents. In the event of a breach that poses a risk to your rights and freedoms, we will notify you and, where required by law, the relevant supervisory authority within 72 hours of becoming aware of the breach.

We apply the principle of data minimization: we collect only the data that is genuinely necessary to provide the service. We do not collect or retain data speculatively.

Your data is retained according to the following schedule: - Active account data (dreams, Aspects, analysis, chat history): Retained for the lifetime of your account, as this history is core to the service's value - Session tokens and authentication data: Expired and deleted automatically on logout or after the token's expiry period - Voice recordings (raw audio): Never stored — processed ephemerally and discarded immediately after transcription - Anonymized analytics data: Retained indefinitely in aggregated, anonymized form for product improvement - Crash reports: Retained for 90 days, then automatically deleted by Sentry - Account data upon deletion: Permanently deleted or fully anonymized within 30 days of account deletion, except where retention is required by applicable law (e.g., financial records related to subscription payments may be retained for the legally required period)

You have the right to request a complete copy of all personal data we hold about you. This includes your account information, dream entries, Aspects, AI analysis results, and chat history.

You have the right to request correction of any inaccurate or incomplete personal data we hold. You can also update most of your account information directly within the App.

You have the right to request deletion of your personal data. You can delete individual dream entries directly within the App. To request complete account and data deletion, you can do so from the App's account settings or by contacting us at privacy@onlyvibeapps.com. We will permanently delete all your personal data within 30 days of your request, subject to legal retention requirements.

You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV) so that you can transfer it to another service if you choose.

You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when you have objected to processing pending verification of our legitimate grounds.

You have the right to object to processing of your personal data where that processing is based on legitimate interests. If you object, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, or for the establishment, exercise, or defense of legal claims.

Where processing is based on your consent (for example, for life context data and voice recordings), you may withdraw your consent at any time without affecting the lawfulness of processing that took place prior to withdrawal. You can withdraw consent by deleting the relevant data within the App or by contacting us.

If you wish to opt out of anonymous product analytics, you can contact us and we will configure your account to exclude you from PostHog analytics collection.

To exercise any of the above rights, contact us at privacy@onlyvibeapps.com. Please include your full name and the email address associated with your Dreem account so we can verify your identity. We will respond within 30 days. For complex requests, we may extend this period by an additional 60 days, and we will notify you of any extension within the initial 30-day period.

• For transfers to the United States from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, incorporated into our data processing agreements with providers
• We select service providers that have achieved relevant compliance certifications (SOC 2, ISO 27001, or equivalent)
• We contractually require all processors to implement appropriate security and privacy safeguards

• This data is never used for advertising or commercial purposes
• Access to this data by our employees is strictly limited and logged
• This data is not shared with any third party except for the AI service provider (Google Gemini AI) strictly for the purpose of generating your individual dream interpretation
• We apply database-level security controls that prevent any cross-user access to this data

• Posting the updated policy prominently within the App
• Updating the "Last updated" date at the top of this policy
• Sending an in-app notification for significant changes
• Sending an email notification for changes that materially affect how we handle your data

• Right to Know: You may request that we disclose the categories of personal information we have collected about you, the purposes for which it was collected, the categories of sources, and whether it was sold or shared.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information we hold about you.
• Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. This right is therefore not applicable.
• Right to Limit Use of Sensitive Personal Information: You may direct us to limit the use and disclosure of sensitive personal information to what is necessary to provide the services you requested.
• Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Legal Bases for Processing: We process your personal data on the following legal bases: - Consent (Article 6(1)(a) GDPR): For processing of life context Aspects, voice recordings, and any optional data you voluntarily provide. You may withdraw consent at any time. - Performance of a Contract (Article 6(1)(b) GDPR): For account management, dream entry storage, and delivery of the core dream interpretation service, as these are necessary to perform our agreement with you. - Legitimate Interests (Article 6(1)(f) GDPR): For anonymized product analytics, crash reporting, and security monitoring, where our legitimate interests in improving and securing the service do not override your privacy rights. - Legal Obligation (Article 6(1)(c) GDPR): For compliance with applicable laws and legal process.

Special Category Data: To the extent that your dream content or life context Aspects constitute special category data under Article 9 GDPR (e.g., health data, data about personal relationships), we process this data on the basis of your explicit consent (Article 9(2)(a) GDPR).

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your individual rights, please contact us at:

OnlyVibeApps Email: privacy@onlyvibeapps.com

We are committed to working with you to resolve any privacy concerns. If you are not satisfied with our response, you may have the right to lodge a complaint with a supervisory authority in your jurisdiction.