Privacy Policy

Last updated: [DATE]

Template — not legal advice. Replace every [BRACKET] and have a lawyer review this before you publish, especially if you serve users in the EU/UK or California. It is written to match what this app actually does.

This policy explains how [COMPANY NAME] (“we”, “us”) handles your information when you use Reverie at [DOMAIN] (the “Service”). Reverie is a dream journal that generates reflective interpretations of the dreams you write.

Information we collect

Account information — your email address, your name (optional), and a securely hashed password, created when you sign up.
Your dreams and reading preferences — the dream entries you write and the tradition or “lens” you choose to read them through. This content can be personal and may touch on sensitive subjects.
Marketing preference — whether you opted in to receive emails from us.
Usage analytics — coarse, non-content signals about how the app is used (for example, that an interpretation was requested), plus standard technical data such as IP address and browser type. We do not attach the text of a dream or your chosen tradition to analytics.
Cookies and similar technologies — see “Cookies and tracking” below.

How we use your information

To provide the Service — store your journal, generate interpretations, and sync across your devices.
To create and secure your account and send essential emails (verification, password reset).
To send marketing emails, only if you opted in, and only until you unsubscribe.
To understand and improve the Service, and to measure advertising, using non-content analytics.
To protect the Service from abuse and meet legal obligations.

Legal bases (EU/UK users)

We process account and journal data to perform our contract with you; analytics and advertising on the basis of your consent and our legitimate interests; and marketing email on the basis of your consent. Where dream content reveals special-category data, we rely on your explicit consent and your own act of providing it.

Service providers we share data with

We do not sell your personal information. We share data only with providers that help us run the Service:

OpenRouter — routes dream text to the selected model to generate an interpretation.
Supabase — hosts our database.
Railway — hosts and serves the application.
Resend — sends our emails and stores marketing contacts you consented to.
Meta — receives non-content advertising events if you consent to tracking.

What we never do

We never send the content of your dreams or your chosen tradition to advertising networks, and we never sell your data. Advertising events contain only coarse signals.

Cookies and tracking

Essential cookies keep you signed in. The Meta advertising pixel loads only after you agree on the consent banner; if you decline, it is not loaded. You can change your choice by clearing the site’s storage.

Marketing emails

If you opted in, we may email you occasional reflections. Every marketing email includes an unsubscribe link, and you can opt out at any time by contacting [CONTACT EMAIL].

Data retention

We keep your account and journal while your account is active. If you delete your account, your dreams are deleted with it. We may retain limited records where required by law.

Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your data, and to withdraw consent. To exercise these rights, contact [CONTACT EMAIL]. You can also delete your account to remove your journal.

Security

We use reasonable measures to protect your data, including encryption in transit and hashed passwords. No system is perfectly secure, so we cannot guarantee absolute security.

Children

Reverie is not directed to children under [16/18], and we do not knowingly collect their data.

International transfers

Our providers may process data in other countries. Where required, we rely on appropriate safeguards for those transfers.

Changes

We may update this policy and will revise the date above when we do.

Contact

Questions? Email [CONTACT EMAIL], [COMPANY NAME], [ADDRESS].