How we handle your dreams.

When you use Oneirio, we collect:

• Account data: email, name (optional), birth date (optional, used only for personalization).
• Dream content: the dreams you describe, plus any voice transcripts. Encrypted at rest.
• Usage data: which features you use, anonymized pattern data.
• Payment data: handled entirely by Stripe. We never see your card.
• Device & browser info: standard server logs (IP, user agent), retained 30 days for security.

• We do not use your dreams to train AI models. Ours or anyone else's. Ever.
• We do not sell your data to advertisers, data brokers, or anyone.
• We do not share dream content with third parties except to deliver the service (Anthropic / OpenAI process the interpretation request, then discard the data per their zero-retention enterprise terms).
• We do not track you across other sites.

To provide the interpretation service, store your dream history, and run the business (billing, support, fraud prevention). Legal basis under GDPR: contract performance for service operation, legitimate interest for fraud prevention, consent for marketing.

We use these third-party services to operate Oneirio:

• Vercel — hosting
• Neon — database (EU region)
• Stripe — payments
• Anthropic / OpenAI (via OpenRouter) — AI interpretation
• Resend — transactional email
• Cloudflare — CDN + DDoS

All have signed data processing agreements with us.

You have the right to:

• Access your data — email us, we send everything within 30 days.
• Delete your data — one click in account settings, or email us.
• Export your data — full JSON export available in settings.
• Correct your data — edit anytime in settings.
• Opt out of marketing — every email has unsubscribe.
• Lodge a complaint with your data protection authority.

Active account data: kept until you delete the account. Server logs: 30 days. Payment records: 7 years (legal requirement). Backups: rotated monthly.

Oneirio is operated from the EU (Latvia). Some subprocessors are US-based. Where data crosses borders, we use Standard Contractual Clauses or rely on adequacy decisions per GDPR Article 46.

Oneirio is not for users under 16. We do not knowingly collect data from children. If you believe a child has signed up, email us and we will delete the account.

If you describe a dream containing severe distress or self-harm ideation, our system flags it and shows resources alongside your reading. The flag and resources are NOT shared with third parties. Oneirio is not a substitute for crisis care — call 988 (US), Samaritans 116 123 (UK/EU), or visit findahelpline.com.

Privacy questions: privacy@oneirio.app
EU representative / DPO: appointed before launch (placeholder).