Privacy Policy
Last updated: July 2, 2026
1. What we collect
When you create an account, we collect your email address and a securely hashed password. When you use Oneira, we store the dream entries you write, any interpretations generated, and basic usage metadata (timestamps, session identifiers).
2. How we use your data
Your dream entries are sent to an AI model to generate interpretations when you explicitly request one. We do not use your entries to train AI models. We do not sell, share, or monetise your personal data.
3. Data storage and security
Data is stored in encrypted databases. Passwords are hashed with argon2id. Access tokens expire after 15 minutes. All connections use TLS.
4. Data retention
Your data is retained as long as your account is active. You can request export or deletion of your data at any time through Settings. Upon account deletion, all personal data is permanently removed within 30 days.
5. Cookies
We use essential cookies only: an HTTP-only access token, an HTTP-only refresh token, and a CSRF protection cookie. We do not use tracking cookies or third-party analytics.
6. Third-party services
Dream content is processed by third-party AI providers (Anthropic, OpenAI) solely to generate interpretations. Dream content you submit is also screened for safety using OpenAI's moderation service, with Anthropic acting as a fallback safety classifier if OpenAI is unavailable. Content is not retained by these providers beyond the request lifecycle. Payment processing is handled by Stripe.
7. Your rights
You have the right to access, export, correct, and delete your personal data. To exercise these rights, use the Settings page or contact us at the address below.
8. Contact
For privacy-related questions, contact privacy@oneira.app.