Privacy Policy

Our Commitment to Your Privacy

Dream Interpreter is built on the principle that your dream content is deeply personal. We treat your data with the same respect and care that Islamic scholarship demands for personal matters shared in confidence. This policy explains exactly what we collect, how we protect it, and your rights over your own data.

We will never sell your personal data to third parties. Ever. This is a core commitment, not a legal obligation we grudgingly comply with.

What Data We Collect

• Account information: Your name and email address when you create an account.
• Dream content: The dreams you submit for interpretation, including any additional context you provide.
• Interpretation history: The interpretations generated for your dreams, including citations and scholar reviews.
• Family context: Optional family relationship information and deceased loved ones you share to enhance interpretation accuracy.
• Usage data: Basic usage patterns (pages visited, features used) to improve the service. We do not use third-party analytics SDKs that collect personally identifiable information.

How Your Dream Content Is Protected

All dream content and interpretation text is encrypted at rest using AES-256-GCM encryption -- the same standard used by governments and financial institutions. Each user has a unique encryption key derived from their identity, meaning even we cannot read your dreams without the proper key derivation process.

Your password is hashed using bcrypt with a cost factor of 12. We never store plaintext passwords.

Anonymous Mode

You can use Dream Interpreter without creating an account. Anonymous users receive a temporary session with no email or personal information stored. Anonymous user data is automatically cleaned after 30 days of inactivity. If you later create an account, your anonymous data is not transferred -- you start fresh.

Your Rights (GDPR Compliance)

You have full control over your data. Under GDPR and our own commitment to privacy, you have the following rights:

• Right to access: You can export all of your personal data at any time from your Settings page. The export includes all your data in a readable JSON format with dream content fully decrypted.
• Right to erasure: You can permanently delete your account and all associated data from your Settings page. This is an immediate, irreversible hard delete -- not a soft-delete or archival. All related records (dreams, interpretations, family data, payment history) are removed via cascading deletion (GDPR Article 17).
• Right to data portability: The JSON export format is designed for portability. Your data belongs to you.

Data Retention

• Registered users: Your data is kept until you choose to delete your account.
• Anonymous users: Data is automatically cleaned after 30 days of inactivity.
• Verification tokens: Email verification and password reset tokens expire and are deleted after use or expiration.

Third-Party Services

We use a minimal set of third-party services, each carefully chosen for their privacy practices:

• Neon: Database hosting. All data is encrypted at rest on their infrastructure. They do not access your content.
• Resend: Email delivery for verification and password reset emails. They process email addresses only and do not store message content permanently.
• Stripe: Payment processing (for future premium features). Stripe handles payment data directly -- we never store your credit card information.

We do not use third-party analytics SDKs that collect personally identifiable information. We do not embed social media tracking pixels. We do not sell or share your data with advertisers.

Contact Us

For data-related requests or privacy questions, contact us at: [email protected]

We will respond to all data requests within 30 days, as required by GDPR.