Your dreams stay yours.

PengiDream (“PengiDream,” “we,” “us”) provides a private dream journal and AI-assisted symbolic analysis service. This Privacy Policy describes what information we collect, how we use it, and the choices you have.

We collect only what is necessary to operate the service:

• Account information. Your email address, display name, password hash (or OAuth identifier if you sign in with a provider), preferred timezone, and account preferences.
• Dream content. The text of dreams you write or speak into the journal, along with derived metadata (symbols, emotions, themes) that our AI analysis produces.
• Symbol contributions. Meanings you contribute to the Symbol Garden. See “Symbol Garden anonymity” below.
• Authentication tokens. Short-lived access tokens and refresh tokens used to keep you signed in.
• Technical data. IP address, browser/device information, and request logs used for security and abuse prevention.
• Local storage on your device. Draft dreams not yet submitted, refresh tokens, and theme preference. This data lives in your browser, not on our servers, until you save it.

• Operate the journal: store, retrieve, and display your dreams.
• Produce AI dream analyses (see Section 4 for sub-processors).
• Authenticate you and protect your account from abuse.
• Improve the product through aggregate, non-personally-identifying usage patterns.
• Communicate service-related notices (security, account changes). We do not send marketing email.

To provide the service, we share certain information with the following categories of sub-processors. Each is bound to confidentiality and processes data only on our behalf:

• AI analysis provider ([e.g., Anthropic]). When you request an analysis, the text of that single dream is sent to the AI provider for interpretation. We do not send your account identifiers, email, or other dreams alongside it. Our provider does not retain your prompts for training.
• OAuth identity providers (e.g., Google) when you choose to sign in via OAuth. We receive only the basic profile fields you authorize.
• Hosting and infrastructure providers for application hosting, database, and email delivery.

We do not sell your personal information. We do not share your dreams with advertisers or data brokers.

The Symbol Garden is our shared, community-sourced library of symbolic meanings. When you contribute a meaning, we deliberately do not store any link between that contribution and your account. Once submitted, even PengiDream staff cannot determine who authored it. This is by design and cannot be changed retroactively, including for law-enforcement requests.

Because contributions are not attributable to you, you cannot edit or delete a specific past contribution after submission. Please review what you write before posting.

• Active accounts: we retain your dreams and account data for as long as your account is active.
• Deleted accounts: when you delete your account, your dreams and account data enter a 30-day soft-delete window during which you can restore them. After 30 days they are permanently purged.
• Symbol Garden contributions: remain in the shared library after account deletion because they are not linked to your identity.
• Logs and security records: retained for up to [12 months] for fraud prevention and debugging.

You can, at any time:

• Access your data through the in-app journal and profile views.
• Export your dreams and symbols via the export tools in your profile.
• Correct your display name, email, and preferences in your profile.
• Delete your account, which begins the 30-day purge window described above.
• Object or restrict certain processing by emailing us.

If you reside in the European Economic Area, the United Kingdom, or California, you have additional rights under GDPR/UK-GDPR/CCPA respectively, including the right to lodge a complaint with your local supervisory authority.

Passwords are stored as salted hashes; we never store them in plaintext. Data in transit is protected with TLS. Data at rest is encrypted by our database provider. Authentication uses short-lived JWT access tokens and rotating refresh tokens. No system is perfectly secure, but we work to minimize risk and to notify affected users promptly if a breach occurs.

PengiDream uses your browser’s local storage (not third-party cookies) to:

• Keep you signed in across visits (refresh token).
• Remember your theme preference.
• Hold dream drafts you have not yet submitted.

We do not use advertising cookies or third-party tracking pixels.

PengiDream is not directed to children under [13]. We do not knowingly collect information from anyone under that age. If you believe a child has signed up, please contact us and we will delete the account.

PengiDream is operated from [country/region]. If you access the service from elsewhere, your information may be transferred to and processed in countries with different data protection laws. By using PengiDream you consent to this transfer.

We may update this Privacy Policy from time to time. Material changes will be announced in-app and the “Last updated” date above will be revised. Continuing to use PengiDream after a change means you accept the revised policy.

Questions or data requests: team.pengidream@gmail.com.