Privacy Policy

We don't sell your data. We minimize collecting it.

Dreamilia is privacy‑first and local‑first. This policy explains what we collect, why we collect it, how we secure it, and your choices. If anything is unclear, please email privacy@dreamilia.com.

Effective date: September 30, 2025

1. Summary

We design Dreamilia so your data stays on your devices. Backups are encrypted locally before optional sync, and we operate with no telemetry by default. We only collect minimal account and billing data when you purchase or contact us.

  • We do not sell or rent personal data.
  • No ads, no third‑party trackers on our app.
  • Optional crash reports are redacted and opt‑in.

2. Data we collect

We aim to collect the bare minimum required to operate our business and support customers.

2.1 Account & purchase data

  • Contact: name, email (provided by you during purchase or support).
  • License/Order: license key, order ID, price, currency, purchase date.
  • Billing: handled by our payment processor; we do not store full card numbers.

2.2 App data (local‑first)

Your projects, snapshots, and files stay on your machine and—if you enable it—encrypted in your chosen cloud. We cannot access your backup contents.

2.3 Diagnostics (optional)

  • Crash reports: stack traces, app version, OS version. No file paths or contents.
  • Support emails: information you choose to include to help us troubleshoot.

3. How we use data

  • Provide and improve Dreamilia (e.g., process purchases, deliver licenses, respond to support).
  • Send important service messages (license info, security notices). You can opt out of marketing at any time.
  • Detect, prevent, and address abuse or security incidents.

4. Legal bases

If you are in the EEA/UK, we process data under these bases: contract (to provide the product), legitimate interests (security, anti‑abuse), and consent (optional crash reports, marketing emails).

5. Security

  • Encryption: AES‑256 at rest for backups; TLS in transit for sync/auth.
  • Zero‑knowledge: keys are generated and stored on your device. We cannot decrypt your backups.
  • Hardening: integrity checks (SHA‑256), least‑privilege access, and regular review of dependencies.

6. Cookies

Our marketing website uses strictly‑necessary cookies for basic functionality. We avoid analytics by default. If we add privacy‑respecting analytics later, we will update this page and provide controls.

  • Strictly necessary: security, basic site features.
  • Functional (optional): remember preferences.

You can control cookies in your browser settings. If a consent banner is present, you can change choices anytime via the “Cookies” link in the footer.

7. Payments

Payments are processed by a third‑party provider (e.g., Stripe/Paddle). They handle card data under PCI‑DSS. We receive non‑sensitive details like order ID, amount, and contact email for receipts and license delivery.

8. Third‑party providers

We work with a short list of sub‑processors to run Dreamilia. Typical examples include:

  • Payment processing (billing, receipts)
  • Email delivery (transactional/support email)
  • Crash reporting (optional diagnostics)

We require appropriate data protection terms with providers and share only what’s necessary. A current list is available at /subprocessors.

9. Data retention

  • Account & purchase records: retained as required for accounting, tax, and fraud prevention.
  • Support communications: kept to maintain context, then deleted upon request where feasible.
  • Crash reports: deleted automatically after a limited period or upon request.

10. Your rights

Depending on your location, you may have rights to access, correct, export, object to, or delete your personal data.

  • Access/Export: request a copy of your data.
  • Rectification: correct inaccurate information.
  • Erasure: request deletion of personal data we store (subject to legal obligations).
  • Objection & restriction: limit certain processing.
  • Marketing: unsubscribe using the link in emails or by emailing us.

To exercise rights, email privacy@dreamilia.com. We may verify your request to protect your account.

US (CPRA): We do not sell or share personal information for cross‑context behavioral advertising. If you believe otherwise, contact us. A Do Not Sell/Share preferences page is available.

11. International transfers

If data moves outside your country (e.g., to email or payment providers), we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

12. Children’s privacy

Dreamilia is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us to remove it.

13. Changes to this policy

We will update this page if our practices change. If changes are material, we’ll notify you via email or an in‑app notice. The “Effective date” above reflects the latest revision.

14. Contact us

Questions about privacy? Reach us at privacy@dreamilia.com. For data processing terms, see our Data Processing Addendum (DPA). For general support, email support@dreamilia.com.

This policy is provided for transparency and does not constitute legal advice.