Noctide

1. Information We Collect

1.1 Account Information

When you register, we collect your email address. Authentication is handled by a third-party service, which may also collect your name and profile picture if you sign in via a social media account.

1.2 Dream Content

When you enter a dream, we collect the dream text, title, and optional real-life context description you provide. This content may contain sensitive information about your mental health, emotions, fears, and personal experiences.

1.3 AI Analysis Results

Your dreams are analyzed using artificial intelligence (AI). The analysis generates interpretations, emotional patterns, and other insights that help you better understand your dreams. These results are stored in association with your account.

1.4 Profile Data

You may optionally provide: gender, workplace, relationship status, additional information, and names of known people with their roles. This data is used to personalize interpretations.

2. How We Use Your Data

• Providing and operating the Service: saving, displaying, and analyzing your dreams
• AI-powered analysis: generating emotions, patterns, and interpretations using artificial intelligence
• Improving and developing the Service
• Providing customer support (contact form)
• Sending you reminders and summaries (with your consent)
• Creating anonymous statistics (frequent symbols, emotions) — without identifying any user
• Complying with legal obligations

3. Legal Bases for Processing (GDPR Article 6)

4. Sensitive Data (GDPR Article 9)

Dream content may contain information that qualifies as special category personal data under the GDPR (e.g., data concerning health, sex life, political opinions, or religious beliefs). We process such content solely on the basis of your explicit consent (GDPR Article 9(2)(a)), which you provide when you enter a dream into the Service.

You have the right to withdraw your consent at any time by deleting your dreams or your account.

5. Data Sharing and Third Parties

We never sell your personal data. We share data with the following categories of processors:

• Authentication and user account management provider (EU / USA)
• AI analysis provider (EU)
• Server and database hosting provider (EU)
• Email delivery provider (USA)
• Payment processing provider (EU / USA)

We have data processing agreements in place with all service providers. Where data is processed outside the EU, we rely on Standard Contractual Clauses (SCCs) pursuant to GDPR Article 46(2)(c). For a detailed list of sub-processors, please contact us.

6. International Data Transfers

Your data may be processed outside the European Economic Area (EEA), particularly in the United States. In such cases, we ensure protection through the European Commission's Standard Contractual Clauses (SCCs) and/or verify that the service provider applies adequate organizational and technical security measures.

7. Data Retention

• Account and profile data: until account deletion
• Dream content and AI analyses: until account deletion or deletion of specific dreams
• Anonymous statistics: indefinitely (no individual can be identified)
• Contact form messages: up to 2 years
• Upon account deletion, we delete all your personal data within 30 days, unless a longer retention is required by law

8. Your Rights (GDPR)

You have the following rights regarding your personal data:

• Right of access — you can request what data we process about you
• Right to rectification — you can request correction of inaccurate data
• Right to erasure ("right to be forgotten") — you can request deletion of your data
• Right to restriction of processing — you can request that we restrict processing of your data
• Right to data portability — you can request your data in a machine-readable format (CSV export is available in the Service)
• Right to object — you can object to processing based on legitimate interest
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time

You can delete your account at any time directly in the Service from the Account view via the "Delete account" action.

To exercise your rights, contact us at support@noctide.com. We will respond to your request within 30 days.

9. Automated Decision-Making and Profiling

The Service uses automated processing (AI) to analyze your dreams. This includes emotion detection, pattern recognition, and interpretation generation. These results are informational and suggestive only — they do not produce legal effects or significantly affect you.

AI interpretations do not replace professional psychological counseling or therapy.

10. Security Measures

We protect your data with the following measures:

• Encryption of data in transit (HTTPS/TLS)
• Database access restrictions
• Secure authentication
• Regular software updates
• Data minimization (we only collect data that is necessary)

11. Children\'s Data

The Service is intended for users aged 16 and older. For users under 16, we require parental or guardian consent. If we become aware that a person under 16 has provided us with data without parental consent, we will delete that data immediately.

12. Cookies

The Service uses only essential cookies required for the operation of the Service (e.g., authentication session and language preference). We do not use tracking cookies or third-party advertising cookies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. In case of significant changes, we will notify you by email or through the Service. We recommend reviewing this page periodically.

14. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate:

15. Contact Us

For data protection inquiries, contact us: