Privacy Policy

Àlá App operates the Àlá mobile application and website at alaapp.dedyn.io. This Privacy Policy explains how we collect, use, store, and delete your personal information and dream content when you use our service.

Dreams are personal. The fact that you are willing to record and share them is a real act of trust. We built this product around that trust, not around extracting value from it.

This policy applies to everyone who uses the Àlá app on any platform, visits our website, participates in beta or early access, or contacts our support team.

By using the service, you agree to the collection and use of your information as described here. If you do not agree, please do not use the service.

We may update this policy when things change. When we make a meaningful change, we will notify you by email or in-app notification and update the date above. Continuing to use the service after that counts as acceptance.

We collect only what we need to run the service.

When you create an account, we collect your email address, your chosen username, and your password. Your password is stored as an encrypted hash. We never see the raw password and cannot retrieve it. We do not collect your real name, phone number, or address during registration unless you choose to provide them.

When you use the journaling features, we collect the dream entries you write, audio recordings you make, and the metadata you attach to them such as dates, mood tags, and visibility settings. When you request an AI interpretation, the text of that dream is sent to our AI provider. We also collect reactions, comments, and interpretations you leave on other users' content.

We collect some usage data automatically: your journaling streak, the features you use and how often, badge progress, and storage consumption. This is used to run the service and enforce plan limits, nothing else.

For technical purposes, we collect your device type, operating system version, app version, anonymised IP address, and crash logs. We do not store precise location data.

Payment details for Premium subscriptions are handled entirely by our payment processor. We only store a transaction reference and your subscription status.

If you email our support team, we store that conversation to be able to help you properly.

If you submitted your email via the beta waitlist, we have your email address and will use it only to contact you about access. Nothing else.

What we do not collect: your GPS location, your device contacts, biometric data, your browsing history outside of our service, or any data purchased from third-party data brokers.

The main thing we use your data for is running the service: logging you in, storing your journal, showing your shared content to the right audience, managing your circles, tracking streaks and badges, enforcing storage and feature limits, processing AI interpretation requests when you ask for them, and sending your scheduled wake-up reminders.

We also use aggregated, anonymised data to understand how the app is used and to improve it. We do not use identifiable dream content to train AI models.

We use your email address to send essential service notifications like account changes, security alerts, and policy updates. We respond to support requests you send us. We will only send marketing emails if you have explicitly opted in, and you can opt out at any time.

We use technical data to detect unauthorised access, block abuse, and enforce our Terms of Service.

We will never sell your personal information or dream content. We will never use your data to build advertising profiles. We will never share your email with advertisers. We will never use your private journal entries for anything other than providing the journaling feature to you. We will never share identifiable user data with AI companies for training their models.

Privacy is not a setting you have to enable on Àlá. It is the default.

Every dream you record is private until you actively choose to share it. You do not need to configure anything to keep your dreams private. That is just where they start.

Public dreams are designed to disappear. Anything shared to the public feed is permanently and automatically deleted after 72 hours. This is a hard deletion, not a hide from view. We do not keep copies of expired public dreams.

When you share publicly, only your username is associated with the post. Ultra-anonymous mode, available on the paid tier, removes even your username so posts have no visible connection to you within the platform.

We want to be honest about anonymity though. While we build for it and provide tools for it, we cannot guarantee that sharing on Àlá is completely anonymous in all circumstances. Writing patterns, content details, or context within a dream could make you recognisable to people who know you. Voice distortion reduces identification risk meaningfully but is not a perfect shield. If a dream is something you could not bear to be attributed to you under any circumstances, the safest option is to keep it private.

All dream content is stored on encrypted infrastructure. Data in transit between your device and our servers is protected by TLS. We are working toward end-to-end encryption for private journals in a future release.

We do not use advertising SDKs, tracking pixels, or behavioural profiling tools anywhere in the app.

When you request an interpretation, we send only the dream text to our AI provider. No account identifiers, no username, nothing else travels with that request.

We do not sell, rent, or trade your personal information to anyone.

The primary way your information is shared is through your own choices in the app. Private dreams go nowhere. Circle dreams go to the members of that circle. Public dreams go to all registered Àlá users for up to 72 hours.

We share limited data with a small number of service providers who help us operate the platform.

Supabase handles our database, authentication, and file storage. They process data on our behalf and are contractually prohibited from using it for their own purposes.

Anthropic processes the text of your dreams when you request an interpretation through their API. We do not send your account information alongside those requests. Anthropic does not retain the content for training under our API agreement.

Our payment processor handles subscription billing. We transmit only what is needed for the transaction.

We use anonymised crash and performance analytics that contain no identifiable information.

If required by law or a valid court order, we may disclose your information. We will tell you when this happens if we are legally permitted to. We will not hand over your data to governments or law enforcement without a valid legal process, except in cases of imminent physical harm.

If Àlá is acquired or merged with another entity, your information may transfer as part of that. We will notify you before it happens and the new entity will be bound by the commitments in this policy.

We keep your data for as long as your account is active and for as long as we have a legal reason to hold it. Here is what that looks like in practice.

Public feed dreams are permanently deleted 72 hours after posting.

Circle dreams for free users are deleted 30 days after posting unless you delete them sooner.

Circle dreams for paid users are kept until you manually delete them or close your account.

Your private journal entries are kept as long as your account is active, subject to your storage limits. When you hit your limit, the oldest entry is deleted to make room for new ones.

When you delete your account, your private content is deleted within 30 days. Public and circle content goes immediately. Your profile and username are deleted or fully anonymised within 30 days. Records of financial transactions are kept for as long as legally required.

Account deletion is permanent. We cannot restore accounts or their content after deletion.

To delete your account, use the in-app option or email us at support@alaapp.dedyn.io with the subject Account Deletion Request.

You have real control over your data. Here is what you can do.

You can request a copy of everything we hold about you. Email support@alaapp.dedyn.io with the subject Data Access Request and we will respond within 30 days.

You can correct inaccurate data. Update your username and email through your account settings. For anything else, contact us.

You can delete your data. Individual dreams can be deleted from within the app at any time. For full account deletion, see Section 6.

You can opt out of marketing communications at any time by clicking unsubscribe in any email or by contacting us directly. We cannot turn off essential service messages like security alerts and account notices because those are necessary to run the service.

If you are based in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under GDPR: the right to object to processing, the right to withdraw consent where processing is based on consent, and the right to lodge a complaint with your local data protection authority.

If you are a California resident, you have rights under CCPA including the right to know what data we hold, the right to delete it, and the right not to be discriminated against for exercising your rights. We do not sell personal data, which satisfies the opt-out right.

For any privacy request, email support@alaapp.dedyn.io with a clear description of what you need. We may ask you to verify your identity before processing certain requests.

We use encryption in transit and at rest. Passwords are stored as salted cryptographic hashes. Authentication is built on Supabase Auth which protects against common attack vectors. We maintain current security patches and updates across all infrastructure.

Access to user data is limited to people who need it to operate the service. Everyone with access to production systems is under confidentiality obligations.

In the event of a breach that is likely to affect your data, we will notify you by email within 72 hours of confirming it. We will tell you what happened, what data was affected, and what we are doing about it.

No system is completely secure and we cannot guarantee absolute protection. By using the service you acknowledge that inherent risk.

If you suspect unauthorised access to your account, change your password immediately and contact us at support@alaapp.dedyn.io.

Àlá relies on infrastructure providers, primarily Supabase, that operate across multiple geographic locations. Your data may be stored or processed in countries other than where you live.

When this happens, we ensure appropriate safeguards are in place through our data processing agreements with those providers, including Standard Contractual Clauses where required for transfers from the EEA.

If you have questions about this, contact us at support@alaapp.dedyn.io.

Our website uses session cookies to maintain your login state and preference cookies to remember certain settings. We do not use advertising cookies or any cookies from ad networks.

The mobile app does not use browser cookies. It uses local device storage for your session token and app preferences. It uses device identifiers for authentication. It uses anonymised analytics to understand app performance.

We do not use advertising SDKs, behavioural tracking libraries, or social media tracking pixels anywhere in the app or website.

You can clear cookies through your browser settings. Clearing session cookies will log you out. You can clear app data through your device settings, which will also log you out.

Àlá does not track you. Our default behaviour is already consistent with Do Not Track preferences.

Àlá is not for children under 13. We do not knowingly collect information from anyone under 13. If you are under 13, please do not use the service.

Users between 13 and 17 should have a parent or guardian who is aware they are using the service and has reviewed these terms with them.

If we discover we have collected information from a child under 13, we will delete it and close the associated account immediately.

If you are a parent or guardian and believe your child under 13 has created an account, contact us at support@alaapp.dedyn.io with the subject Child Privacy Concern and we will act on it promptly.

We have a zero-tolerance policy for any sexual content involving minors. Any such content results in immediate account closure and a report to the relevant authorities.

The service may link to external sites or services we do not control. We are not responsible for their privacy practices. We recommend checking the privacy policy of any external service you use.

The key services we rely on and their privacy policies:

Supabase handles database, authentication, and storage. See supabase.com/privacy.

Anthropic processes AI interpretations. See anthropic.com/privacy.

Our payment processor handles billing. Specific provider information is shown in the app at the point of payment.

If you have questions about this policy, your data, or our privacy practices, get in touch.

General privacy questions and data requests: support@alaapp.dedyn.io with Privacy Request in the subject line.

Security issues: support@alaapp.dedyn.io with Security Issue in the subject line.

Child safety concerns: support@alaapp.dedyn.io with Child Privacy Concern in the subject line.

We aim to respond to general questions within 48 business hours and to formal data requests within 30 days.

Àlá App is the data controller for the personal data described in this policy. We are currently operating as an independent unincorporated entity. Contact details are listed above.

For EEA users: if you are not satisfied with our response to a privacy complaint, you have the right to contact your national data protection authority.

Thank you for trusting us with something as personal as your dreams.