Skip to main content
Dreamspoken Dreamspoken
AI Dream Interpretation Dream Journal
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
All Dream Types → › Nightmares › Lucid Dreams › Recurring Dreams › Prophetic Dreams
All Traditions → › Islamic Dream Interpretation › Christian Dream Interpretation › Jewish Dream Traditions › Hindu Dream Symbolism › Buddhist Dream Interpretation › Native American Dream Wisdom › African Dream Traditions › Chinese Dream Analysis
Books
› About Us › Methodology › Disclaimer
Sign In Create Account

Privacy Policy

Privacy Policy for Dreamspoken. How Growthpaca GmbH collects, uses, and protects your personal data — including user accounts, AI dream interpretations, and payment processing — in accordance with GDPR.

1. Controller

The controller responsible for data processing is:

Growthpaca GmbH, Blankenburger Str. 67, 13156 Berlin, Germany

Email: [email protected]

2. General Principles

We process personal data based on the following principles:

  • Data minimization: We only collect data that is technically or legally necessary.
  • Purpose limitation: Data is only used for the specific purpose for which it was collected.
  • Storage limitation: Data is not stored longer than necessary.
  • Transparency: We explain clearly what data we process and why.

3. Accessing the Website (Server Log Files)

When you visit our website, the hosting provider automatically collects and stores certain information in so-called server log files. This may include:

  • IP address (in technically required form)
  • Date and time of access
  • Requested page or file
  • Browser type and version
  • Operating system
  • Referrer URL

This data is processed to ensure the technical operation and security of the website, to detect and prevent abuse or attacks, and to troubleshoot technical problems.

Legal basis: Article 6(1)(f) GDPR (legitimate interest in secure and reliable operation of the website)

The log data is not merged with other data sources and is not used to identify individual visitors.

4. Hosting

This website is hosted by Cloudways. Server location: Frankfurt, Germany (European Union).

All data is processed on servers located within the EU.

We have concluded a data processing agreement (DPA) with the hosting provider in accordance with Article 28 GDPR.

5. User Accounts

When you create an account on Dreamspoken, we collect and store the following personal data:

  • Your name
  • Your email address
  • A securely hashed version of your password (we never store passwords in plain text)
  • Account creation date

This data is necessary to create and maintain your user account, authenticate you when you log in, and provide you with access to account-based features such as your dream journal and AI dream interpretations.

Legal basis: Article 6(1)(b) GDPR (performance of a contract — providing the service you signed up for)

You may update or delete your account at any time through your account settings. Upon account deletion, all associated personal data, dream journal entries, and AI interpretations will be permanently removed from our systems, unless retention is required by law.

6. User Content (Dream Journal & AI Interpretations)

When you use Dreamspoken's account features, you may create and store the following content:

  • Dream journal entries (title, description, date, emotions, tags, and other metadata)
  • AI dream interpretations (your dream description, contextual information you provide, and the generated interpretation)

This content is stored on our servers in the EU and is associated with your user account. It is only accessible to you and is not shared with other users or third parties, except as described in Section 7 (AI Processing).

Legal basis: Article 6(1)(b) GDPR (performance of a contract)

You may view, edit, and delete your content at any time through your account.

7. AI Dream Interpretation (Third-Party AI Processing)

When you request an AI dream interpretation, the following data is sent to a third-party AI provider for processing:

  • Your dream description
  • Any additional context you provide (emotions, symbols, personal context)
  • Your selected interpretation focus (e.g., psychological, spiritual, practical)

The following data is NOT sent to the AI provider:

  • Your name
  • Your email address
  • Your account ID or any other personally identifiable information

We currently use OpenAI as our AI provider. Data sent to OpenAI is processed on their servers, which may be located outside the EU (including the United States). We rely on appropriate safeguards in accordance with Chapter V of the GDPR, including Standard Contractual Clauses (SCCs) and data processing agreements.

The AI provider does not use your data to train their models when accessed through their API under a commercial agreement.

Legal basis: Article 6(1)(b) GDPR (performance of a contract — providing the interpretation service you requested)

8. Cookies

This website uses the following types of cookies:

Strictly Necessary Cookies

These cookies are required for the website to function and cannot be switched off. They include:

  • Session cookies for authentication (keeping you logged in)
  • CSRF protection cookies (security against cross-site request forgery)

Legal basis: Article 6(1)(f) GDPR (legitimate interest in providing a functional and secure website)

Advertising & Analytics Cookies (Consent-Based)

We may use cookies from third-party advertising and analytics services to measure the effectiveness of our advertising campaigns and to understand how visitors interact with our website. These may include:

  • Google Ads / Google Analytics (conversion tracking, remarketing)
  • Meta Pixel (Facebook/Instagram advertising measurement)
  • TikTok Pixel (advertising measurement)

These cookies are only set with your explicit consent. You can manage your preferences at any time through our cookie consent banner.

Legal basis: Article 6(1)(a) GDPR (consent)

When these services are active, data may be transferred to servers in the United States. We rely on appropriate safeguards in accordance with Chapter V of the GDPR.

9. Web Analytics (Matomo, Self-Hosted, Cookieless)

We use Matomo Analytics in a self-hosted configuration on our own server.

Important characteristics:

  • No cookies are used by Matomo
  • No tracking across websites
  • No user profiles are created
  • IP addresses are anonymized (last two octets removed)
  • No personal data is used to identify individual visitors

The analytics data is used exclusively to understand how the website is used in general, which pages are visited most often, and how we can improve the content and structure.

Legal basis: Article 6(1)(f) GDPR (legitimate interest in improving and operating this website)

Because Matomo is configured in a privacy-friendly, cookieless and anonymized way, no consent is required under current EU guidance.

10. Payment Processing (Paddle)

If you purchase a subscription or paid service, payments are processed through Paddle.com Market Limited ("Paddle"). Paddle acts as the Merchant of Record for all purchases.

This means Paddle is the legal seller of record for your purchase. Paddle is an independent data controller for the payment and transaction data it collects and processes as Merchant of Record, including:

  • Payment method details (credit card, debit card, PayPal, etc.)
  • Billing address
  • Transaction history and subscription status
  • Sales tax and VAT information
  • Fraud prevention and dispute data
  • Customer support interactions related to payments

As Merchant of Record, Paddle handles tax compliance, fraud prevention, payment dispute resolution, and payment-related customer support.

We do not store or have access to your full payment method details. We receive confirmation of your subscription status, transaction IDs, and basic billing information necessary to manage your account and provide you with access to paid features.

Paddle may install cookies on your device for fraud prevention and payment processing purposes. For more information about how Paddle processes your data, please refer to Paddle's Privacy Policy at paddle.com/legal/privacy.

Legal basis: Article 6(1)(b) GDPR (performance of a contract)

11. Contact by Email

If you contact us by email, we will process the data you provide (e.g. your email address and the content of your message) solely for the purpose of handling your request.

Legal basis: Article 6(1)(b) GDPR (processing necessary to respond to your request) and/or Article 6(1)(f) GDPR (legitimate interest in communication)

Your data will be deleted once your request has been fully processed, unless legal retention obligations apply.

12. Data Sharing

We do not sell, rent, or share personal data with third parties for marketing or profiling purposes.

Data is only shared with third parties in the following cases:

  • Hosting provider (Cloudways) — for technical operation of the website
  • AI provider (OpenAI) — for processing dream interpretations (without personally identifiable data)
  • Payment processor (Paddle) — for processing payments, acting as Merchant of Record
  • Advertising platforms (Google, Meta, TikTok) — only with your consent, for conversion tracking and campaign measurement
  • When legally required (e.g., by court order or regulatory obligation)

13. Data Retention

We store personal data only as long as necessary:

  • Account data (name, email): until you delete your account
  • Dream journal entries: until you delete them or delete your account
  • AI interpretations: until you delete them or delete your account
  • Server logs: according to technical and security requirements (typically 30 days)
  • Contact emails: until the request is resolved
  • Payment and billing records: up to 10 years after the end of the business relationship, as required by German tax and commercial law (§ 147 AO, § 257 HGB)

14. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR) — request a copy of your personal data
  • Right to rectification (Art. 16 GDPR) — correct inaccurate data
  • Right to erasure (Art. 17 GDPR) — request deletion of your data
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR) — receive your data in a portable format
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR) — for consent-based processing such as advertising cookies

You can exercise most of these rights directly through your account settings (e.g., editing your profile, deleting dreams, or deleting your account).

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence or place of work.

15. Right to Object

If we process your data based on Article 6(1)(f) GDPR (legitimate interest), you have the right to object to this processing for reasons arising from your particular situation.

16. Data Security

We take appropriate technical and organizational measures to protect your data against unauthorized access, loss, destruction, or manipulation. These include:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure password hashing (bcrypt)
  • Access controls and authentication
  • Regular security updates
  • Server-side firewalls and intrusion detection

17. No External Data Protection Officer

We are not legally required to appoint an external data protection officer.

18. Children's Privacy

Dreamspoken is not intended for children under the age of 18. We do not knowingly collect personal data from children under 18. If you are under 18, please do not create an account or provide any personal data. If we become aware that we have collected data from a child under 18, we will delete the account and associated data promptly.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or organizational changes.

The current version published on this page is the applicable version. For registered users, we will notify significant changes via email or in-app notification.

20. Contact

If you have any questions about this Privacy Policy or about how we process personal data, please contact:

[email protected]