Privacy Policy

Last updated: March 27, 2026

The short version

Dreamtime is built so we can never access your content. Recording, transcription, and processing happen on your device. We run no servers that hold your dreams. We do not collect personal information. We do not track you. This is our policy, and it is how the app is built.

This Policy covers the Dreamtime iOS app and the Dreamtime website at dreamtimeapp.com. Where a section applies only to one surface, it says so.

1. Who we are

Dreamtime is made by Plutonian LLC, a California limited liability company. In this Policy, “we,” “us,” and “our” mean Plutonian LLC. “You” and “your” mean the person using the app or the website.

2. What Dreamtime does

Dreamtime records and transcribes spoken dreams. It can run through the night, or whenever you start it. When you wake and speak, the app captures the audio, separates it into distinct dream blocks, and transcribes each one on-device. The result — paired audio and text, organized and searchable — stays on your device. You can export everything at any time.

We have no part in this process other than writing the code that runs on your phone. No audio, no transcript, and no metadata is transmitted to us.

3. What’s collected, where

3.1 On your device (App)

The following is created, processed, and stored on your device:

  • Audio recordings captured during your sessions.
  • Transcripts generated by on-device speech recognition.
  • Session metadata — timestamps, durations, dates, titles.
  • Search indexes built locally for keyword and semantic search.
  • App preferences and settings.

None of it is transmitted to us. If you turn on iCloud sync, your data moves between your own devices and your own iCloud account through Apple — we are not in that path. Details in Section 4.

We have no technical means to access, read, or retrieve any of it. There is no server endpoint, no API call, no analytics pipeline.

3.2 On the website (dreamtimeapp.com)

The website does not run analytics, tracking pixels, fingerprinting, or any third-party scripts. Fonts are served from our own infrastructure (no Google Fonts call).

It stores only functional preferences you set yourself, used solely to remember those choices — never to track or profile you, never shared, first-party only:

  • dreamtime.theme (local storage) — your light/dark/system appearance choice.
  • dreamtime.country (local storage and a cookie of the same name) — written only when you explicitly pick a country in the website’s location selector, so we can show prices in your local currency and remember that choice on your next visit. It is not set unless you make that choice.

To show local pricing on first visit before you have made any choice, we display the price for the country Cloudflare derives from your IP address at the edge. This country is used only to render the price for that request; it is not stored, not logged by us, and not used to identify you. You can always override it with the location selector.

Standard request information — IP address, User-Agent, requested URL, timing — passes through Cloudflare, our hosting and CDN provider, on every request. Cloudflare retains short-term request logs as part of providing edge service; we do not extend, persist, or read those logs.

The contact form at /contact is the website’s only personal-data collection surface. See §7 (sub-processors) and §8.1 (support requests).

4. iCloud sync (optional)

If you turn on iCloud sync, your dreams move between your Apple devices through Apple’s CloudKit service. The sync runs between your devices and Apple’s infrastructure. We operate no intermediary server.

Text and metadata are end-to-end encrypted. Transcripts, titles, dates, and all structured data are stored using CloudKit’s encrypted-fields API. Apple cannot read this content. This protection is automatic and applies regardless of your iCloud settings.

Audio uses a different protection model by default. Audio recordings are stored as standard CloudKit assets in your private iCloud container. They are encrypted in transit and at rest, but Apple holds the encryption keys. To make audio recordings end-to-end encrypted as well, turn on Advanced Data Protection in Settings → [your name] → iCloud → Advanced Data Protection. We recommend enabling it.

We have no ability to access any iCloud data — text, audio, or metadata — under any configuration.

For how Apple handles iCloud data, see Apple’s iCloud security overview.

If you delete the app, your iCloud data is not deleted automatically. You can remove it in Settings → [your name] → iCloud → Manage Account Storage → Dreamtime.

5. Information we do not collect (App)

The statements in this section apply to your use of the iOS App. The website’s data-handling, including the technical signals processed by Cloudflare’s edge and the Turnstile widget on the contact form, is described in §3.2 and §7.

To be explicit:

  • We do not collect your name, email address, phone number, or any contact information (unless you reach out — see Section 8).
  • We do not collect device identifiers or location data.
  • We do not collect or store IP addresses.
  • We do not collect usage analytics or telemetry.
  • We do not use cookies, tracking pixels, or fingerprinting.
  • We do not collect health data, biometric data, or sleep metrics.
  • We do not record, access, or process your audio on any server.
  • We do not use your data to train machine learning models.
  • We do not sell, share, rent, or disclose personal information to anyone, because we do not have any.

Our subscription entitlement service (RevenueCat) and, if you turn it on, our crash reporter (Sentry) receive IP addresses as part of standard network requests. They use them for rate-limiting and fraud prevention. They are not tied to your identity, and we never see them. We configure Sentry so that IP addresses, user identifiers, and device-PII are not attached to crash reports — see Section 8.3 for the full set of limits.

6. Subscriptions and payments

Subscriptions run through Apple’s App Store. Apple is the seller of record and processes payment. To know whether your subscription is active and to keep that state in sync across your Apple devices, the app uses RevenueCat as a subscription entitlement service — it validates Apple’s receipts and tracks entitlement state. RevenueCat does not handle payment.

Through RevenueCat, we receive only:

  • An anonymous, app-specific identifier (not your Apple ID or email).
  • Which subscription product you purchased.
  • Subscription status (active, expired, trial, renewal intent).
  • Purchase and expiration dates.

We do not receive your name, email address, payment method, or any other personally identifiable information from Apple or RevenueCat. RevenueCat uses this anonymized data only to manage entitlements.

No account is required to use Dreamtime.

7. Third-party services

Dreamtime uses a small number of third-party services. The “Surface” column indicates whether a provider is involved with the App, the website, or both.

Name Surface Purpose Data User control Entity country
Apple Inc. App App Store subscription billing — Apple is seller of record and processes payment Subscription transaction details Apple ID settings United States
Apple Inc. App iCloud sync via CloudKit (optional) Your dream data when iCloud sync is on. Text and metadata are end-to-end encrypted; audio is E2E only with Advanced Data Protection. We have no access. See §4 Sync toggle in Settings United States
RevenueCat, Inc. App Subscription entitlement service — validates Apple’s receipts and tracks entitlement state Anonymous app-specific identifier and subscription status None United States
Functional Software, Inc. (Sentry) App Crash reporting (optional, off by default) See §8.3 for details. Settings → Privacy & Security → Help Improve Dreamtime United States
Cloudflare, Inc. Website Web hosting Standard request data: IP, User-Agent, URL. None United States
Resend, Inc. Website Transactional email delivery for the contact form Your message (name, email, subject, body) in transit; we keep no copy beyond the resulting email Contact via the form United States

Crash report content is filtered by an on-device scrubber before transmission — see §8.3 for the full enumeration.

Dreamtime does not integrate advertising networks, analytics SDKs, social SDKs, or usage tracking.

Dreamtime does not use third-party cloud AI or transcription services.

Dreamtime uses open-source libraries for on-device functionality. They are listed in the app under Settings → Legal → Licenses. None of them transmit data off your device.

All trademarks referenced are the property of their respective owners.

8. Information you voluntarily share with us

Everything in this section is opt-in. We receive nothing unless you choose to send it.

8.1 Support requests

If you write to us, we receive whatever you include in your message — typically your email address and the question. We use it to reply. We do not add your email to any mailing list, marketing database, or third-party service. We retain support correspondence only as long as needed to resolve your issue.

When you write to us through the contact form at /contact, the form is protected by Cloudflare Turnstile (bot mitigation; signals only, no message content). Your message is delivered via Resend, which sees it in transit to our inbox. We do not store messages anywhere besides the resulting email.

8.2 Diagnostic export

The app includes an optional diagnostic export (Settings → Technical → Export Diagnostics) that bundles device information, app logs, and recent crash records so you can send them to us for troubleshooting. It does not include transcripts, audio, or dream content. You start the export manually and choose how to send it. We use it only to identify and resolve the issue, then delete it.

8.3 Crash reporting (off by default)

Crash reporting is off by default. You can turn it on in Settings → Privacy & Security → Help Improve Dreamtime if you’d like to help us catch and fix issues. Turn it off at any time in the same place; the change takes effect on the next event.

When enabled, we use Sentry (operated by Functional Software, Inc.) to receive automated reports, under the limits described below.

What may be sent

  • Crash stack traces captured by the operating system.
  • App-hang reports when the main thread freezes for two seconds or more, with the corresponding stack trace.
  • Authored error events from known code paths. Each carries only a fixed code we wrote (for example, ui.session_delete_failed), a category from a closed list (for example, persistence, recording, subscription), a Swift error type name, and a severity. No free-form description.
  • Up to 100 breadcrumbs leading to the event. Each breadcrumb message is one of those same authored codes, not free-form text.

What is never sent

  • Audio, transcripts, titles, notes, dream content of any kind.
  • Your name, email, phone number, account, or any user identifier. We do not attach a user to reports, and there is no account system to attach.
  • IP addresses on the report itself. Sentry’s default PII attachment is disabled (sendDefaultPii: false).
  • Screenshots, view-hierarchy dumps, tap and gesture traces, session pings, performance traces, profiling, and SDK logs — all disabled at the SDK level.

On-device scrubber. Before any event leaves your device, an on-device scrubber runs on every event and every breadcrumb. Among other rules, it drops any message longer than 200 characters; zeroes any user object; redacts values stored under keys like transcript, title, note, content, text, dream, or body; and masks email addresses, phone-shaped numbers, and file paths in any remaining string field. The scrubber runs twice — once when the report is built, again at the SDK boundary — so a stale unsanitized field cannot ride along.

For how Sentry handles reports once received, see Sentry’s privacy policy.

9. Children’s privacy

We do not collect personal information from any user, regardless of age. Because there is no account creation, no data collection, and no server-side storage of user content, there is no mechanism by which we could knowingly or unknowingly collect data from children. The app’s age rating and any parental restrictions are managed by Apple through the App Store and device-level parental controls.

10. California (CCPA / CPRA)

California residents have the right to know, delete, correct, opt out of the sale or sharing of personal information, and limit the use of sensitive personal information.

Because we do not collect, store, or process personal information on our systems, these rights are inherently satisfied. We have nothing to disclose, delete, correct, or stop selling, because we hold nothing.

We do not sell or share personal information. We do not use personal information for targeted advertising or profiling. We do not use sensitive personal information for any inferred purpose.

To exercise any right or ask a question, use the contact form.

11. European Economic Area and United Kingdom (GDPR / UK GDPR)

Controller. Plutonian LLC, California, United States. We act as controller only for the limited data described in this policy — namely, support correspondence you send us, and, if you turn it on, anonymous crash reports.

Lawful basis. We process support correspondence on the basis of legitimate interest (responding to you) or, where applicable, your consent. Crash reporting, when enabled, is processed on the basis of your explicit, granular, opt-in consent (Section 8.3). Withdrawal is one tap, in the same setting, and takes effect on the next event. Subscription validation runs under contract performance, handled by Apple and RevenueCat. We do not process any dream content — it never leaves your device or your iCloud account.

Your rights. Access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent. You also have the right to lodge a complaint with your local supervisory authority (in the UK, the ICO; in the EU, your member-state DPA).

Because we do not collect personal data on our systems, most of these rights are inherently satisfied: we have nothing to access, rectify, or erase. Where you have shared something with us voluntarily (a support email, for instance), we will honour the request on receipt.

International transfers. We receive no personal data from you in normal use, so there are no transfers to consider. iCloud transfers occur between you and Apple under Apple’s own terms.

EU/UK representative. Because we do not process personal data of EU or UK data subjects through any monitoring or large-scale offering on our systems, an Article 27 representative is not required. We will revisit this if our processing ever changes.

12. Brazil (LGPD)

Controller. Plutonian LLC, California, United States.

Lawful basis. Support correspondence is processed under legitimate interest (legítimo interesse). Crash reporting, when enabled, is processed under your consent (consentimento). Subscription validation runs under contract execution, handled by Apple and RevenueCat.

Your rights. Confirmation of processing, access, correction, anonymisation or deletion of unnecessary data, portability, information about third parties with whom your data is shared, information about the consequences of refusing consent, and revocation of consent. You may also file a complaint with the Autoridade Nacional de Proteção de Dados (ANPD).

Because we hold no personal data on our systems, these rights are satisfied by our architecture. Where you have shared something with us voluntarily, we will honour the request on receipt.

13. Other jurisdictions

Dreamtime is available in many countries. If you are covered by laws such as Quebec’s Law 25, Switzerland’s nFADP, Australia’s Privacy Act, Japan’s APPI, South Korea’s PIPA, Canada’s PIPEDA, or similar regimes, the same principle applies: we do not collect or process your personal data on our systems. Your dream data lives on your device and, optionally, in your own iCloud account, both under your control. Rights to know, correct, delete, or restrict — and any analogous local rights — are inherently satisfied because we hold nothing to act on.

Where local law requires us to name something specific (a controller, a basis, a transfer mechanism), the information in Sections 1, 11, and 12 applies.

14. Data export and deletion

Your data is yours. At any time, you can:

  • Back up everything in one action — transcripts, metadata, and audio — using Settings → Back Up All Data.
  • Export individual dreams as Markdown, plain text, or audio.
  • Delete individual dreams or all data from inside the app.
  • Remove iCloud data through your device’s iCloud storage settings.
  • Delete the app, which removes all local data from your device.

We cannot delete your data for you because we do not have it. Deleting the app removes all locally stored recordings, transcripts, and settings. iCloud data must be removed separately through Apple’s settings.

Your archive is yours. We use open, standard file formats — JSON for text and metadata, M4A for audio. Nothing proprietary, nothing tied to us. What you’ve captured should outlast any single app, ours included.

15. Security

Because your data does not leave your device (except to your own iCloud account), the security boundary is your device itself. We recommend:

  • Enabling Face ID or a passcode on your device.
  • Enabling Face ID protection within Dreamtime (in Settings).
  • Turning on Apple’s Advanced Data Protection for end-to-end iCloud encryption, including audio.
  • Keeping iOS up to date.

Dreamtime makes no internet requests except for iCloud sync (to your own account), App Store subscription validation (handled by Apple), entitlement-status checks with RevenueCat (anonymous app-specific identifier only), and — only if you turn it on — anonymous crash reports to Sentry. There is no server of ours to breach because there is no server of ours.

16. Microphone usage

Dreamtime needs microphone access to record. The microphone is active only during a session you have started. Audio is processed and stored on your device. Nothing is streamed, uploaded, or transmitted.

You can revoke microphone access at any time in your device’s Settings → Dreamtime → Microphone. Without it, the app cannot record but will still let you review and export existing dreams.

17. Changes to this policy

We may update this policy from time to time. If we make material changes, we will let you know inside the app. The “Last updated” date at the top reflects the most recent revision. Prior versions remain available — see Version history at the bottom of this page.

Because we don’t hold your email address (unless you have contacted us), we cannot notify you by email. The current version is always at dreamtimeapp.com/privacy.

© 2026 Plutonian LLC. All rights reserved.

Version history

Questions?

We read every message and respond personally.

Contact us

We don't add the addresses you write us from to any list, and we don't share them.