Privacy Policy
Last updated: 3 May 2026The short version. Your dreams are yours. We collect the minimum data needed to give you AI interpretations and remember your account. Audio recordings auto-delete after 30 days. You can delete your entire account from inside the app, in two taps, at any time.
1. Who we are
Noctura ("we", "us", "the app") is an AI-assisted dream-journaling iOS app. This policy describes what information we collect when you use the app, why we collect it, who we share it with, and the rights you have over it.
If you have questions about this policy or want to exercise any of the rights described below, contact us at lkmcelik@hotmail.com.
2. What we collect
Account data
When you create an account, we store:
- Email address. Used to identify your account, send a one-time password-reset code if requested, and contact you about important changes (we do not send marketing email).
- Display name (optional). Provided directly by you, or by Apple / Google if you sign in with those providers.
- Authentication identifier from Apple, Google, or our email provider — used to verify it's you on subsequent sign-ins.
- Preferences you set during onboarding: preferred interface language, preferred interpretation style, optional birth date, timezone.
Dream content
The core of the service. When you record or type a dream, we store:
- The dream text (typed by you, or transcribed from your audio).
- The audio recording, if you used voice mode. Stored in private cloud storage that only your account can access.
- The AI-generated interpretations (one per requested lens — Islamic, psychological, spiritual).
- Metadata you add: title, mood, tags, favourite flag, timestamp.
Subscription & device data
- Subscription status (active / trialing / cancelled / expired) — written by Apple's App Store Server when your subscription state changes. We do not see your credit card number; Apple handles payment.
- Push notification token — only if you opt in to morning reminders. Stored per device.
- Device timezone — to deliver the morning reminder at 8 AM your local time.
Diagnostic data
If the app encounters an error, we may log a sanitized event to help us diagnose it. This log is automatically stripped of dream content, audio paths, transcripts, passwords, OTP codes, and authentication tokens before it is stored. Diagnostic logs are auto-deleted after 30–90 days.
3. What we do not collect
- We do not run advertising trackers.
- We do not sell your data, ever.
- We do not share your dreams or interpretations with anyone outside the processors listed below — and even those processors only see the slice of data they need to do their narrow job.
- We do not access your contacts, calendar, photos, location, or any other system data the app does not need.
4. Third parties who process your data on our behalf
We use a small set of vendors to operate the service. Each acts as a "data processor" — they handle data on our instructions, only for the purpose described.
| Processor | Role | What they see |
|---|---|---|
| Supabase Inc. (USA) | Database, file storage, authentication, server functions. | Everything stored on our backend. Encrypted in transit and at rest. |
| Anthropic PBC (USA) | Generates the dream interpretations using its Claude AI model. | The dream text only — sent at request time, not retained by Anthropic for model training (per their zero-retention API terms for production traffic). |
| OpenAI L.L.C. (USA) | Transcribes voice recordings to text using its Whisper model. | The audio file only — sent at request time, not retained by OpenAI for model training. |
| Apple Inc. (USA) | App Store distribution, subscription billing, push notification delivery, optional Sign in with Apple. | Subscription transaction details and (optional) hashed Apple ID. Apple does not receive your dreams. |
| Google LLC (USA) | Optional Google Sign-In. | Only the identity assertion that proves you control the Google account. Used at sign-in only; not on every request. Google does not receive your dreams. |
5. How long we keep things
| Data | Retention |
|---|---|
| Audio recordings | 30 days max, then auto-deleted by a daily cleanup job. The dream's transcript and interpretations remain. |
| Dream text, interpretations, patterns, tags, moods | Until you delete the dream, or until you delete your account. |
| Account profile | Until you delete your account. |
| Subscription history | Until your account is deleted (anonymized aggregates may persist). |
| Diagnostic logs | Auto-deleted after 30 days (resolved) or 90 days (unresolved). |
| Push notification token | Until you turn off morning reminders or sign out. |
6. Your rights
Access
Every dream, interpretation, and pattern you've ever generated is visible to you in the app (Journal and Patterns tabs). There is nothing about your dream history we hold back from your own view.
Deletion
You can delete your entire account from inside the app, in two taps: Me tab → Danger Zone → Delete Account. Once you confirm, we permanently and irrecoverably remove your profile, dreams, interpretations, patterns, audio recordings, subscription record, and push notification tokens. We cannot recover deleted data — please export anything you want to keep first.
If for any reason you cannot reach the in-app flow (e.g., you've lost access to the device), see the public account deletion instructions.
Note about your subscription: deleting your account does not automatically cancel your App Store subscription. Apple controls subscription billing. To stop being billed, cancel separately via Settings → Apple ID → Subscriptions on your iPhone, or at apps.apple.com/account/subscriptions.
Correction
You can edit your display name, preferred language, interpretation style, and timezone at any time from the Me tab. Email-on-file changes happen via the auth provider (Apple ID, Google account, or password reset for email accounts).
Export
We don't yet provide a one-click export. If you want a copy of your data, contact us at lkmcelik@hotmail.com from the email on file and we'll send you a JSON archive.
Withdrawing consent
You can revoke microphone access and push notifications at any time from iOS Settings → Noctura. The app continues to work without them (you can type instead of recording; you can revisit your journal without reminders).
Complaint
You have the right to lodge a complaint with your local data-protection authority if you believe we are mishandling your data. We'd appreciate the chance to address concerns directly first — please reach us at lkmcelik@hotmail.com.
7. AI-specific disclosures
When you tap "Interpret":
- If your dream came in via voice, the audio file is sent to OpenAI Whisper for transcription. The audio file plus the transcript come back to our backend.
- The dream text (yours or transcribed) is then sent to Anthropic's Claude three times in parallel — once for each of the three interpretation lenses. Each call is independent; each returns a free-text interpretation.
- Both vendors operate under "zero-retention" agreements for production API traffic, meaning they do not store your text or audio after the request completes, and do not use it to train future models.
- The returned interpretations are stored in your Supabase row only. They never become training data for us or anyone else.
AI interpretations are generated by statistical models. They may contain mistakes, miss nuance, or describe motifs in ways you disagree with. They are not medical advice, not religious guidance, and not therapeutic counsel — they are reflective prompts. Use them for self-exploration, not decisions that need a professional.
8. Children
Noctura is not directed at children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe a child has created an account, please contact us and we will delete it.
9. International transfers
Our backend is hosted in the United States. By using Noctura you consent to your data being transferred to and processed in the United States and the other locations our processors operate in. We rely on Standard Contractual Clauses or equivalent safeguards where required.
10. Security
Data is encrypted in transit (HTTPS / TLS 1.2+) and at rest. Access to the production database is restricted to the operator and a service-role key that lives only on our backend — it never touches the iPhone app. Each user's dreams are protected by row-level security policies, so even other authenticated users cannot read your records.
No system is perfectly secure. If a breach occurs that affects your data, we will notify you by email within 72 hours of becoming aware of it.
11. Changes to this policy
If we materially change how we collect, share, or retain your data, we'll update this page and bump the "Last updated" date at the top. For significant changes, we'll also notify you in-app or by email.
12. Contact
Privacy questions, deletion requests, GDPR / CCPA requests, or anything else: