1. Introduction
Welcome to Slumbee, a dream-journal and social platform operated by STAIM CORP. (“we,” “us,” or “our”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Slumbee mobile application (“App”) and related services, including dream journaling, AI-generated interpretations, community spaces, and friend connections.
By using Slumbee, you agree to the terms described here. If you do not agree, please discontinue use of the App.
2. Information We Collect
We collect information to deliver the App, personalize your experience, and keep the platform safe. Below is a complete list of data categories, purposes, and lawful bases.
2.1 Information You Provide
Account Information
Name, email address, login credentials, and optional profile picture or bio.
- Purpose: Account creation and authentication
- Lawful Basis: Contract performance
Dream Entries
Text, mood, tags, and optional media you submit to your personal dream journal.
- Purpose: Core service delivery
- Lawful Basis: Contract performance
Voice Recordings
Audio recordings for dream dictation, transcribed locally.
- Purpose: Dream entry creation
- Lawful Basis: Consent
AI Interpretation Inputs
Dream content sent to AI providers for analysis.
- Purpose: Dream interpretation feature
- Lawful Basis: Consent (opt-in required)
Community & Social Data
Posts, comments, friend connections, reactions, and any public content you share.
- Purpose: Social features
- Lawful Basis: Contract performance
Support Requests
Information you provide when contacting us for help or feedback.
- Purpose: Customer support
- Lawful Basis: Legitimate interest
2.2 Automatically Collected Data
Device Information
Device model, operating system version, app version, and general region (no precise GPS).
- Purpose: App functionality and compatibility
- Lawful Basis: Legitimate interest
Device Identifiers
A semi-persistent device fingerprint generated from device characteristics for session management and security. This helps us detect unusual account activity.
- Purpose: Security and multi-device session management
- Lawful Basis: Legitimate interest
Usage Analytics (opt-in)
Interactions within the App, session length, feature usage via Firebase Analytics.
- Purpose: Service improvement
- Lawful Basis: Consent
Crash Reports (opt-in)
Error logs and stack traces via Sentry. Dream content is automatically filtered from crash reports.
- Purpose: Bug fixing
- Lawful Basis: Consent
Push Notification Tokens
Firebase Cloud Messaging tokens.
- Purpose: Notification delivery
- Lawful Basis: Consent
App Usage Patterns
If you enable notifications, we may learn your typical morning app usage times (between 5am-11am) to optimize reminder scheduling. No precise wake times are stored or shared.
- Purpose: Notification timing optimization
- Lawful Basis: Legitimate interest
2.3 Third-Party Sign-In Information
Google Sign-In / Apple Sign-In
Name, email address, and profile image as permitted by those services. We never store your password from those providers.
- Purpose: Authentication
- Lawful Basis: Contract performance
3. Lawful Bases for Processing
We process your data under the following lawful bases:
- Contract Performance: Essential services you signed up for (dream journaling, account management).
- Consent: Optional features like analytics, crash reporting, AI analysis, and marketing communications. You can withdraw consent at any time in Settings > Privacy.
- Legitimate Interest: Service improvement, security, and fraud prevention, balanced against your privacy rights.
- Legal Obligation: When required by law or to protect our legal rights.
4. How We Use Your Information
We process your information to:
- Provide and maintain dream journaling, AI interpretations, and community features.
- Personalize your experience, including friend suggestions and recommended communities (with consent).
- Deliver AI-based interpretations using OpenAI and Google Gemini APIs (with consent).
- Improve performance, fix bugs, and enhance usability (with consent for analytics).
- Communicate updates, respond to feedback, and provide support.
- Ensure compliance, safety, and fraud prevention.
We never sell your data. We do not share data for targeted advertising.
5. Third-Party Service Providers
We share data with the following service providers. Each operates under data processing agreements compliant with GDPR and CCPA:
5.1 Essential Services
| Provider | Data Shared | Retention |
|---|---|---|
| Firebase (Google LLC, USA) | Account data, dream entries, images | Until account deletion |
| Google Sign-In / Apple Sign-In | Email, name, profile image | Session only |
5.2 AI Processing (Opt-In)
| Provider | Data Shared | Retention |
|---|---|---|
| OpenAI LLC (USA) | Dream title, description, mood, tags (no user identity) | Per OpenAI policy (30 days for inputs) |
| Google Gemini (Google LLC, USA) | Dream description converted to image prompt | Per Google policy |
5.3 Analytics & Monitoring (Opt-In)
| Provider | Data Shared | Opt-out |
|---|---|---|
| Firebase Analytics (Google LLC) | App events, session data, device info. Retention: 14 months (configurable) | Settings > Privacy |
| Sentry (Functional Software Inc., USA) | Error logs, stack traces, device info. Dream content is automatically filtered. Retention: 90 days | Settings > Privacy |
5.4 Payments
App Store / Google Play: In-app purchases. Data shared: Transaction info. We store subscription status only, not payment details.
6. Data Retention
We retain data for specific periods based on purpose:
- Account Data: Until you delete your account, then permanently erased within 30 days.
- Dream Entries: Until you delete them or your account.
- AI Interpretations: Until you delete the associated dream or account.
- Analytics Data: 14 months (Firebase default), then automatically deleted.
- Crash Reports: 90 days (Sentry default), then automatically deleted.
- Consent Records: 7 years (legal compliance requirement).
- Backup Data: Deleted within 30 days of account deletion.
7. Your Rights
Under GDPR (EU / UK)
EU and UK residents have the following rights:
- Right to Access: Request a copy of all your personal data (free, within 30 days).
- Right to Rectification: Correct inaccurate data via Settings or by contacting us.
- Right to Erasure: Delete your account and all data in Settings > Account > Delete Account.
- Right to Data Portability: Export your dreams in JSON, CSV, or PDF format in Settings > Privacy (free for all users).
- Right to Object: Opt out of analytics and crash reporting in Settings > Privacy.
- Right to Withdraw Consent: Update your consent choices anytime in Settings > Privacy.
Under CCPA / CPRA (California)
California residents have the following rights:
- Right to Know: Request details of collected personal information.
- Right to Delete: Request deletion of your personal data.
- Right to Opt-Out: Use the “Do Not Sell or Share My Personal Information” toggle in Settings > Privacy. We do not sell data, but this opt-out covers sharing with analytics partners.
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
- Shine the Light: Request information about data shared with third parties for marketing (we do not share for marketing).
Under PIPEDA (Canada)
Canadian residents can:
- Access, correct, and withdraw consent for your personal data.
- File complaints with the Office of the Privacy Commissioner of Canada.
To exercise any of these rights: Use Settings > Privacy in the app, or email slumbee@staim.ai with subject “Data Request - Slumbee.” We respond within 30 days.
8. Consent Management
We collect explicit consent before optional data processing:
- Consent Banner: Shown on first app launch with granular opt-in choices.
- Settings > Privacy: Update your consent choices anytime.
- Consent Logging: All consent choices are timestamped and stored for compliance.
- Consent Withdrawal: You can withdraw consent anytime; processing stops immediately.
- No Pre-Checked Boxes: All optional consents default to OFF.
9. Security
We implement industry-standard security measures:
- Encryption in Transit: All data transmitted via HTTPS/TLS.
- Encryption at Rest: Firebase provides server-side encryption.
- Access Controls: Firebase Security Rules restrict data access to authorized users.
- Sensitive Data Filtering: Dream content is automatically scrubbed from crash reports.
- Secure Credential Storage: Authentication tokens stored in secure device storage.
No online system is completely secure. We cannot guarantee absolute protection.
10. Children's Privacy
- Slumbee is not intended for children under 13 (or under 16 in some jurisdictions).
- We do not knowingly collect personal data from children under these ages.
- If we discover such data, we will delete it immediately.
- Parents/guardians may contact us to request deletion of a child's data.
11. International Transfers
Data may be processed or stored outside your country:
- Firebase/Google Cloud: USA (EU-US Data Privacy Framework participant).
- OpenAI: USA (Standard Contractual Clauses).
- Sentry: USA/EU (Standard Contractual Clauses).
We use approved safeguards including Standard Contractual Clauses (SCCs) and adequacy decisions to protect international transfers.
12. Updates to This Policy
We may update this Privacy Policy periodically:
- Material Changes: We will notify you via in-app banner or email before changes take effect.
- Consent Re-Collection: If changes affect your consent choices, we will ask for new consent.
- Version History: The Effective Date above shows the latest version.
13. Contact Us
STAIM CORP.
Email: slumbee@staim.ai