Privacy Policy

Effective July 16, 2026

In short: your dream journal is personal. Noctalia does not sell personal data, does not show targeted ads, and uses audio only for transcription. Audio recordings are not retained by Noctalia; transcripts and analyses are stored securely in the European Union.

Privacy, in plain language

What Noctalia stores

  • Your account data and preferences.
  • Your dream transcripts, analyses, generated images, symbols, favorites and guided reflection history.
  • Technical logs needed for security, stability and quota abuse prevention.

What Noctalia does not store or sell

  • No persistent Noctalia storage of voice recordings after transcription processing.
  • No sale of personal data and no targeted advertising profile.
  • No medical diagnosis, prediction or therapeutic decision-making based on your dreams.

1. Who is responsible for your data?

Noctalia is published by TiMax. TiMax acts as the Data Controller within the meaning of the GDPR for the processing described in this policy.

For any questions regarding your personal data or to exercise your rights, you can contact us at: contact@noctalia.app.

2. Data we collect

When using the Noctalia app or website, we may process the following categories of data:

  • Account data: email address, password (stored in hashed form), language or display preferences, information related to the creation and management of your account.
  • Dream data: text transcriptions of your dreams, AI-generated analyses, shareable quotes, themes or categories, dream type, favorite status, as well as images generated to illustrate your dreams, and the history of conversations with the AI assistant about your dreams.
  • Audio recordings: when you use the voice recording feature, your voice is processed to produce a transcript. Noctalia does not record or store your audio files on its servers: they are processed in real-time only to produce the transcript, then deleted from the technical flow. Only the transcribed text is saved in your journal.
  • Technical and usage data: technical logs (errors, performance, security events), basic device information (operating system, app version), a hashed device identifier used solely for free-tier quota management, and technical identifiers necessary to provide the service. On Android, Noctalia may also measure a limited set of functional events (onboarding step viewed, choice made, dream saved or result viewed) using a random journey identifier kept on the device for no more than seven days. This first-party measurement never includes dream text, titles or analyses, nor an email address, account identifier, device identifier or persisted IP address. It uses no third-party marketing analytics tool and can be disabled from the introduction or settings.
  • Website audience measurement: when you visit noctalia.app, Ahrefs Web Analytics measures page views, referrers and, where applicable, outbound link clicks and form submissions. It also derives browser, device, operating system, language, and approximate country and city information. It uses no cookies or persistent identifiers. The raw IP address is used transiently for approximate location and a salted daily visitor hash, then discarded without being stored. No account data or dream content is sent to Ahrefs.
  • Consent-based website usage analysis: solely to improve Noctalia and this website, Microsoft Clarity measures pages viewed, clicks, scrolling and basic technical information, and creates heatmaps and session recordings if you allow analytics. Displayed text, input fields and dropdowns are masked through strict masking. Clarity may set the _clck and _clsk cookies. Advertising storage remains denied, and we do not intentionally send dream content or account data to Clarity.
  • Support data: content of your exchanges with us (for example when you contact us by email) and information necessary to track your requests.

Content you record in Noctalia may, at your discretion, contain sensitive information within the meaning of the GDPR (for example elements related to your health, sexual life, beliefs, etc.). This information is processed solely to provide you with the dream journal and analysis service, based on your explicit consent and your initiative in recording it.

3. Purposes and legal bases

We process your personal data for the following purposes and legal bases:

  • Providing the app and its features (dream journal, analyses, generated images, account creation and management): processing necessary for the performance of the contract (acceptance of Terms of Service) between you and Noctalia.
  • Transcription and analysis of your dreams, including when they contain sensitive information: processing based on your explicit consent, which you can withdraw at any time by deleting the relevant dreams and/or your account.
  • Improving the app, measuring stability, preventing abuse and ensuring security: processing based on our legitimate interest in ensuring the proper functioning, security and development of the service, without marketing profiling.
  • Aggregate, cookie-free traffic measurement with Ahrefs: processing based on our legitimate interest in improving our public content, without targeted advertising or cross-site tracking.
  • Heatmaps and session recordings with Microsoft Clarity: processing based solely on your analytics consent, which you can refuse or withdraw at any time.
  • Managing rights exercise requests, user support and legal compliance: processing necessary to comply with our legal obligations and to exercise our rights (evidence, legal defense, etc.).

4. Use of Artificial Intelligence and voice

Noctalia relies on Artificial Intelligence services to transcribe and analyze your dreams, as well as to generate associated images.

  • Speech recognition: we primarily use your device's native speech recognition (via system interfaces). In case of failure or unavailability, an audio recording may be temporarily transmitted to a third-party speech recognition service (e.g., Google Cloud Speech-to-Text) via our backend to produce a transcript. These audio recordings are processed in real-time to produce the transcript and are not persistently stored by Noctalia.
  • Dream analysis and content generation: the text of your dreams and certain strictly necessary metadata are sent to our main AI provider, currently Google (Gemini), to generate analyses, summaries, conversation elements and visuals.
  • Other leading AI providers: in the future, we may use other high-level AI providers such as Anthropic, OpenAI, Perplexity, Mistral, or equivalent services. We will only enable them if we have equivalent contractual and technical guarantees (security, confidentiality, usage limitations).
  • Model training: where these services allow it, we configure our AI providers so that they do not use your data to train their general models. Where applicable, your data is only used to provide the requested service (transcription, analysis, image or text generation).

5. Storage, security and data location

The security and location of your data are at the core of our approach.

  • Communication encryption: exchanges between your device and our servers are protected by SSL/TLS encryption protocols.
  • Database in the European Union: your account data and dreams are hosted in a Supabase database located in Western Europe (EU), on secure servers subject to the GDPR.
  • Limited access: access to your data is strictly limited to only those persons and service providers who need it to provide the service (on a need-to-know basis). You retain control over your dream journal via your account.
  • Controlled international transfers: some of our service providers (notably AI providers) may be located outside the European Economic Area (for example in the United States). In this case, we implement appropriate safeguards such as the European Commission's Standard Contractual Clauses and, where applicable, adherence to the Data Privacy Framework or equivalent mechanisms.

6. Retention periods

We retain your personal data for a limited period, proportionate to the purposes pursued:

  • Account and dream journal: your account data and journal content (transcripts, analyses, images) are retained as long as your account is active. When you delete your account, we delete or anonymize your data within a reasonable timeframe (generally within 30 days, unless a legal obligation requires otherwise).
  • Audio recordings: recordings necessary for voice transcription are retained only for the time strictly necessary for technical processing (generally a few minutes) and are not stored long-term by Noctalia.
  • Technical and security logs: retained for a maximum period of 12 months, to ensure security, incident detection and evidence in case of dispute.
  • First-party usage measurement: raw events without dream content are deleted after 90 days. Anonymous aggregated statistics that can no longer isolate an individual journey are retained for no more than 24 months.
  • Microsoft Clarity: session recordings are retained for 30 days and heatmaps for up to 9 months. Your analytics preference is stored in your browser for no more than 6 months.
  • Support exchanges: retained for the duration necessary to handle your request and, where applicable, to defend our rights (generally up to 24 months).

7. Data sharing and service providers

Noctalia does not sell your personal data. We do not display targeted advertising in the app.

Your data may only be shared with the following categories of recipients:

  • Technical providers: notably Supabase (hosting, database, authentication) and cloud infrastructure providers necessary for the app's operation.
  • Website analytics: Ahrefs Pte Ltd provides the cookie-free audience measurement described above. Details are available in the Ahrefs Privacy Policy.
  • Consent-based usage analysis: Microsoft provides Clarity only after you agree. Details are available in the Microsoft Privacy Statement.
  • AI and speech recognition providers: Google (Gemini, Google Cloud Speech-to-Text), and where applicable other leading AI providers (Anthropic, OpenAI, Perplexity, Mistral, or equivalent services) for transcription, analysis of your dreams and generation of images or content.
  • Subscription management: RevenueCat (USA) manages in-app subscriptions. RevenueCat receives an anonymous user identifier and purchase information provided by the applicable app store, currently Google Play. Your complete payment information never passes through Noctalia.
  • External advisors and authorities: legal firms, accountants or administrative and judicial authorities when required by law or to defend our rights.

In all cases, we require our service providers to offer sufficient guarantees regarding security and confidentiality, and not to use your data for their own marketing purposes.

8. Minor users

Noctalia is intended for a general audience but is not designed for children under 16 years of age. We do not knowingly collect data concerning persons under 16 without the appropriate consent of a parental authority holder where required by law.

If you believe that a child under 16 has provided us with personal data without authorization, please contact us at contact@noctalia.app so that we can delete the account and associated data.

9. Your rights (GDPR and other applicable laws)

In accordance with the General Data Protection Regulation (GDPR) and, where applicable, other applicable laws, you have the following rights over your personal data:

  • Right of access: obtain confirmation that we process your data and receive a copy.
  • Right to rectification: correct inaccurate or incomplete data concerning you.
  • Right to erasure: request the deletion of your data in cases provided by law (including deletion of your account and dream journal).
  • Right to restriction of processing: request the temporary suspension of certain processing.
  • Right to object: object to certain processing based on our legitimate interest.
  • Right to data portability: receive the data you have provided to us in a structured, commonly used and machine-readable format, or request its transmission to another controller where technically feasible.
  • Right to withdraw consent: where processing is based on your consent (notably for certain sensitive data), you can withdraw it at any time, without affecting the lawfulness of prior processing. You can change the Clarity choice through “Analytics preferences” in the footer.

You can exercise your rights by contacting us at: contact@noctalia.app, specifying the email address used to create your account. We may need to ask you for additional information to verify your identity.

If you reside in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local supervisory authority (in France: the CNIL).

If you reside in a jurisdiction with specific rights (for example in California under the CCPA/CPRA), you may also benefit from rights of access, deletion and limitation of use of your data. Noctalia does not sell your personal data within the meaning of these laws and does not engage in behavioral advertising based on cross-site tracking.

10. Changes to this policy

We may update this privacy policy to reflect legal, technical or functional changes to Noctalia. In case of significant changes, we will inform you by reasonable means (in-app notification, email, or banner) before the new terms take effect where required by law.

The date of the last update appears at the top of this page. We encourage you to regularly review this policy to stay informed about how we protect your data.