Privacy policy

Effective 22 November 2025

1. Data controller

Noctalia is published by Thanh Chau, a sole proprietorship established in France. Contact: contact@noctalia.app.

2. Data collected

  • Account data: email, authentication data.
  • Dream content: audio recordings, transcripts, texts, tags, favorites, generated images, AI analyses.
  • Technical data: device logs, IP (for security), crash logs, analytics in aggregated form.
  • Payments: managed by Apple App Store / Google Play; Noctalia does not access your full payment details.

3. Purposes and legal bases

  • Provide the Service (journal, speech-to-text, AI analysis, image generation) - contractual necessity.
  • Account security, fraud prevention, abuse handling - legitimate interest and legal obligation.
  • Analytics to improve the app - legitimate interest (aggregated, non-identified).
  • Communication with you (support, updates) - contractual necessity or consent where required.

4. Hosting and transfers

Data is stored in a Supabase database located in Western Europe (EU), hosted on GDPR-compliant infrastructure. The marketing site is hosted by Vercel (USA). When AI or speech-to-text providers process your data, transfers outside the EU may occur with appropriate safeguards (standard contractual clauses or equivalent mechanisms).

5. AI and third-party providers

Some features rely on AI and speech-to-text providers. Content you submit for these features may transit through those services solely to deliver the requested output. Providers are required to process data securely and only for the stated purpose.

6. Retention

Data is retained while your account is active. Backups and logs are kept for limited periods necessary for security, compliance, or dispute resolution. You can request deletion at any time (see below).

7. Your rights

You can exercise your rights of access, rectification, erasure, restriction, portability, and objection (where applicable) by writing to contact@noctalia.app. You may also file a complaint with your local data protection authority.

8. Security

We apply reasonable technical and organizational measures (encryption in transit, access controls). No system is infallible; protect your device and credentials.

9. Account deletion

You can delete your account from the app or by following the instructions on the Account deletion page. Deletion removes your personal data from active systems, subject to legal retention requirements.

10. Updates

This policy may be updated to reflect product or legal changes. We will notify you of significant updates. Continued use after notification means you accept the changes.