Privacy Policy

Last updated: June 27, 2025

We, DigitalZen GmbH, take the protection of your personal data very seriously. With this Privacy Policy, we want to inform you transparently about what data we collect when you use our iOS app "DreamJournal", for what purposes we use it, and what rights you have in this regard.

1. Data Controller

The controller for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

For any questions regarding data protection in our app, you can reach us at the address above or via the following email address: dataprivacy@digitalzen.digital

2. Your Rights as a Data Subject

You have the following rights at all times:

• Access (Art. 15 GDPR): The right to obtain information about your data processed by us.
• Rectification (Art. 16 GDPR): The right to request the correction of inaccurate or completion of your data stored by us.
• Erasure (Art. 17 GDPR): The right to request the deletion of your data stored by us, unless the processing is necessary for exercising the right of freedom of expression, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
• Restriction of Processing (Art. 18 GDPR): The right to request the restriction of the processing of your data.
• Data Portability (Art. 20 GDPR): The right to receive your data in a structured, commonly used, and machine-readable format or to request its transmission to another controller.
• Objection (Art. 21 GDPR): The right to object to processing based on our legitimate interests.
• Withdrawal of Consent (Art. 7(3) GDPR): The right to withdraw your consent at any time with effect for the future. The lawfulness of the processing carried out until the withdrawal remains unaffected.
• Lodge a Complaint (Art. 77 GDPR): The right to lodge a complaint with a supervisory authority. The competent supervisory authority for us is the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht - BayLDA).

3. Data Processing When Downloading and Using the App

a) Provision of the App and Basic Functionality

The core functionality of the app is built on a "local-first" approach. Your dream entries are primarily stored and processed on your own device. A transfer to our servers only occurs for the optional processes described below. The purely local use of the app requires the processing of metadata such as timestamps or editing status.

• Legal Basis: The processing is necessary for the performance of the user agreement for the provision of the app's functionalities (Art. 6(1)(b) GDPR).

b) Dream Recording and Transcription (Voice & Text)

The central function of the app is recording your dreams via voice and converting them into text. This data is particularly sensitive as it may reveal details about your health, religious or philosophical beliefs, or sex life (special categories of personal data according to Art. 9 GDPR). For transcription, your audio files are transferred to technical service providers.

• Data Categories: Voice recordings (audio files), text generated from the recordings (transcriptions).
• Purpose: Personal dream journaling, searchability of entries.
• Data Processors:
  • Storage: For the technical handling of the transcription, the audio file is briefly stored with Supabase (via their EU infrastructure).
  • Transcription: The conversion of speech to text is performed by the service AssemblyAI (via their EU infrastructure).
• Data Security and Retention: We have concluded data processing agreements with our service providers. Both Supabase and AssemblyAI process the data exclusively in the EU. Your audio file is immediately and automatically deleted from both AssemblyAI and Supabase after the transcription is complete. The data remains stored on your device until you delete it yourself.
• Legal Basis: Your explicit consent pursuant to Art. 6(1)(a) and Art. 9(2)(a) GDPR, which you provide separately when first launching the app.

c) Analysis for App Improvement with TelemetryDeck

To continuously improve our app, find bugs, and optimize user-friendliness, we would like to collect anonymized usage data. We place the highest value on your privacy and use the service TelemetryDeck for this purpose, which does not collect any personally identifiable information.

• Data Categories: Anonymized usage events (e.g., app launches, feature usage, crashes), anonymous behavioral patterns (e.g., frequency of recordings). No dream content, transcriptions, or personal information is ever collected.
• Service Provider: TelemetryDeck (a service of TelemetryDeck GmbH). The data is processed exclusively on servers in the Netherlands (EU).
• Legal Basis: Your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) of the German TTDSG (Telecommunications Telemedia Data Protection Act), which you can provide when first launching the app.

4. Contacting Us

If you contact us by email or phone, the data you provide (e.g., email address, name, phone number, content of your request) will be stored to process your inquiry. We will delete this data after storage is no longer necessary or restrict its processing if legal retention obligations exist.

• Legal Basis: Art. 6(1)(b) GDPR (for contract-related inquiries) or Art. 6(1)(f) GDPR (our legitimate interest in responding to your inquiry).

5. Data Security

We use technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or against access by unauthorized persons. All communication between your app and our service providers' servers is encrypted via a secure HTTPS connection.

6. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy to ensure it always complies with current legal requirements or to implement changes to our services in the Privacy Policy. Your subsequent use of the app will be subject to the new Privacy Policy.