↞ Back
Terms

# Privacy Policy
**Effective date:** 16 September 2025
**Controller**
— Delta Invest Group OÜ (registry code 12346057)
— Address: Liivalaia tn 40-182, 10145 Tallinn, Estonia
— VAT number: EE102826072
— Privacy email: deltainvestgroupou@gmail.com
— Phone: +372 5650 1010
**Supervisory authority:** Estonian Data Protection Inspectorate (AKI), Tatari 39, 10134 Tallinn; info@aki.ee; +372 627 4135.

## 1) Data we process
**1.1 Account data:** name/pseudonym, email, phone.
**1.2 Service data:** dream inputs and responses, usage logs (IP, device, timestamps), error logs.
**1.3 Billing:** payment references (Stripe), invoices and payment history.
**1.4 Cookies:** strictly necessary (login/security), functional; analytics/marketing only with consent.
**1.5 Children:** under 13 only with legal representative’s consent.

## 2) Purposes & legal bases (GDPR Art. 6)
Contract performance; legitimate interests (security/service development/statistics); legal obligation (accounting/tax); consent (marketing/non-essential cookies).

## 3) Cookies & consent
We show a clear cookie notice; no analytics/marketing cookies before consent. Consent can be withdrawn any time.

## 4) Recipients & processors
Cloud hosting, email/transactional mail, logging/analytics, payment processor (Stripe). We share data only as necessary and sign Art. 28 DPAs.

## 5) International transfers
Outside the EEA we use SCC (2021/914) and a Transfer Impact Assessment (TIA).

## 6) Retention
Account: for the account lifetime + up to 24 months after inactivity.
Dream inputs & responses: by default up to 24 months (unless otherwise stated in-app).
Logs: 12–24 months.
Billing: up to 7 years (statutory).
After expiry we delete or anonymise.

## 7) Security
Role-based access, encryption in transit/at rest, backups, audit logs, incident response. Where NIS2 applies, we follow Estonia’s cybersecurity framework.

## 8) AI transparency
You interact with AI; AI-generated content is labelled. For automated decision-making, we describe logic/effects and provide a way to contest.

## 9) Email sign-in (magic link)
We create a one-time token (SHA-256 stored, 15-minute expiry). No password is stored. Links are sent via local MTA (sendmail) or an HTTPS provider with SPF/DKIM/DMARC configured.

## 10) Payment methods
Payments are processed by Stripe. In supported countries, local wallets (e.g., Alipay/WeChat/Kakao/GrabPay/FPX/PayNow/PromptPay/GCash) may be offered via Stripe Checkout.

## 11) Data subject rights
Access, rectification, erasure, restriction, portability, objection, withdrawal of consent; complaint to the AKI (contacts above).

## 12) Contact
Privacy: deltainvestgroupou@gmail.com, +372 5650 1010. We usually respond within 30 days.