Lucidity — Lucid Dreaming

What this policy covers

This policy explains what we collect, why, how it’s used and shared, and the rights available to you. It applies to the Lucidity iOS/iPadOS app and our website.

Who can use Lucidity

Lucidity is available globally and intended for users 13+. We don’t knowingly collect personal information from children under 13; if we learn we have, we’ll delete it.

Information we collect and why

1) Account & identity (required)

• Data: Email address, display name.
• Purpose: Create and secure your account; sync your data; provide support.
• Legal basis (GDPR/UK-GDPR): Contract necessity; legal obligation for certain records.

2) Dream journal content (user-generated content)

• Data: Dream entries, tags, moods you add.
• Purpose: Provide core features (create, sync, restore, and manage your journal).
• Legal basis: Contract necessity.

3) Device and diagnostics

• Data: Crash and performance data (Apple & Firebase Crashlytics); limited device context (e.g., OS version, device model, language/region).
• Purpose: Fix bugs; ensure reliability and security.
• Legal basis: Legitimate interests (you may object).

4) Analytics

• Data: App usage analytics via Google Analytics for Firebase and Apple’s aggregated analytics.
• Purpose: Understand feature usage and improve the app.
• Controls: We do not link analytics to your name or email. Regional consent/opt-out flows are respected.
• Legal basis: Legitimate interests and/or consent where required.

5) Advertising (AdMob)

• Data: Advertising identifiers and related signals as provided by the platform/SDK.
• Purpose: Show ads unless you’ve purchased Lucidity PRO or the prior Remove Ads IAP.
• Controls: We honor App Tracking Transparency (ATT); if declined or where required, we serve non-personalized ads and/or use Restricted Data Processing (no interest-based targeting). You can request non-personalized ads at any time.

6) Payments

• Data: Apple In-App Purchase only. Apple processes payment details; we do not receive your full payment information.
• Legal basis: Contract necessity.

7) Location & sensitive data

• Precise location, HealthKit, contacts, photos, mic, calendar, motion, files: Not collected. Approximate location may be inferred by providers from network data for fraud prevention/analytics/ads and reported at an aggregate/region level.

Permissions

• Notifications: Standard notifications are used.
• Critical Alerts: We may request the Critical Alerts entitlement for the user-configured auto shutoff alarms feature. Until granted by Apple, the app uses Time-Sensitive notifications by default.
• App Tracking Transparency (ATT): Prompt shown at startup because AdMob is used.

Where we process and store data

• Cloud database: Your account and journal sync data are stored in Google Cloud Firestore in the Google Cloud region configured for our Firebase project.
• Apple systems: Apple may process aggregated analytics and deliver push notifications. If you use iOS device backups (iCloud), Apple may store encrypted backups that include Lucidity app data.

Security: Data is encrypted in transit (TLS) and at rest by our cloud providers. We apply least-privilege access; only the developer has console access. We review access periodically.

International data transfers

If data is transferred outside your region (e.g., EU/UK → U.S.), transfers rely on the data protection terms and standard contractual clauses (SCCs) provided by our processors (e.g., Firebase/Google Cloud).

How long we keep information

• Dream entries & account data: Until you delete them or delete your account.
• Crash/performance diagnostics: Retained for a limited period consistent with provider defaults (currently around 90 days) unless we explicitly export (we do not today).
• Analytics: Retained per provider defaults for aggregate reporting; not linked to your name or email.
• Legal/security: We may retain minimal records as required by law, dispute resolution, or security.

Your rights and choices

• Delete account & data: In-app on Profile → Delete account & data, or email privacy@lucidityapp.co from your account email; we target completion within 30 days.
• Access/port/rectify/restrict/object: Email us; we verify via your account email.
• Ads choices: Decline ATT, adjust device ad preferences, or email us to request non-personalized ads/Restricted Data Processing.
• California “Do Not Sell/Share”: We do not sell personal information. Personalized advertising can be deemed “sharing” under California law; you may opt out by declining ATT, adjusting preferences, or emailing us to request non-personalized ads/RDP. We do not knowingly sell/share personal information of consumers under 16.

Vendors / subprocessors

• Google Firebase / Google Cloud (Firestore, Auth, Crashlytics, Analytics).
• Apple (push notification delivery, IAP, aggregated analytics).

We will update this list if material changes occur.

EU/UK specifics

• Controller: Shane Curtis (contact above).
• EU/UK representative (Art. 27): Not appointed at this time due to the scale and nature of processing; if this changes, we will update this notice.
• DPO: Not appointed.
• Breach notice: We will notify authorities/users without undue delay and within 72 hours for reportable incidents.

Changes to this policy

We’ll post updates at lucidityapp.co and present an in-app prompt for material changes; your acknowledgement is stored in Firestore.

Contact

• Privacy & data requests: privacy@lucidityapp.co
• Accessibility requests: business@lucidityapp.co