Privacy Policy

What we collect, who we share it with, and how long we keep it.

Effective: May 12, 2026

Last updated: June 3, 2026

Youmeng ("we", "us", "our") is a private dream journal built and operated by an independent developer. Dreams are intimate, so we've designed this policy — and the app itself — around two principles: collect as little as possible, and be specific about what we do with what we collect.

This policy applies to the Youmeng mobile app (iOS, and later Android) and the youmeng.app website, including the waitlist signup form. By using Youmeng or signing up for the waitlist, you agree to this policy.

1. The short version

What	Why
Your email	To create your account and sign you in via magic link.
Your dream content (text, voice, symbols, moods)	To store and display your own journal back to you, and — only if you ask — to generate an AI symbolic reading.
Anonymous diagnostics (optional, off by default in EU/UK)	To find bugs and crashes. Never includes dream content.

We do not sell your data. We do not show you ads. We do not use your dreams to train any general-purpose model — and per their API terms, neither do the AI providers we send your content to (Anthropic and OpenAI; see section 4). We share dream content with these providers only after you have accepted the in-app AI consent screen at sign-in, and only the minimum text or audio needed for that reading.

2. What we collect

Account data

Just your email address. We don't collect your name, phone number, date of birth, address, or any government identifiers.

Dream content

When you record a dream, we store: the free-text body, any voice recording you make, the symbols and mood you tagged, the timestamp, and a generated title. Voice recordings are stored as audio files. We treat dream content as sensitive personal information — see section 5 for how it's protected.

AI interpretation requests

When you tap "Read this dream", we send the relevant dream text to Anthropic (Claude API) so it can return a symbolic reading. If you use Voice Trace to record a dream aloud, the audio file is sent to OpenAI (Whisper API) to be transcribed into text. The reading and the transcription are then stored alongside the dream so you can revisit them.

The first time you sign in to Youmeng, the app shows an AI consent screen that names these providers, explains what is sent to each, and requires you to accept before any dream content can leave the app. If you decline, you are signed out and no dream content is ever sent. The screen is the contractual basis on which we share content under section 4.

Per Anthropic's Commercial Terms and OpenAI's API data-usage policy, content submitted via these APIs is not used to train their models and is retained only for the short period needed for operational and abuse-prevention purposes.

Diagnostic data (optional)

If you leave "Anonymous usage stats" enabled in Settings, we collect aggregate, non-identifying information about which screens are visited, crashes, and performance. This never includes dream content. In the EU and UK this setting is off by default.

Waitlist signups

If you submit your email on youmeng.app, we store: your email, the source page (landing), your browser's user agent, the approximate country your IP geolocates to (when available), and the timestamp.

What we don't collect

We don't collect contacts, photos, precise location, calendar, microphone audio outside of recording flows, biometric data, or your social graph.

3. How we use what we collect

Provide the app's core functions (record, store, display your dreams)
Generate AI symbolic readings when you request them
Send sign-in links to your email
Email you about important product changes or service issues (rarely)
Fix bugs and improve the app (only with diagnostic data, if you've consented)
Comply with legal obligations

We do not use your dreams or voice recordings for advertising, profiling, lookalike audiences, or training AI models for purposes other than reading your dream when you ask us to.

4. Who we share data with

We use a small number of carefully chosen third-party service providers ("processors"). They process data on our behalf, under contract, and only for the purposes listed.

Processor	Receives	Why
Supabase (USA)	Account email, dream content, voice files, AI readings	Database, auth, file storage
Anthropic (USA)	Dream text + tagged symbols, only after you accept the in-app AI consent screen	Generate symbolic readings via the Claude API. Not used to train Anthropic's models.
OpenAI (USA)	Voice recordings (if you use Voice Trace), only after you accept the in-app AI consent screen	Transcribe audio to text via the Whisper API. Not used to train OpenAI's models.
Cloudflare (USA)	Website traffic to youmeng.app, including waitlist submissions	DNS, content delivery, hosting
Apple / Google	App Store / Play Store account ID	App distribution

We do not currently use any advertising networks, marketing analytics platforms, or customer support tools that would receive your dream content.

We may share data with law enforcement only when legally required (e.g., a valid subpoena). We have never received such a request as of the effective date above. We do not sell your data to anyone, for any purpose, ever.

5. How we protect it

All traffic between your device and our servers is encrypted in transit (TLS 1.2 or higher)
Dream content is encrypted at rest by Supabase (AES-256)
Voice files are stored in a private storage bucket; only your authenticated session can read them
Row-level security policies on the database mean even an SQL query on our end cannot return another user's dreams without explicitly identifying that user
We don't keep production database backups on local laptops

No system is perfectly secure. If we ever suffer a breach affecting your data, we will notify you within 72 hours of confirming the incident, as required by GDPR.

6. AI interpretation — an important note

Symbolic readings generated by Youmeng are produced by a large language model. They are:

Not a medical diagnosis. Youmeng is not a healthcare service.
Not psychological or psychiatric advice. If anything in a reading distresses you, please talk to a qualified mental-health professional.
Suggestive, not definitive. Treat readings as conversation prompts about your inner life — never as objective truth.
Potentially inaccurate. AI models hallucinate. Cross-check anything that matters.

If you find yourself relying on dream readings to make significant life decisions, please pause and speak with someone you trust.

7. How long we keep it

Account & dreams: for as long as your account exists. When you delete your account, we erase all personal data within 30 days, except where law requires longer retention (e.g., tax records, 7 years).
Voice recordings: same as above. You can also delete individual recordings before deleting the account.
Waitlist emails: until you ask us to remove you, or until we close the waitlist.
Diagnostic data: at most 90 days.
Server logs: at most 30 days.

8. Your rights

Depending on where you live, you have some or all of the following rights:

Access — get a copy of your data (Settings → Data → Export my dreams)
Correction — fix anything inaccurate
Deletion — wipe your account and all associated data
Portability — receive your data in JSON format
Restriction & objection — limit how we process your data
Withdraw consent — turn off optional features like diagnostics anytime
Opt out of "sale" — already true: we don't sell data
Lodge a complaint with your local data protection authority

For any of the above, just email hello@youmeng.app. We respond within 30 days, usually faster.

We don't use your data to make automated decisions that produce legal or similarly significant effects about you.

9. International transfers

Youmeng's servers (via Supabase) are located in the United States. If you're in the EU, UK, China, or elsewhere outside the US, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) where applicable for these transfers.

10. Children

Youmeng is not for children under 13. We do not knowingly collect data from anyone under 13. If you're between 13 and 16 and live in the EU or UK, please use Youmeng only with a parent or guardian's involvement, as GDPR requires. If you believe a child has provided us data, email hello@youmeng.app and we will delete it.

11. Changes to this policy

If we change this policy in a way that materially affects you, we'll notify you by email (or in-app banner) at least 14 days before the change takes effect. Smaller edits (typos, clarifications) we may make without notice, but we always update the "Last updated" date above.

12. Contact

Email: hello@youmeng.app

If we don't respond within 30 days, you may also contact your local data protection authority. EU residents: see the EDPB. UK residents: the ICO. California residents: the California Privacy Protection Agency.

隐私政策

我们收集什么、与谁共享、保留多久。

生效日期：2026 年 5 月 12 日

最近更新：2026 年 6 月 3 日

联系方式：hello@youmeng.app

幽梦（"我们"）是一款由独立开发者打造和运营的私密梦境日记 app。梦境是私密的，因此我们围绕两条原则设计了本政策以及 app 本身：尽可能少地收集，清楚地说明所收集数据的用途。

本政策适用于幽梦移动 app（iOS，未来包括 Android）和 youmeng.app 网站，包括候补名单注册表单。使用幽梦或注册候补名单即表示你同意本政策。

1. 一句话版本

是什么	为什么
你的邮箱	创建账户、通过 magic link 登录
你的梦境内容（文字、录音、符号、情绪）	把你的日记呈现给你看；仅当你主动请求时生成 AI 象征解读
匿名诊断数据（可选，欧盟 / 英国默认关闭）	排查 bug 和崩溃。绝不包含梦境内容

我们不出售你的数据。我们不展示广告。我们不用你的梦训练任何通用模型——根据他们的 API 条款，我们调用的 AI 服务（Anthropic 与 OpenAI，详见第 4 节）也不会用你的内容训练他们的模型。我们仅在你接受了 app 内"AI 同意"页面之后，才会把梦境内容发给这些服务，且只发送生成该次解读所必需的最少文字或音频。

2. 我们收集什么

账户数据

仅你的邮箱地址。我们不收集你的姓名、手机号、出生日期、住址或任何政府发证身份证件信息。

梦境内容

当你记录一个梦时，我们存储：自由文字正文、你录制的任何录音、你标注的符号和情绪、时间戳，以及自动生成的标题。录音存为音频文件。我们将梦境内容视为敏感个人信息——参见第 5 节的保护措施。

AI 解读请求

当你点击"解读此梦"时，我们会把相关梦境文本发送给 Anthropic（Claude API），由它返回象征解读。如果你使用 "声音留痕" 录下梦境，音频文件会被发送给 OpenAI（Whisper API）转写成文字。解读和转写都会与梦一起保存，方便你回看。

首次登录幽梦时，app 会展示一个 "AI 同意"页面，明确列出这些服务、各自接收什么内容，并要求你接受之后才能让任何梦境内容离开 app。如果你拒绝，会被退出登录，不会有任何梦境内容被发送。这一同意是我们按第 4 节共享内容的合同基础。

根据 Anthropic 的商业条款和 OpenAI 的 API 数据使用政策，通过这些 API 提交的内容不会用于训练他们的模型，仅在为完成操作和防止滥用所必需的短暂时间内保留。

诊断数据（可选）

若你在设置中保留"匿名使用统计"开关为开启，我们会收集关于哪些页面被访问、崩溃、性能的聚合、不可识别身份的信息。绝不包含梦境内容。在欧盟和英国，此开关默认关闭。

候补名单注册

若你在 youmeng.app 提交了邮箱，我们存储：你的邮箱、来源页面（landing）、浏览器 user agent、IP 大致定位到的国家（若可获取），以及时间戳。

我们不收集的

通讯录、照片、精确位置、日历、录音流程之外的麦克风音频、生物特征数据，或你的社交关系图。

3. 我们如何使用收集到的数据

提供 app 的核心功能（记录、存储、展示你的梦）
在你主动请求时生成 AI 象征解读
向你的邮箱发送登录链接
通过邮件告知重要产品变更或服务问题（极少）
修 bug 和改进 app（仅使用诊断数据，且仅当你授权时）
履行法律义务

我们不将你的梦或录音用于广告、用户画像、相似人群投放，或除"在你请求时解读你的梦"以外的任何 AI 模型训练。

4. 我们与谁共享数据

我们使用少数几家精心挑选的第三方服务提供商（"数据处理者"）。他们在合同约束下为我们处理数据，且仅用于以下列出的目的。

数据处理者	接收什么	用途
Supabase（美国）	账户邮箱、梦境内容、录音文件、AI 解读	数据库、身份认证、文件存储
Anthropic（美国）	梦境文字与标注符号，仅在你接受 app 内 AI 同意页面之后	通过 Claude API 生成象征解读。不会用于训练 Anthropic 的模型。
OpenAI（美国）	录音文件（仅当你使用"声音留痕"），仅在你接受 app 内 AI 同意页面之后	通过 Whisper API 把音频转写为文字。不会用于训练 OpenAI 的模型。
Cloudflare（美国）	youmeng.app 网站流量，包括候补名单提交	DNS、内容分发、托管
Apple / Google	应用商店账户 ID	把 app 分发到你的设备

我们当前不使用任何广告网络、营销分析平台或客服工具，因此这些第三方不会接触到你的梦境内容。

我们仅在法律强制要求（如有效传票）时向执法部门提供数据。截至本政策生效日期，我们从未收到过此类请求。我们绝不出于任何目的、向任何方出售你的数据。

5. 我们如何保护

你的设备与我们的服务器之间的所有流量都使用 TLS 1.2 或更高版本加密
梦境内容由 Supabase 静态加密（AES-256）
录音文件存储在私有存储桶；只有你已认证的会话能读取
数据库行级安全（RLS）策略意味着即使在我们这边运行 SQL 查询，也无法在不明确指定某个用户的情况下返回另一用户的梦
我们不在本地笔记本上保留生产数据库备份

没有任何系统是完全安全的。若你的数据曾遭遇泄露事件，我们会在确认事件后 72 小时内通知你，符合 GDPR 要求。

6. AI 解读 —— 重要提示

幽梦生成的象征解读由大语言模型产出。它们：

不是医疗诊断。幽梦不是医疗服务。
不是心理学或精神医学建议。若解读中的任何内容让你不安，请咨询合格的精神健康专业人士。
是启发性的，不是定论。请把解读视为关于你内心生活的对话起点——永远不要视为客观真理。
可能不准确。AI 模型会产生幻觉。重要的事情请交叉验证。

如果你发现自己开始依赖梦境解读做出重大人生决定，请停一停，与你信任的人聊聊。

7. 我们保留多久

账户与梦：账户存在期间一直保留。当你删除账户时，我们会在 30 天内抹除所有个人数据，除非法律要求保留更长时间（如付款的税务记录，保留 7 年）。
录音：同上。你也可以在删除账户前单独删除某条录音。
候补名单邮箱：直到你要求我们删除，或我们关闭候补名单。
诊断数据：最长 90 天。
服务器日志：最长 30 天。

8. 你的权利

根据你所在地区，你享有以下部分或全部权利：

访问 —— 获取你数据的副本（设置 → 数据 → 导出我的梦）
更正 —— 修正不准确的内容
删除 —— 抹除你的账户及所有关联数据
可携带 —— 以 JSON 格式获取你的数据
限制 / 反对 —— 限制我们如何处理你的数据
撤回同意 —— 随时关闭可选功能
退出"出售" —— 我们本来就不卖数据
向监管机构投诉 —— 你所在地的数据保护机构

行使上述任何权利，邮件 hello@youmeng.app 即可。我们会在 30 天内回复，通常更快。

我们不会使用你的数据做出对你产生法律或类似重大影响的自动化决策。

9. 跨境数据传输

幽梦的服务器（通过 Supabase）位于美国。若你身处欧盟、英国、中国或美国以外的其他地区，你的数据将被传输至美国并在那里处理。我们对这类传输（在适用时）依据标准合同条款（SCC）。

10. 未成年人

幽梦不面向 13 岁以下儿童。我们不知情地收集任何 13 岁以下用户的数据。若你在欧盟或英国且年龄在 13 至 16 岁之间，请仅在父母或监护人参与下使用幽梦，符合 GDPR 要求。若你认为有儿童向我们提供过数据，请邮件 hello@youmeng.app，我们会删除。

11. 本政策的变更

若我们对本政策的变更对你产生实质影响，我们会在变更生效前至少 14 天通过邮件或 app 内横幅通知你。较小的编辑（错字、澄清）可能直接更新，但我们始终更新顶部的"最近更新"日期。

12. 联系我们

邮件：hello@youmeng.app

若我们未在 30 天内回复，你也可以联系你所在地的数据保护机构。欧盟居民可在 EDPB 查询本国机构。英国居民可联系 ICO。加州居民可联系加州隐私保护局。