Privacy Policy

1. Information We Collect

DreamFoundry is built with privacy first. We collect and store only the minimum information required to provide the service:

• Authentication Data: your email address (or OAuth provider ID) used to create and secure your account in Supabase Auth.
• User-Generated Content: stories that you intentionally save from the editor. You can delete these at any time.
• Basic Usage Analytics: anonymous event data (e.g., page views) collected via Vercel Analytics. No personally identifiable information (PII) is stored in these events.

2. How We Use Your Information

We only use the information listed above to:

• Authenticate you and protect your account.
• Store and display the stories you create.
• Monitor aggregate usage so we can improve DreamFoundry.

3. Third-Party Services

DreamFoundry relies on a few trusted services. Your data may pass through or be stored by them under their respective policies:

• Supabase Auth & Database – stores your authentication credentials and optional story drafts. Supabase Privacy Policy.
• Gemini API & OpenRouter – used to generate story content. Input prompts and generated output are temporarily processed by these providers and are not stored by DreamFoundry after generation.
• Vercel Analytics – captures anonymous usage metrics. Vercel Privacy Policy.

4. Cookies & Local Storage

We use Supabase session cookies/local-storage tokens to keep you logged in. These tokens contain no PII beyond an encrypted session identifier.

5. Data Retention and Deletion

Authentication data is retained for as long as your account exists. Story content remains until you delete it via the app or request full account deletion by contacting us.

6. Security Practices

All data is encrypted in transit (HTTPS/TLS) and at rest in Supabase Postgres. We restrict employee access, implement row-level security, and regularly review dependencies for vulnerabilities.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data. Contact us at support and we will respond within 30 days.

8. Changes to This Policy

We may update this policy to reflect changes in functionality or legal requirements. The revision date will appear at the top of the page and changes take effect immediately upon posting.

9. Contact Us

Have questions? Please reach out through our support form.