Your private records deserve precise, verifiable handling.

Oneira stores account and operational data such as your email address, authentication provider, creation timestamps, credits, selected language, theme preferences, and other settings required to operate the product securely.

If you use journaling, mood tracking, psychometric assessments, secure sharing, therapist connection flows, or therapist dashboard tools, the related records are also stored so the features you initiate can function.

Dream text, thought text, mood triggers, therapist notes, and generated reflection payloads are encrypted with AES-256-GCM before they are written to Firestore. The encrypted payload stores the initialization vector, authentication tag, and ciphertext together so integrity can be checked during decryption.

Encryption is implemented on the server using a protected environment key. Data may exist in plaintext only transiently while the application processes a request you initiated, renders your authorized view, or prepares eligible context for a requested AI feature.

By default, account data is partitioned under the relevant user or owner identifier, and protected routes verify the authenticated user before returning protected data.

If a patient explicitly connects with a therapist using the in-app clinic invite flow, that patient authorizes that therapist to access only the records exposed through that relationship and the visibility rules configured in the product. When the connection is revoked, the active therapist relationship ends. If a therapist discharges a patient, historic records created before discharge may remain accessible to that therapist in the archived relationship views exposed by the product.

When you request dream analysis, cognitive reframing, weekly insights, monthly insights, psychometric insights, therapist reports, or therapist OCR transcription, Oneira decrypts only the context needed for that request and sends it to the configured AI provider for processing.

Generated outputs are returned to Oneira, then stored in encrypted form when they are saved to history. Entries you exclude from certain analysis flows are not used in those cross-entry reporting flows.

Payments are handled by Paddle. Oneira does not store raw card numbers or payment credentials. We keep account and ledger records needed to reconcile credit purchases, daily top-ups, rewards, and refunds.

Oneira uses essential browser storage such as localStorage and cookies for language, session continuity, consent state, and interface preferences such as theme mode. We do not run third-party advertising pixels or behavioral ad targeting described by this policy.

If you sign in with Google, Oneira requests standard authentication scopes made available by Google Sign-In, including openid, userinfo.email, and userinfo.profile.

These fields may include your primary email address, display name, and profile image URL. Oneira uses this account data to authenticate your session, restore or create your account, and populate account-facing profile surfaces. We do not use Google profile data to train Oneira AI features, and we do not sell or rent that Google account data to advertisers or data brokers.

Clinical notes authored by therapists inside the dashboard are stored as encrypted records. Access to those notes depends on the authenticated therapist session, the relevant therapist-patient relationship, and the routes or views exposed by the product.

For OCR transcription requests, the uploaded image payload is validated by the route handler and sent on demand to the configured AI model as inline request data. The current implementation does not intentionally persist the raw uploaded image as a product file after processing completes, and the request is configured with provider headers intended to deny model-side data collection.

You can delete your account from Settings. The current server-side deletion flow removes the user document recursively, deletes associated global dreams, shared links, therapist-linked clinical notes and reports, and then deletes the Firebase Authentication user.

Some limited records may still need to be retained where required for legal compliance, payment reconciliation, fraud prevention, or security investigations. For privacy, access, correction, or deletion questions, contact support@oneira.space.

This policy does not claim end-to-end encryption in which only the user holds the decryption key. Oneira controls the server-side encryption environment needed to deliver authenticated product features and request-bound AI processing.

This policy also does not mean a connected therapist can browse all platform data. Therapist access is limited by the relationship state, the relevant route guards, and the visibility model implemented in the product.