Privacy Policy
Last updated: February 25, 2026
1. Information You Provide
Moonstone collects the following information that you directly provide: dream journal entries (text content of dreams you record), mood selections (anxious, pleasant, neutral, strange, or nightmare), vividness ratings (1–5 scale), and any edits or notes you add to your entries. If you choose to create an account using Sign in with Apple, we receive your Apple ID user identifier and, optionally, your name and email address — only if you choose to share them. All dream data is stored locally on your device by default using SwiftData with iOS encryption.
2. Voice Recordings
When you use voice recording to capture a dream, audio is recorded in WAV format (16-bit PCM, 16 kHz, mono) and transcribed entirely on your device using WhisperKit. Audio recordings are automatically deleted immediately after transcription completes via a cleanup routine. Any orphaned recordings older than 24 hours are also automatically removed. No audio data is ever transmitted to external servers. Only the resulting transcribed text is stored and available for AI analysis or cloud sync.
3. AI Processing
Before any dream content is shared with a third-party AI provider, Moonstone shows an in-app consent prompt explaining AI data sharing and asks for your permission. If you choose "Not Now," no dream content is transmitted for AI analysis. When you choose to use AI features and provide consent, Moonstone sends the minimum required data through Supabase Edge Functions to Anthropic's Claude API: - Dream Analysis: dream text, selected mood, and selected app language - Monthly Pattern Report (Pro): up to 30 recent dream summaries (date, mood, short text excerpt) plus recurring element counts derived from your saved analyses - Technical request metadata required for secure delivery and authentication Moonstone does not intentionally include your name, email address, raw audio recordings, or Apple Health data in AI requests. Anthropic returns analysis output to Moonstone, and results are stored locally on your device (and in your cloud account only if you enabled cloud sync).
4. Health Data
With your explicit permission, Moonstone can read sleep data from Apple HealthKit, including sleep start times, end times, duration, and latest wake time. This data is read-only — Moonstone never writes to HealthKit. Sleep data is processed locally on your device to correlate dreams with sleep patterns and to power optional smart reminders. Health data is never transmitted to external servers, never stored in our database or cloud infrastructure, never shared with third parties, and never used for advertising or marketing. You can revoke Health access at any time through iOS Settings > Privacy & Security > Health > Moonstone.
5. How We Use Your Information
We use your data only for the purposes described in this policy: - Dream content: save your journal entries, provide AI analysis when you request it, and generate pattern reports - Account information (if provided): authenticate your account and enable optional cloud sync - Sleep data (optional): correlate sleep patterns with dreams on-device only - Device/app diagnostics: troubleshoot crashes, errors, and compatibility issues We do not sell personal data and we do not use your dream content, health data, or account data for advertising.
6. Cloud Sync
Cloud sync is a Pro feature that is disabled by default. When you enable it, your dream data (content, mood, vividness, AI analysis results, favorite status, and timestamps) is encrypted and synced to Supabase servers. Data is encrypted in transit using TLS 1.3 and encrypted at rest in SOC 2 compliant data centers. Row-level security policies ensure that only your authenticated account can access your data. Sync uses a last-write-wins strategy with server-managed timestamps for conflict resolution. You can disable cloud sync at any time in the App's settings.
7. Third-Party Services
Moonstone integrates with the following third-party services: - Anthropic (Claude AI): receives only the data needed to generate AI analysis after your in-app consent - Supabase: hosts authentication, encrypted data sync (if enabled), and secure edge function routing for AI requests - RevenueCat: manages subscriptions and in-app purchase status (no dream-content access) - Apple: Sign in with Apple, App Store billing, and optional HealthKit access controls - WhisperKit: on-device speech transcription only (no server transmission) We share only the minimum data necessary for each service. We require service providers to maintain appropriate security and confidentiality protections for data they process. For more details, see provider policies: Anthropic (https://www.anthropic.com/privacy), Supabase (https://supabase.com/privacy), RevenueCat (https://www.revenuecat.com/privacy).
8. Data Storage & Security
By default, all data is stored locally on your device using SwiftData with iOS data protection encryption. API keys and secrets are managed through build-time configuration files and are never hardcoded. If cloud sync is enabled, data is encrypted during transfer using TLS 1.3, encrypted at rest using database encryption (pgcrypto), and isolated per user via row-level security policies. Background sync occurs via a registered background task when the app is not in the foreground.
9. Data Retention & Deletion
Local data is retained on your device until you delete the App or clear your data. Cloud data is retained until you delete your account or request deletion. When you delete a dream, it is soft-deleted (marked with a deletion timestamp) and retained for 30 days for sync safety before being permanently removed. You can delete individual dreams, delete all local data via Settings > Data > Delete All Data, delete cloud data only via Settings > Cloud Sync > Delete Cloud Data, or delete your entire account via Settings > Account > Delete Account. Account deletion permanently removes your Supabase authentication record and cascades to delete all associated dream and subscription data.
10. Data Export & Portability
You can export all your dream data at any time via Settings > Data > Export Data. Dreams are exported as a structured JSON file. Pro users can also export pattern reports as PDF documents. Exports are shared via the iOS Share Sheet and can be saved to Files, sent via email, or transferred to other services.
11. Children's Privacy
Moonstone is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us and we will delete it promptly.
12. International Data Transfers
If you use cloud sync, your data may be transferred to and processed in the United States, where our cloud infrastructure (Supabase) is located. By enabling cloud sync, you consent to this transfer. Local-only usage involves no international data transfers.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of changes by posting the updated policy and updating the "Last updated" date. Material changes will be communicated through the App.
14. Health & Medical Disclaimer
Moonstone provides dream analysis for self-reflection and entertainment purposes only. It is not intended to provide medical, psychological, or therapeutic advice. The App is not a substitute for professional mental health care. If you are experiencing psychological distress, please consult a qualified healthcare professional.
15. Contact Us
If you have questions about this Privacy Policy, contact us at moonstone@orochisystems.com.