Security
Security & data protection
Dreams are deeply personal. Here's how we protect your account, your journal, and your payments.
Encryption in transit
All traffic is served over HTTPS/TLS. Data moving between your browser, our servers, and our providers is encrypted.
Modern authentication
Sign-in uses OAuth (Google) and passwordless email links via industry-standard libraries — we never store passwords.
Private by default
Your dream journal is scoped to your account. Other users cannot see your dreams, and we do not sell personal data.
Payments handled by Stripe
Card details are processed by Stripe, a PCI-DSS Level 1 provider. We never see or store your full payment information.
Data control & deletion
You can request export or permanent deletion of your data at any time by emailing our privacy team.
Least-privilege access
Access to production data is limited and logged. Secrets are kept in environment configuration, never in the client bundle.
Found a vulnerability? Please email security@dreamdetected.com and we'll respond promptly.