← Back to UmbraPrivacy Policy
Murray Digital LLC ("Umbra," "we," "us," or "our") operates the Umbra dream journal application at umbrajournal.com. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.
We take your privacy seriously. Dream journals are deeply personal, and we've designed Umbra with that in mind.
1. Information We Collect
Information You Provide
- Account information: Email address and authentication credentials when you create an account.
- Dream journal entries: The text of dreams you record in Umbra, including any titles, dates, tags, or notes you add.
- Conversation messages: Messages you exchange with Umbra's AI dream analyst feature.
- Subscription and payment information: When you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not store your credit card number, bank account details, or other payment instruments. We receive from Stripe your subscription status, plan type, and billing period information.
- Developer plan API keys: If you subscribe to our Developer plan and provide your own AI provider API keys, we store those keys to process your requests. See Section 5 for details on how these keys are secured.
Information Generated Through Use
- AI-generated interpretations: When you request a dream interpretation, our AI generates analysis grounded in Jungian psychology. These interpretations are stored with your dream entries.
- Symbols, archetypes, and patterns: Umbra identifies and tracks recurring symbols, archetypes, and psychological patterns across your dream journal over time.
- Usage data: We track the number of interpretations and conversation messages used per billing period to enforce plan limits.
Information We Do Not Collect
- We do not collect your real name, phone number, or physical address unless you voluntarily provide it.
- We do not use cookies for advertising or third-party tracking.
- We do not sell your data. Ever.
2. How We Use Your Information
We use your information solely to provide and improve the Umbra service:
- To deliver dream interpretations and analysis by sending your dream text to AI providers for processing.
- To track patterns over time by analyzing symbols, archetypes, and themes across your journal entries.
- To manage your account and subscription, including enforcing plan usage limits.
- To communicate with you about your account, service updates, or support requests.
- To maintain and improve the service, including fixing bugs and improving interpretation quality.
We do not use your dream content or personal data for advertising, profiling for third parties, or any purpose unrelated to providing you the Umbra service.
3. Third-Party Services and Data Processors
Umbra relies on the following third-party services to operate. Each processes limited data on our behalf:
AI Providers — Anthropic (Claude) and OpenAI
When you request a dream interpretation or engage in conversation, your dream text and conversation messages are sent to one of our AI providers for processing.
- Anthropic: Processes dream text via the Claude API. Per Anthropic's API data policy, inputs and outputs are not used to train their models. Data is retained temporarily for trust and safety purposes and then deleted. See Anthropic's Privacy Policy for details.
- OpenAI: Processes dream text via the OpenAI API and generates embeddings for our knowledge retrieval system. Per OpenAI's API data usage policy, data submitted through the API is not used to train their models. See OpenAI's API Data Usage Policy for details.
Important: We send only the minimum context necessary for interpretation — your dream text, relevant conversation history, and reference material from our Jungian knowledge base. We do not send your email address, payment information, or other account details to AI providers.
Supabase (Database and Authentication)
Your account data, dream entries, interpretations, and usage records are stored in a PostgreSQL database hosted by Supabase. All user data is isolated using Row Level Security (RLS), meaning database queries can only access data belonging to the authenticated user. See Supabase's Privacy Policy for details.
Stripe (Payments)
Subscription management and payment processing are handled by Stripe. We never receive or store your full payment card details. Stripe is PCI DSS Level 1 certified. See Stripe's Privacy Policy for details.
Vercel (Hosting)
The Umbra application is hosted on Vercel. See Vercel's Privacy Policy for details.
Cloudflare (DNS and CDN)
DNS and content delivery are provided by Cloudflare. See Cloudflare's Privacy Policy for details.
4. Data Storage and Security
- Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS (HTTPS).
- Encryption at rest: Your data is stored in Supabase's managed PostgreSQL database, which encrypts data at rest.
- Row Level Security: Every database query is scoped to the authenticated user. Users cannot access another user's dream entries, interpretations, or usage data.
- Authentication: Account authentication is managed by Supabase Auth using industry-standard protocols.
5. Developer Plan API Key Handling
If you use the Developer plan and provide your own API keys:
- Your API keys are stored in our database, associated with your user account, and protected by Row Level Security.
- Keys are used only to make API calls on your behalf when you request interpretations or conversations.
- We do not share your API keys with any third party other than the AI provider you designate.
- You can delete your stored API keys at any time through your account settings.
- You are responsible for any usage charges incurred on your API provider account.
- We recommend using API keys with appropriate spending limits set through your provider's dashboard.
6. Data Retention and Deletion
- Active accounts: Your dream journal entries, interpretations, conversation history, and pattern data are retained as long as your account is active.
- Account deletion: You may request deletion of your account and all associated data at any time by contacting us at privacy@umbrajournal.com. Upon receiving a verified deletion request, we will permanently delete your data within 30 days.
- Data export: All plan tiers include the ability to export your dream journal data.
- Subscription cancellation: Canceling your subscription does not delete your account or data. You retain access to your journal and can continue using the free tier.
- Billing records: We may retain minimal billing records (subscription dates, plan type, amounts) as required for tax and accounting purposes, even after account deletion. These records do not include dream content.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data (see Section 6).
- Export: Export your dream journal data at any time through the app.
- Objection: Object to specific uses of your data.
To exercise any of these rights, contact us at privacy@umbrajournal.com. We will respond within 30 days.
For California Residents
Under the California Consumer Privacy Act (CCPA), you have additional rights including the right to know what personal information we collect, the right to delete that information, and the right to opt out of the sale of personal information. We do not sell personal information.
For European Union Residents
If you are in the EU, we process your data under Article 6(1)(b) of the GDPR (performance of a contract — providing the service you signed up for). For any processing not strictly necessary for service delivery, we rely on your consent. You have the right to lodge a complaint with your local data protection authority.
8. Children's Privacy
Umbra is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete that data promptly. If you believe a child has provided us with personal information, please contact us at privacy@umbrajournal.com.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by email before the changes take effect. Your continued use of Umbra after changes are posted constitutes acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy or our data practices:
Murray Digital LLC
Email: privacy@umbrajournal.com
11. Summary Table
| Data Type | Stored By | Shared With | Purpose |
|---|
| Email & auth | Supabase | — | Account management |
| Dream entries | Supabase | Anthropic / OpenAI (for processing) | Journaling, interpretation |
| Interpretations | Supabase | — | Analysis, pattern tracking |
| Conversations | Supabase | Anthropic / OpenAI (for processing) | Interactive dream exploration |
| Symbols & patterns | Supabase | — | Longitudinal self-discovery |
| Payment info | Stripe | — | Subscription billing |
| Developer plan API keys | Supabase | Designated AI provider | User-directed API calls |
| Usage counts | Supabase | — | Plan limit enforcement |