Elucid← Back to Home

Privacy Policy

Effective date: April 16, 2026 ·  Liminaut Labs  ·  liminaut-labs.org

The short version: Your dream content is encrypted at rest and we cannot read it. We do not sell your personal data. Analytics are cookieless and privacy-respecting. You can export or delete your data at any time.

1. Who We Are

Liminaut Labs operates Elucid, accessible at liminaut-labs.org. We are an independent research collective dedicated to making research-grade dream interpretation accessible. For all privacy-related matters, contact us at moonlit-social-labs@proton.me.

2. Data We Collect

2.1 Account Data

When you register, we collect your email address and a hashed password. We do not collect your real name unless you voluntarily provide it in your profile.

2.2 Dream Content

All dream narratives, tags, emotional ratings, and associated notes you submit are stored in encrypted form. See Section 4 for details on our encryption model. Dream content is processed by our interpretation pipeline and the Claude API (see Section 6.1) solely to produce your interpretation. It is not retained by Anthropic beyond the duration of the API call, per Anthropic's API data usage policy.

2.3 Profile and Preferences

Optionally, you may provide your age bracket, psychological type (e.g., Jungian typology), and cultural context. These are used to calibrate interpretations through our life-stage and type modifier system. This data is stored under your account and is not shared with third parties.

2.4 Usage Analytics

Elucid uses two distinct analytics providers, separated by surface so each operates under the appropriate privacy posture:

Marketing site & blog (this website). We use Plausible Analytics, a privacy-first analytics provider that:

  • Does not use cookies or persistent identifiers of any kind.
  • Does not collect personal data or track individuals across sites.
  • Processes aggregated, anonymized page-view and event data only.
  • Is fully GDPR, CCPA, and PECR compliant without requiring a cookie consent banner.

Mobile app (iOS, Android). Within the Elucid mobile app we use PostHog for product analytics. PostHog uses a per-installation device identifier stored locally on your device. Our PostHog integration is configured with strict privacy defaults, enforced at the code level by an explicit allowlist:

  • No session replay. Your screen is never recorded.
  • No autocapture. Taps, scrolls, screen views, and form input are not automatically captured.
  • No dream content. Dream narratives, titles, interpretations, and any text you enter into the app are explicitly forbidden from being included in any analytics event. This is enforced by a property allowlist that drops any field name outside the approved set before transmission.
  • No PII in event properties. Email addresses, names, and other identifying free-text fields are not transmitted as event metadata.
  • Explicit events only. Every analytics event in the mobile app is fired by an explicit line of code. We collect aggregate funnel and retention data (e.g., "interpretation started," "framework selected," "subscription started") with non-identifying metadata such as framework count, plan name, or anonymized error categories.
  • You may opt out. The mobile app provides a "Disable analytics" toggle in account settings that turns off all PostHog event capture for your device. The opt-out is persisted across launches.

PostHog data is hosted on PostHog Cloud (US region by default; see posthog.com/privacy for their data-handling practices). PostHog acts as our data sub-processor under a Data Processing Addendum.

2.5 Technical Data

Our servers automatically log IP addresses, HTTP request metadata, and timestamps for security and performance monitoring. Server logs are retained for a maximum of 90 days and then purged. IP addresses are not linked to your account data or dream content.

2.6 Data We Do Not Collect

We do not collect location data beyond what may be inferred from an IP address. We do not collect biometric data, payment card numbers (handled by our payment processor), or data from third-party social logins unless you explicitly connect them.

3. How We Use Your Data

We use your data exclusively to:

  • Authenticate your account and provide access to the Service.
  • Produce dream interpretations through our analysis pipeline and Claude API.
  • Improve the Service based on aggregated, anonymized usage patterns.
  • Send transactional emails (account confirmation, password reset, billing receipts). We do not send marketing email without your explicit opt-in.
  • Comply with applicable legal obligations.

We do not sell, rent, or trade your personal data to any third party for commercial purposes.

4. Encryption at Rest

All dream content is encrypted at rest using AES-256-GCM (Advanced Encryption Standard, 256-bit key, Galois/Counter Mode) with user-derived encryption keys. This architecture means:

  • Your dream content is ciphertext in our database — we cannot read it in plaintext under normal conditions.
  • Keys are derived in part from your account credentials. If you lose access to your account and cannot recover it, decryption may not be possible.
  • Our encryption master key is separate from your data and is stored in a secure environment variable — it is never committed to source code.

We recommend you export your dream data periodically (see Section 9) as a personal backup.

5. The Collective Model and Anonymized Aggregation

Elucid includes an optional feature called the Collective Model — a data-driven interpretive tradition that identifies patterns across a large corpus of dreams to surface insights no individual tradition can detect.

Participation in the Collective Model is strictly opt-in. If you choose to participate, your dream content is:

  • Stripped of all personally identifiable information before aggregation.
  • Combined with data from other opted-in users to identify statistical patterns.
  • Never stored or processed in a form that could re-identify you.

You may opt out of the Collective Model at any time in your account settings. Previously contributed data is purged from the aggregate dataset within 30 days of opt-out.

6. Third-Party Services

6.1 Anthropic (Claude API) — paid tier only

Free-tier interpretations do not transmit your dream content to Anthropic. On the free tier, the engine retrieves the most relevant passages from our public-domain corpus using on-server semantic + keyword search and returns those passages to you directly. No LLM call is made; your dream narrative never leaves our servers in plaintext.

On paid tier (or if your account is on our beta-tester allowlist), dream interpretation uses Anthropic's Claude API. When you request an interpretation, your encrypted dream narrative is decrypted in memory, combined with the retrieved corpus passages, and transmitted to Anthropic's API over TLS for synthesis. Per Anthropic's API usage policy, content submitted via the API is not used to train Anthropic's models by default and is not retained beyond the duration of the API request. If the Anthropic call fails, the response degrades to the same passages-only shape as the free tier — your dream is never half-processed by any third party.

6.2 Plausible Analytics (Marketing Site)

As described in Section 2.4, we use Plausible Analytics for cookieless, privacy-first usage analytics on the marketing site and blog. Plausible's servers are located in the EU. No personal data is transmitted to Plausible. For more information, see plausible.io/privacy.

6.3 PostHog (Mobile App Product Analytics)

As described in Section 2.4, we use PostHog within the Elucid mobile app for aggregate product analytics — funnel performance, retention, feature adoption, error categories. PostHog is configured at the code level to forbid session replay, autocapture, and any field-name outside an explicit allowlist of non-identifying metadata. Your dream content is never transmitted to PostHog under any circumstance. PostHog data is hosted on PostHog Cloud (US region by default). PostHog acts as our data sub-processor under a Data Processing Addendum. For PostHog's own data-handling practices, see posthog.com/privacy.

You may disable PostHog event capture entirely via the "Disable analytics" toggle in the mobile app's account settings. The opt-out is persisted on your device across launches.

6.4 Voyage AI (Embeddings & Reranking)

Free-tier and paid-tier interpretations both query our public-domain corpus using vector similarity. Your dream narrative is sent to Voyage AI's API over TLS to be encoded as a numerical embedding (used internally to find semantically related corpus passages) and, optionally, to rerank candidate matches. Voyage AI is contractually bound not to retain or train on submitted content. Only the dream narrative text is transmitted; no account identifiers, demographics, or interpretation history are sent. Voyage acts as our data sub-processor under their standard terms.

6.5 Resend (Transactional Email)

We use Resend to deliver transactional emails — account verification, password reset, and (in the future) billing receipts. Resend receives your email address and the message body for these notifications. No dream content, interpretations, or symbol data is ever sent through Resend. Resend is a US-based email infrastructure provider and acts as our data sub-processor.

6.6 Payment Processor

Subscription payments are handled by a PCI-DSS compliant third-party payment processor. We do not store credit card numbers. The processor receives your payment information directly and returns a payment token to our system. Your payment information is governed by the processor's privacy policy.

7. Data Retention

We retain your account data and dream content for as long as your account is active. If you delete your account:

  • Your dream content (encrypted) is permanently deleted within 30 days.
  • Your account data (email, hashed password, preferences) is deleted within 30 days.
  • Aggregated, anonymized analytics data (Plausible) is not attributable to you and is not deleted.
  • Server logs containing your IP address are retained up to 90 days from creation, then purged.

8. Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit.
  • AES-256-GCM encryption for all dream content at rest.
  • Hashed and salted passwords (bcrypt or equivalent).
  • JWT-based authentication with short-lived access tokens and secure refresh tokens.
  • No sensitive credentials committed to source control.

No security system is perfect. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.

9. Your Rights and Choices

9.1 Access and Portability

You may request a full export of your dream data at any time via account settings or by emailing us. Exports are provided in JSON format and include all dreams, interpretations, and profile data associated with your account.

9.2 Correction

You may update your account data (email address, profile preferences) at any time via account settings.

9.3 Deletion (Right to Be Forgotten)

You may request full deletion of your account and all associated data by using the "Delete Account" option in settings or by emailing moonlit-social-labs@proton.me. Deletion is processed within 30 days.

9.4 Opt-Out of Analytics

Plausible Analytics respects the "Do Not Track" browser header. You may also use a browser extension that blocks Plausible's script without any impact on app functionality, as our analytics are additive and not required for the Service to operate.

9.5 Opt-Out of Collective Model

Participation in the Collective Model is opt-in only and can be withdrawn at any time in account settings.

10. GDPR (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access — obtain a copy of your personal data.
  • Right to rectification — correct inaccurate personal data.
  • Right to erasure — request deletion of your personal data.
  • Right to restriction of processing — limit how we use your data.
  • Right to data portability — receive your data in a machine-readable format.
  • Right to object — object to processing based on legitimate interests.

Our legal basis for processing personal data is: (a) contract performance (account registration, service delivery); (b) legitimate interests (security, fraud prevention, analytics in anonymized form); and (c) consent (Collective Model participation, marketing communications).

To exercise your GDPR rights, contact us at moonlit-social-labs@proton.me. We will respond within 30 days.

11. CCPA (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

  • Right to know — what personal information we collect and how we use it (see Sections 2 and 3).
  • Right to delete — request deletion of personal information we have collected (see Section 9.3).
  • Right to opt out of sale — we do not sell personal information. There is nothing to opt out of.
  • Right to non-discrimination — exercising your privacy rights will not result in service degradation.

To submit a verifiable consumer request, email us at moonlit-social-labs@proton.me.

12. Children's Privacy

Elucid is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before they take effect. The effective date at the top of this page will always reflect the most current version.

14. Contact

For any privacy-related questions, requests, or concerns:

Liminaut Labs
moonlit-social-labs@proton.me
liminaut-labs.org

Terms of ServiceAboutHome