Privacy Policy
Application: Onireva
Publisher: SELIANS SASU
Last updated: October 22, 2025
1. Data Controller
The data controller is: SELIANS SASU
Address: 478 rue de la découverte, Mini Parc 3 – CS 67624, 31676 LABEGE Cedex, FRANCE
Email: contact@selians.net
2. Data Collected and Purposes
| Data Category | Data Collected | Processing Purpose |
|---|---|---|
| Identification Data | Email address, account credentials | Account management, authentication |
| Personal Content | Dreams, notes, interpretations, metadata | Journaling functionality, analysis, display |
| Analysis Results | AI-generated results | Display, personalization |
| Technical Data & Metadata | IP address, device type, logs, timestamps | Security, fraud detection, support |
| Communications | Message history, notifications | Transactional emails, support, alerts |
We use your data only for the following purposes:
- Provide, operate, maintain, and improve the Application’s features;
- Manage your account and associated services;
- Send you transactional communications (e.g., password reset);
- With your consent, send you information about updates and new features;
- Ensure security, fraud prevention, and support.
We do not sell your data to third parties and do not use it for advertising purposes without explicit consent.
3. Legal Basis for Processing
- For users located in the EU (GDPR): processing is based on your consent, contract performance (service provision), or legitimate interest (e.g., security, fraud prevention), depending on the context.
- For users in the United States/Canada: according to applicable local legislation (federal or state/provincial privacy laws), we process data based on consent, contract performance, or legitimate interest, in compliance with local restrictions.
4. Artificial Intelligence Analysis
- The Application uses AI algorithms to analyze your dreams and produce interpretive results.
- These analyses are fully automated, without human intervention (except in exceptional cases, with your consent).
- Analysis results are subject to the same confidentiality guarantees as your other data.
- You have the right to refuse the use of your data for model training or research purposes (if applicable) — this right will be explicitly offered.
5. Sharing and Sub-processing
To provide the Application’s services, we use the following service providers who process your data as sub-processors, solely for the strict execution of their mission and in compliance with this Policy:
5.1 List of Service Providers and Purposes
| SERVICE PROVIDER | PURPOSE | DATA PROCESSED | LOCATION |
|---|---|---|---|
| Supabase Inc. (AWS infrastructure) | Secure database hosting | Your personal data (account, dreams, notes, metadata) | European Union (Germany, Frankfurt) |
| OpenAI LLC | AI dream analysis (temporary processing) | Dream text content only without identification data | United States (GDPR safeguards) |
| OneSignal Inc. | Email and push notifications | Email address, notification IDs, communication metadata | United States (GDPR safeguards) |
| RevenueCat Inc. | Subscription management and status synchronization | Anonymized ID, subscription status, expiration dates | United States (GDPR safeguards) |
| Google LLC (Google Play) | Payment processing via store | Banking and payment data (not accessible to SELIANS) | Multinational (GDPR safeguards) |
5.2 Important Details
OpenAI (AI Analysis)
- Complete anonymization: Only the text content of your dreams is transmitted, without any identification data (no name, email, or user ID)
- No AI training: Your data is never used to train OpenAI’s models
- Limited retention: Maximum 30 days for abuse detection, then automatic deletion
- Non-EU transfer: Governed by the European Commission’s Standard Contractual Clauses (SCC)
Payments (RevenueCat & Google Play)
- Your banking data is never accessible to SELIANS SASU
- Google Play exclusively processes payments
- RevenueCat only accesses subscription status (active/inactive, dates), without financial data
5.3 Contractual Guarantees
Each service provider mentioned above is bound by contractual commitments ensuring:
- Strict confidentiality and data security
- Use limited to the specified purpose only
- Prohibition on sharing data with other parties
- Compliance with applicable data protection regulations (GDPR, CCPA, etc.)
6. Hosting, Security, and International Transfers
6.1 Data Hosting
Your data is hosted on Supabase servers (AWS infrastructure), located in the European Union (Frankfurt, Germany).
This choice ensures:
- Full compliance with the GDPR
- No need for international transfer mechanisms for storage
- Infrastructure located in a stable, secure jurisdiction with strong data protection laws
6.2 Security Measures
We implement technical and organizational measures to ensure the confidentiality, integrity, and availability of data:
- Encryption at rest (AES-256) and in transit (TLS/HTTPS)
- Restricted access (authentication, authorization, least privilege principle)
- Strict password and authentication policies
- Audit logs and anomaly detection
- Daily automated backups
- Business continuity and disaster recovery plan
- Regular security testing and audits
6.3 International Transfers
Primary hosting: Your data remains permanently in the European Union.
Temporary non-EU transfers: Some processing involves transfers to the United States, governed by Standard Contractual Clauses (SCC):
| SERVICE | PURPOSE | DURATION | PROTECTION |
|---|---|---|---|
| OpenAI | AI Analysis | Max 30 days | SCC + Complete anonymization |
| OneSignal | Notifications | Instantaneous | SCC + GDPR compliance |
| RevenueCat | Subscriptions | Subscription data only | SCC + GDPR compliance |
To obtain a copy of the safeguards or additional information, contact contact@selians.net
Important note: This section will be updated in case of infrastructure or service provider changes. Any substantial modification will be notified to you in accordance with section 10 of this Policy.
7. Retention Period
- Your data is retained as long as your account is active.
- In case of deletion or prolonged inactivity (e.g., subscription expiration), unused data may be deleted after a delay (e.g., 30 days), except for legal retention obligations.
- When you delete your account, your data is irreversibly deleted (except for deferred legal retention obligations, with transparency to the user).
8. Your Rights (EU / Canada / United States)
- Right of access: view the data we hold about you.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure (right to be forgotten): delete your data, within legal limits.
- Right to data portability: receive your data in a structured, commonly used, and machine-readable format.
- Right to object / restriction of processing: object to or request restriction of processing for legitimate reasons.
- Right to withdraw consent: at any time, for processing based on consent, without affecting the lawfulness of prior processing.
- To exercise these rights, contact us at contact@selians.net. We will respond within a maximum of one month.
- If you are in the EU, you can contact the competent supervisory authority (e.g., CNIL in France).
- For US or Canadian users, available remedies will be those provided by applicable local (state/province) law.
9. Cookies, Similar Technologies, and Electronic Communications
- The mobile application does not use cookies.
- For communications (marketing emails, newsletters), your consent is required (opt-in), and you can unsubscribe at any time.
10. Changes to the Policy
- We may modify the Privacy Policy (legal, technical, regulatory revisions).
- Any substantial modification will be notified 15 days in advance by email or in-app notification
- Continued use of the Application after the effective date of the new version constitutes acceptance of the modified Policy.
11. Contact Information
- Full address of SELIANS SASU: 478 rue de la découverte, Mini Parc 3 – CS 67624, 31676 LABEGE Cedex, FRANCE
- Privacy contact email: contact@selians.net