Privacy Policy
Application: Onireva
Publisher: Enilis, trade name of Michel Picariello, sole trader
Address: 60 rue François 1er, 75008 Paris, France
Contact: imajinix@gmail.com
Last updated: February 10, 2026
In this Privacy Policy, the term “User” refers to any natural person using the Onireva Application, whether or not they have created an account.
1. Data Controller
The data controller is: Enilis, trade name of Michel Picariello, sole trader
Email: imajinix@gmail.com
2. Data Collected and Purposes
| Data Category | Data Collected | Purpose of Processing |
|---|---|---|
| Identification data | Email address, account credentials | Account management, authentication |
| Personal content | Dreams, notes, interpretations, metadata | Journaling functionality, analysis, display |
| Analysis results | Analysis results generated by artificial intelligence | Display, personalization |
| Technical data & metadata | IP address, device type, logs, timestamps | Service security, abuse/fraud prevention, technical support |
| Communications | Message history, notifications | Transactional emails, support, alerts |
We use data solely for the following purposes:
- Provide, operate, maintain, and improve the Application’s features;
- Manage your account and associated services;
- Send transactional communications (e.g. password reset);
- With your consent, send information about updates and new features;
- Ensure service security, abuse/fraud prevention, and support.
We do not sell your data and do not use it for advertising purposes without explicit consent. We collect only data that is strictly necessary for the purposes described, in accordance with the principle of data minimization.
The analyses provided by the Application are informational and reflective in nature. They do not result in any automated decision producing legal effects or similarly significant effects within the meaning of Article 22 of the GDPR.
3. Legal Basis for Processing
- For users located in the European Union (GDPR): processing is based on your consent, performance of the contract (service provision), or legitimate interest (e.g. security, abuse/fraud prevention), depending on the context.
- For users located outside the European Union: depending on applicable local legislation, data is processed based on consent, contract performance, or legitimate interest, in compliance with local restrictions.
- The applicable legal basis depends on the specific purpose of the processing, as described in section 2.
4. Artificial Intelligence Analysis
- The Application uses artificial intelligence algorithms to analyze dreams entered by the User and generate interpretive results.
- These analyses are automated. As a rule, they do not involve human intervention, except in exceptional cases (for example, a support request) and only when necessary.
- Analysis results are subject to the same confidentiality safeguards as other data.
- User data is not used to train artificial intelligence models. If this policy were to change, Users would be informed and, where required, their consent would be requested.
5. Sharing and Sub-processing
To provide the Application’s services, we rely on service providers who may process certain data as sub-processors, solely for the purpose of providing the service and in accordance with this Policy.
5.1 List of Service Providers and Purposes
| SERVICE PROVIDER | PURPOSE | DATA PROCESSED | LOCATION |
|---|---|---|---|
| Supabase Inc. (cloud infrastructure hosting) | Secure database hosting | Account data, dreams, notes, metadata | European Union |
| OpenAI LLC | AI dream analysis (processing necessary for the service) | Textual dream content without direct identifying data | United States (appropriate safeguards, including SCCs) |
| OneSignal Inc. | Email and push notifications | Email address, notification identifiers, communication metadata | United States (appropriate safeguards, including SCCs) |
| RevenueCat Inc. | Subscription management and status synchronization | Pseudonymized identifier, subscription status, expiration dates (no banking data) | United States (appropriate safeguards, including SCCs) |
| Google LLC (Google Play) | Payment processing via the store | Banking and payment data (not accessible to the data controller) | European Union and/or outside the EU (depending on Google) |
5.2 Important Information
AI Analysis (OpenAI)
- Only the textual content of dreams is transmitted for analysis, without any direct identifying data (e.g. no name or email address).
- Processing is limited to the provision of the service. We do not authorize the use of content for purposes unrelated to the service (e.g. model training), subject to the applicable settings and commitments of the service used.
Payments (RevenueCat & Google Play)
- Banking data is processed by the distribution platform (e.g. Google Play) and is not accessible to the data controller.
- RevenueCat manages subscription status (active/inactive, dates) without accessing banking data.
5.3 Safeguards
We govern the use of service providers through contractual commitments and appropriate security measures, including:
- confidentiality obligations;
- limitation of use to the purposes of the service;
- data protection measures (access controls, secure communications, etc.);
- incident notification obligations, where applicable.
6. Hosting, Security, and International Transfers
6.1 Hosting
User data is hosted within the European Union through our hosting provider (Supabase).
Important: certain processing operations necessary to provide the service (e.g. AI analysis or notifications) may involve data transfers outside the European Union, in accordance with section 6.3.
6.2 Security
We implement appropriate technical and organizational measures to protect data against loss, unauthorized access, alteration, or disclosure, including:
- encrypted communications (secure connections);
- access controls and authorization management (principle of least privilege);
- logging and monitoring to detect abnormal behavior;
- backup and recovery procedures.
These measures may evolve to maintain a level of protection appropriate to risks and the state of the art.
6.3 International Transfers
When data is transferred outside the European Union, we implement appropriate safeguards (such as the European Commission’s Standard Contractual Clauses – SCCs), as well as supplementary measures where necessary.
| SERVICE | PURPOSE | DURATION | PROTECTION |
|---|---|---|---|
| OpenAI | AI analysis | Time necessary for processing | Appropriate safeguards (including SCCs) + data minimization |
| OneSignal | Notifications | Time necessary for delivery | Appropriate safeguards (including SCCs) |
| RevenueCat | Subscriptions | Time necessary to manage status | Appropriate safeguards (including SCCs) |
For further information regarding the safeguards in place, you may contact us at imajinix@gmail.com.
7. Data Retention
- Data is retained for as long as the User’s account remains active.
- In the event of account deletion or prolonged inactivity, certain data may be deleted after a reasonable period, subject to legal retention obligations.
- When the User deletes their account, data is irreversibly deleted, subject to applicable legal obligations.
8. Your Rights (EU / Canada / United States)
- Right of access: access the data held about you.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure: request deletion of your data, within legal limits.
- Right to data portability: receive your data in a structured, commonly used, and readable format.
- Right to object / restriction: object to or request restriction of processing for legitimate reasons, where applicable.
- Right to withdraw consent: at any time for processing based on consent, without affecting the lawfulness of prior processing.
- To exercise your rights, contact us at imajinix@gmail.com. We will respond within a maximum of one month.
- If you are located in the EU, you may contact the competent supervisory authority (e.g. CNIL in France).
9. Cookies, Similar Technologies, and Electronic Communications
- The mobile Application does not use cookies.
- For communications (marketing emails, newsletters), your consent is required (opt-in), and you may unsubscribe at any time.
10. Changes to the Policy
- We may modify this Privacy Policy (legal, technical, or regulatory updates).
- Any material change will be notified at least 15 days in advance by email or in-app notification.
- Continued use of the Application after the effective date of the new version constitutes acceptance of the updated Policy.
11. Contact Information
- Privacy contact email: imajinix@gmail.com