Privacy Policy
Application: Onireva
Publisher: Enilis, trading name of Michel Picariello, sole trader, SIRET 524 030 906 00044
Address: 60 rue François 1er, 75008 Paris, France
Contact: contact@onireva.com
Last updated: April 22, 2026
In this Privacy Policy, the term “User” refers to any individual using the Onireva Application, whether or not they have an account.
1. Data Controller
The data controller is: Enilis, trading name of Michel Picariello, sole trader
Email: contact@onireva.com
2. Data Collected and Purposes
| Data Category | Data Collected | Processing Purpose |
|---|---|---|
| Identification data | Email address, account credentials | Account management, authentication |
| Personal content | Dreams, notes, interpretations, metadata | Journaling functionality, analysis, display |
| Analysis results | Analysis results generated by artificial intelligence | Display, personalisation |
| Technical data & metadata | IP address, device type, logs, timestamps | Service security, abuse/fraud prevention, technical support |
| Communications | Message history, notifications | Transactional emails, support, alerts |
We use data solely for the following purposes:
- Providing, operating, maintaining and improving the Application’s features;
- Managing your account and associated services;
- Sending you transactional communications (e.g. password reset);
- With your consent, sending you information about updates and new features;
- Ensuring service security, abuse/fraud prevention and support.
We do not sell your data or use it for advertising purposes without explicit consent. We collect only the data strictly necessary for the purposes described, in accordance with the data minimisation principle.
The analyses provided by the Application are informational and reflective content. They are not intended to produce legal effects or significantly similar effects within the meaning of Article 22 of the GDPR.
3. Legal Basis for Processing
- For users located in the EU (GDPR): processing is based on your consent, the performance of a contract (service provision), or legitimate interest (e.g. security, abuse/fraud prevention), depending on the context.
- For users located outside the European Union: in accordance with applicable local legislation, we process data on the basis of consent, performance of a contract, or legitimate interest, in compliance with local restrictions.
- The applicable legal basis depends on the specific purpose of the processing, as described in section 2.
4. Artificial Intelligence Analysis
- The Application uses artificial intelligence algorithms to analyse dreams entered by the User and generate interpretive results.
- These analyses are automated. As a rule, they do not involve human intervention, except in exceptional cases (for example, a support request) and only when necessary.
- Analysis results are subject to the same confidentiality guarantees as other data.
- User data is not used to train artificial intelligence models within the scope of the service provided. We configure the services used so as to limit the use of content to the purposes strictly necessary for delivering the features offered. If this policy were to change, the User would be informed and, where required, their consent would be sought.
5. Sharing and Sub-processing
To provide the Application’s services, we engage providers who may process certain data as data processors, solely for the purposes of service delivery and in accordance with this Policy.
5.1 List of Providers and Purposes
| PROVIDER | PURPOSE | DATA PROCESSED | LOCATION |
|---|---|---|---|
| Supabase Inc. (hosting via cloud infrastructure) | Secure database hosting | Account data, dreams, notes, metadata | European Union |
| OpenAI LLC | AI analysis of dreams (processing necessary for the service) | Textual content of dreams without direct identification data | United States (adequate safeguards, including SCCs) |
| OneSignal Inc. | Sending emails and push notifications | Email address, notification identifiers, communication metadata | United States (adequate safeguards, including SCCs) |
| RevenueCat Inc. | Subscription management and status synchronisation | Pseudonymised identifier, subscription status, expiry dates (no banking data) | United States (adequate safeguards, including SCCs) |
| Google LLC / Google Play | Payment processing via the store | Banking and payment data (not accessible to the data controller) | European Union and/or outside the EU (per Google) |
| Apple Inc. / App Store | Payment processing and iOS subscription management | Banking and payment data (not accessible to the data controller) | Location under Apple Inc. terms |
5.2 Important Information
AI Analysis (OpenAI)
- Only the textual content of dreams is transmitted to enable analysis, without direct identification data (for example: no name or email address).
- Processing is limited to service delivery. We configure the service so as not to authorise the use of content for purposes unrelated to the service (for example, model training), subject to the settings and commitments applicable to the service used.
Payments (RevenueCat, Google Play, App Store)
- Banking data is processed by the distribution platform (Google Play and/or App Store) and is not accessible to the data controller.
- RevenueCat enables subscription status management (active/inactive, dates) without accessing banking data.
5.3 Safeguards
We govern our use of providers through contractual commitments and appropriate security measures, including:
- confidentiality obligations;
- limitation of use to the purposes of the service;
- data protection measures (access controls, exchange security, etc.);
- obligation to notify in the event of a security incident, where applicable.
6. Hosting, Security and International Transfers
6.1 Hosting
User data is hosted within the European Union, via our hosting provider (Supabase).
Important: certain processing operations necessary for service delivery (for example, AI analysis or sending notifications) may involve transfers of data outside the European Union, in accordance with section 6.3.
6.2 Security
We implement appropriate technical and organisational measures to protect data against loss, unauthorised access, alteration or disclosure, such as:
- encryption of communications (secure connection);
- access controls and authorisation management (principle of least privilege);
- logging and monitoring to detect abnormal behaviour;
- backups and restoration procedures.
These measures may evolve to maintain an appropriate level of protection in light of risks and the state of the art.
6.3 International Transfers
When data is transferred outside the European Union, we put in place appropriate safeguards (for example, the Standard Contractual Clauses – SCCs – of the European Commission), as well as, where applicable, supplementary measures.
| SERVICE | PURPOSE | DURATION | PROTECTION |
|---|---|---|---|
| OpenAI | AI Analysis | Time required for processing | Adequate safeguards (including SCCs) + minimisation of data transmitted |
| OneSignal | Notifications | Time required for sending | Adequate safeguards (including SCCs) |
| RevenueCat | Subscriptions | Time required for status management | Adequate safeguards (including SCCs) |
For further information on the safeguards put in place, you may contact us at contact@onireva.com.
7. Retention Period
- Data is retained for as long as the User’s account is active.
- In the event of account deletion or prolonged inactivity, certain data may be deleted within a maximum period of 30 days, unless a legal retention obligation applies.
- When the User deletes their account, data is irreversibly deleted, subject to applicable legal obligations.
8. Your Rights (EU / Canada / United States)
- Right of access: consult the data we hold about you.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure: request the deletion of your data, within legal limits.
- Right to data portability: receive your data in a structured, commonly used and readable format.
- Right to object / restriction: object to or request restriction of processing on legitimate grounds, where applicable.
- Right to withdraw consent: at any time for processing based on consent, without affecting the lawfulness of prior processing.
- To exercise your rights, contact us at contact@onireva.com. We will respond within a maximum of one month.
- If you are in the EU, you may lodge a complaint with the competent supervisory authority (e.g. the CNIL in France).
9. Cookies, Similar Technologies and Electronic Communications
- The mobile Application does not use cookies in the strict sense, but may use equivalent technologies necessary for its operation (technical identifiers, notifications, etc.).
- For communications (marketing emails, newsletters), your consent is required (opt-in), and you may unsubscribe at any time.
10. Policy Changes
- We may modify this Privacy Policy (legal, technical or regulatory revisions).
- Any material change will be notified 15 days in advance by email or in-app notification.
- Continued use of the Application after the effective date of the new version constitutes acceptance of the amended Policy.
11. Contact Details
- Privacy contact email: contact@onireva.com