Legal

Privacy Policy

Last updated July 6, 2026

1Introduction

SMART SC EOOD (“we,” “us,” “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Lyra Dream application (the “App,” including any web version of it we make available) and related services (the “Services”).

We process personal data in compliance with:

Because the App analyzes dreams and psychological themes, some of the data you provide is treated as a special category / sensitive personal data under GDPR and CCPA. We describe below how we handle it.

2Data controller

The data controller responsible for your personal data is:

SMART SC EOOD
Sofia, DARVENITZA 9
Bulgaria
Email: support@lyradream.com

For EU/EEA data-protection inquiries, you may contact us at the same email address.

3Information we collect

3.1 Information you provide

3.2 Information collected automatically

3.3 Information from third parties

4How we use your information

4.1 Service provision

4.2 Service improvement and security

We do not use your personal dream content, conversations, or profile to train AI models — neither our own nor those of our AI providers (see Section 5).

4.3 Communication

4.4 Legal and safety

4.5 Safety signals

Dark or disturbing imagery inside a dream is normal analytical material and is never flagged. However, if you make a statement about your waking life that indicates a risk of serious harm (for example to yourself or others), the AI analyst may raise a silent safety signal. When that happens:

Legal bases for processing (GDPR):

5AI processing and automated decision-making

5.1 AI service providers

Dream analysis is powered by large language models accessed through Amazon Web Services (AWS Bedrock). Depending on configuration, the underlying model may be provided by Anthropic (Claude) or by OpenAI (accessed via the Amazon Bedrock endpoint). When you submit a message for analysis, the relevant text is transmitted to AWS Bedrock and the applicable model provider for processing.

5.2 Data sent to the AI

When you send a message in a dream session, we transmit:

5.3 AI data handling

5.4 Automated profiling

We use automated processing to generate dream interpretations and psychological insights and to maintain your profile and life context. These outputs are informational and reflective only; they do not produce legal or similarly significant effects. You have the right to request human review, to express your point of view, and to contest any automated output — contact us at support@lyradream.com.

6Data storage and security

6.1 Data location

Your personal data is stored on secure servers hosted on our own Virtual Private Server (VPS) infrastructure located in Germany, with a PostgreSQL database. Some processing occurs with the third parties described in Sections 5 and 7 (for example authentication and AI processing).

6.2 Optional encryption of your content (“encryption at rest”)

The App offers an encryption feature you can enable. When you enable it, sensitive user content — including your dream conversations, interpretations, summaries, assessment/profile text, known-people notes, inner-work notes, life context, and drafts — is encrypted at rest using envelope encryption:

Important: This is strong at-rest protection, but it is not end-to-end encryption. During an active dream session, the server temporarily decrypts the necessary content in memory so it can be sent to the AI provider for processing and then re-encrypted. If you lose both your password and your Recovery Key, your encrypted content cannot be recovered by us.

If you have not enabled encryption, your content is not wrapped with a personal key, but it remains protected by the security measures described in Section 6.3, including encryption in transit and server access controls.

6.3 Other security measures

6.4 Data retention

We retain your personal data for as long as your account is active or as needed to provide the Services:

Upon account deletion, we delete or irreversibly anonymize your personal data within 30 days, except where longer retention is required by law.

7Data sharing and disclosure

7.1 Service providers (processors)

7.2 Legal requirements

We may disclose data if required by law or in response to valid legal requests by public authorities.

7.3 Business transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to this Privacy Policy.

7.4 With your consent

We may share data with third parties when you have given explicit consent.

7.5 No sale or “sharing” of personal data

We do not sell your personal data, and we do not “share” it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.

8International data transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including:

For transfers from the EEA/UK to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) and Data Processing Agreements with our providers, together with additional safeguards as required by law.

9Your rights

9.1 Rights under GDPR (EU/EEA/UK residents)

9.2 Rights under CCPA/CPRA (California residents)

Categories of personal information collected (CCPA):

9.3 Exercising your rights and account deletion

You can access and export your data, and permanently delete your account and associated data, from within the App. You may also contact us at support@lyradream.com. We respond within one month (extendable where permitted). We may need to verify your identity to protect your account.

10Children's privacy

The Services are intended only for individuals 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected data from a person under 18, we will delete it promptly. If you believe a minor has provided us data, contact us at support@lyradream.com.

11Cookies and similar technologies

The App does not use advertising cookies or third-party ad tracking. We use only strictly necessary technologies for session management, authentication state, and de-identified analytics.

12Third-party links

The App may contain links to third-party websites or services. We are not responsible for their privacy practices and encourage you to review their policies.

13Data breach notification

In the event of a personal-data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (as required by GDPR), notify affected users without undue delay where the risk is high, and document the breach and our response.

14Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy, updating the “Last Updated” date, and, where appropriate, providing an in-app or email notice. Your continued use after changes take effect constitutes acceptance of the revised policy.

15Contact us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

SMART SC EOOD
Email: support@lyradream.com
Sofia, DARVENITZA 9
Bulgaria

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority, or with the Commission for Personal Data Protection (Bulgaria): https://www.cpdp.bg/

By using Lyra Dream, you acknowledge that you have read and understood this Privacy Policy.