Privacy Policy

Last updated: 10 May 2026

Draft — should be reviewed by a lawyer before joining any ad network (e.g. AdSense).

1. What we collect

• Dream text: the narrative you submit for interpretation.
• IP address (hashed): spam and abuse protection. Raw IPs are never stored — kept as a SHA-256 hash.
• Browser cookie (UUID): to identify you across the session and enforce daily limits.
• Contact form fields: if you message us, your name, email, subject, and message.

2. What we use it for

• Generate dream interpretations (processed by a third-party AI provider).
• Spam and abuse protection.
• Reply to messages from the contact form.

3. Third parties

Data is sent to the following services:

• OpenRouter (openrouter.ai): routes your dream text to an AI model (Google Gemini). Whether your text is retained by OpenRouter or the model provider is governed by their own privacy policies.
• Supabase (supabase.com): database hosting. Servers are in the EU (Frankfurt, Germany).
• Umami Cloud (umami.is): anonymous, cookieless traffic stats. Does not collect personal data or fingerprint visitors.
• Sentry (sentry.io): error tracking. When an error occurs, the URL, browser version, IP address, and page contents are sent to Sentry servers (EU).

4. Cookies

Functional cookies only. No advertising or tracking cookies.

• evoldo_v — visitor identifier (1 year)
• django_language — language preference (1 year)
• sessionid, csrftoken — security (session lifetime)
• evoldo_cookies_ok — remembers you dismissed the banner (1 year)

5. Data retention

• Dream text and interpretation: indefinite (anonymous, not tied to your identity — only a cookie UUID and hashed IP).
• Contact-form messages: indefinite (until deletion is requested).
• Sentry error logs: 30 days (Sentry default).

6. International data transfers

Your data may be processed at the following locations:

• Supabase — EU (Frankfurt, Germany)
• OpenRouter / Google Gemini — US/EU (depending on the model provider)
• Umami Cloud — EU
• Sentry — EU (Frankfurt)

7. Delete your data

Use the contact form to request deletion. To clear the browser cookie, simply remove evoldo.com cookies in your browser settings.

8. KVKK / GDPR

Users in Türkiye are protected by KVKK 6698; users in the EU by GDPR (rights to access, rectification, erasure, objection).

9. Contact

Data controller: evoldo — Contact form