Privacy Policy

Last updated: June 2026

1. Controller

Oliver Stolz

Ethyria. Dream Analysis

Freistädter Str. 65, 4040 Linz, Austria

Email: support@ethyria.at

2. What data we collect and why

2.1 Email address (registration and contact)

When you register via the sign-up form or contact us by email, we collect your email address. The legal basis is your explicit consent (Art. 6(1)(a) GDPR). We use it exclusively for the agreed purpose. No sharing with third parties. No newsletter without renewed consent.

2.2 Live dream analysis (website)

Dream texts entered on the website are transmitted to our API (Cloudflare Workers) for AI processing. The texts are not stored permanently and are not linked to any individual. The analysis limit is managed via local browser storage (localStorage). Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

2.3 Consent management

Before using the live dream analysis, a consent dialogue appears. Your consent is stored with a unique identifier (UUID), timestamp, version and language in your browser storage and in our Cloudflare KV store (retention period: 3 years). You can withdraw your consent at any time via the link in the footer. Legal basis: Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR.

2.4 App data (Android)

All dream entries and analyses in the Ethyria app remain stored locally on your device. There is no automatic cloud synchronisation. The AI analysis requires an internet connection to the API. The dream text is temporarily transmitted and not stored permanently.

2.5 In-app purchases (Google Play)

Purchases within the Android app (single analysis, monthly or annual subscription) are processed exclusively via Google Play. We do not receive payment data. Google LLC processes this data in accordance with the Google Privacy Policy. Website payments are processed via Stripe Inc. We do not receive credit card data. More information: stripe.com/privacy.

2.6 Analytics (Plausible Analytics)

This website uses Plausible Analytics (Plausible Insights OÜ, Tallinn, Estonia). Plausible processes no personal data, uses no cookies and is GDPR-compliant without consent. All data is anonymised and cannot be linked to any individual. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

2.7 Error tracking (Sentry)

We use Sentry (Functional Software Inc. dba Sentry) to detect and fix technical errors. We use the EU ingest endpoint (ingest.de.sentry.io). No personal data is transmitted. IP addresses and user-identifying information are disabled. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

2.8 Server logs and CDN

When you visit this website, technical access data (IP address, browser, timestamp) is recorded in server logs by GitHub Pages and Cloudflare. This data is deleted after a maximum of 7 days. Cloudflare acts as a CDN and security layer. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

3. Cookies and local storage

This website uses only technically necessary storage (localStorage, sessionStorage) to manage analysis credits, consents and session cache. No tracking or marketing cookies are used. No cookie consent banner is required for technically necessary storage under Austrian telecommunications law. The service worker enables offline use through local caching of website resources.

4. AI processing and EU AI Act

Dream interpretation is performed by an AI model connected via our Cloudflare Workers API. The following transparency obligations apply:

  • The AI nature of all analyses is always clearly communicated to users.
  • Ethyria analyses do not replace professional psychological or therapeutic advice.
  • Input texts are used solely to generate the analysis and are not used to train AI models.
  • The Ethyria app and browser live analysis are classified as general-purpose AI applications at the lowest risk level under the EU AI Act (Regulation (EU) 2024/1689).

5. Data transfers to third countries

The following services transfer data to countries outside the EEA:

  • Cloudflare (USA): Certified under the EU-US Data Privacy Framework (DPF). Used for our API and CDN.
  • Stripe (USA): Certified under EU-US DPF. Payment processing on the website.
  • Google Play (USA): Payment processing for in-app purchases. Standard Contractual Clauses (SCC) under Art. 46 GDPR.
  • Sentry (USA): EU ingest endpoint active. No personal data transmitted.

An adequate level of data protection is ensured through DPF certification, standard contractual clauses or technical measures.

6. Your rights

Under the GDPR you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

Please direct requests to: support@ethyria.at

You also have the right to lodge a complaint with the Austrian Data Protection Authority: www.dsb.gv.at

7. Changes to this policy

We reserve the right to update this Privacy Policy as necessary. The current version is always available on this page. In the event of significant changes, registered users will be notified by email.

← Back to home | Legal Notice