Privacy Policy

DreamWiz is operated by Goose Goose, LLC, a Delaware limited liability company, running the service at dreamwiz.ai.

If you have privacy questions or want to exercise the rights described below, write to [email protected].

Account data: your email address, supplied through Supabase Auth's magic-link sign-in. We do not store passwords.

Book inputs: the natural-language descriptions you submit for each book (up to 100,000 characters) and any reference photos you upload. Reference photos may include images of children — by intended use, your own children.

Generated content: the AI-generated images and narration text bound to your account.

Payment data: handled by Stripe. We receive only metadata Stripe sends us (card brand, last 4 digits, expiry) — never the full card number or CVC.

Telemetry: minimal error reports via Sentry, with personally identifying information scrubbed before transmission. We do not run advertising or behavioral-tracking analytics.

We use the data above to provide the picture-book generation service: generating images and text based on your inputs, storing your books, and showing them to you in the reader.

We use your email to bill the subscription (via Stripe), to send transactional messages (magic links, book-ready notifications, billing receipts), and to respond to your support requests.

We use de-identified, aggregate metrics to improve quality and reliability — for example, average page-generation time across all books. We do not train AI models on user content. We do not sell user data.

DreamWiz is intended for use by parents and guardians, not directly by children. Account holders must be at least 18 years old.

Photos uploaded by a parent may depict the parent's own child or children. By uploading, the parent affirms they are the child's parent or legal guardian and consents — on the child's behalf — to the processing described in this policy.

We do not knowingly accept accounts created by children. If we learn that a child has created an account, we will close it. Children's photos are used solely to generate the picture book the parent requested, are not shared except with the subprocessors listed below, are never used to train AI models, and are never used for any other purpose.

Parents may request deletion of any uploaded photo at any time by emailing [email protected]. Deletion completes within 30 days.

We share data with the following service providers strictly to operate DreamWiz. Each one is bound by its own privacy commitments — links go to their policies.

Account data, uploaded photos, and generated books are kept while your account is active.

When you request account deletion (by emailing [email protected]), all account data — including uploaded photos and generated content — is removed from our active systems within 30 days. Database backups are retained for up to 90 days before being purged.

We may retain anonymized aggregate metrics (page counts, average latency, and similar) indefinitely; these contain no information that could identify any individual.

Regardless of where you live, you can ask us to access the data we hold about you, correct inaccuracies, delete your account and content, or provide a machine-readable export of your data where feasible. Email [email protected] with the request and we will respond within 30 days.

California residents have additional rights under the CCPA, including the right to opt out of any sale of personal information. We do not sell personal information, so there is nothing to opt out of — but you may still request access and deletion as described above.

EU/UK residents have rights under the GDPR / UK GDPR. We honor these on a best-effort basis. DreamWiz is a US-based small business and does not currently target the EU market; if you need a Data Processing Agreement or a specific regulator contact, please reach out.

Data is encrypted in transit (TLS) and at rest (via Supabase and DigitalOcean's storage encryption). Access to production systems is limited to the founder at this stage.

We review the security posture at least once per year and after any meaningful change to the infrastructure.

DreamWiz uses two cookies, both essential: an authentication session cookie (set after sign-in) and a locale preference cookie called dw-locale. We do not use advertising cookies or behavioral-analytics cookies.

The reader's narration display mode is saved in browser localStorage (key dw-reader-narration-mode), not in a cookie.

Our servers and subprocessors are located in the United States. If you access DreamWiz from outside the US, you understand that your data is transferred to and processed in the US.

We will post updates to this policy on this page with a new Last updated date. For material changes affecting how we use your data, we will also send a notice to the email address on your account.

Privacy questions: [email protected].

General support: [email protected].