Legal

Privacy Policy

Effective: January 1, 2026. Last updated: January 1, 2026.

Who We Are

Lens Journal ("Lens") is offered by Dreamers Anonymous LLC ("we," "us," "our"). We are the data controller (under GDPR/UK GDPR) and the business (under CCPA/CPRA) responsible for your personal information when you use Lens.

Contact: For privacy questions, requests, or complaints, email us at support@lensjournal.app. For postal mail: Dreamers Anonymous LLC, 1401 21st St Ste R, Sacramento, CA 95811.

If we appoint a Data Protection Officer (DPO) for relevant jurisdictions, we will publish their contact details here and in our app.

What This Policy Covers

This Privacy Policy describes how we collect, use, share, and protect your information when you use Lens — our website, apps, and services. It applies to all users, including those in the United States, the European Union, the United Kingdom, and elsewhere. We have included specific sections and rights for certain regions (e.g., California, EU/EEA, UK) and a "Global notices" section for other jurisdictions.

Data We Collect

We collect information you provide directly, information we get when you use Lens, and (where applicable) information from third parties. Categories include:

  • Account data: Email address, name (if you provide it), and identifiers from our authentication provider (e.g., Clerk) so you can sign in and we can associate your data with your account.
  • User-generated content: Journal entries (reflections), titles, and any optional tags or labels you add. This is the core content you create in Lens.
  • Derived data: Themes, summaries, or other outputs generated from your entries (e.g., lens responses, pattern notes). We describe how this is created in the "How AI processing works" section below.
  • Usage and diagnostic data: We keep this minimal. It may include device type, browser, general usage (e.g., that a feature was used), and error logs to improve stability. We do not routinely log the full text of your reflections for analytics.
  • Payment data: Payment is processed by our payment provider (e.g., Stripe). We do not store full card numbers; we may receive and store billing-related identifiers (e.g., last four digits, subscription status) as needed to manage your plan.
  • Support communications: If you contact us for help, we keep the content of your messages and our replies so we can assist you and improve support.

How We Use Data

We use your information to:

  • Provide the service: Save and display your entries, show your reflection history, and manage your account and subscription.
  • Power AI features: Generate lens responses (reflective replies based on what you wrote) and, where your plan allows, surface patterns or summaries over time. We do not use your content to train general-purpose models for other users.
  • Safety routing: Our systems may detect signals in your text (e.g., related to self-harm or harm to others) to route responses appropriately (e.g., gentle check-in or crisis-resource message). We do not store unnecessary raw text for safety logging by default; we may retain minimal structured metadata where needed for safety and improvement.
  • Security and abuse prevention: Protect Lens from fraud, abuse, and unauthorized access.
  • Legal compliance: Comply with applicable laws, respond to lawful requests, and enforce our terms.

Lawful Bases (GDPR / UK GDPR)

For users in the EU/EEA and UK, we process personal data on the following bases:

  • Contract: Processing necessary to provide Lens (account, entries, AI responses, payments).
  • Legitimate interests: Security, fraud prevention, product improvement using minimal data, and defending our rights, where not overridden by your interests.
  • Consent: Where we ask for it — e.g., optional analytics or marketing emails — you can withdraw consent at any time.
  • Legal obligation: Where we must process data to comply with law.

How AI Processing Works

Lens uses AI to generate reflective responses (e.g., Reflect, Clarify, Orient lenses) and, on higher tiers, to help surface patterns over time. We send only the text necessary for that response (e.g., the current reflection) to our AI provider(s). We do not use your journal content to train models for other products or users.

What we do not do: Lens is not therapy, medical care, or diagnosis. Our AI does not perform emotion recognition, biometric categorization, or mental-health diagnosis. Outputs are reflective and non-authoritative — they are meant to support your own reflection, not to tell you what to do or what you "are."

Safety and crisis: Lens is not a crisis or emergency service. If our systems detect language that may indicate risk to yourself or others, we may route you to a calmer response or crisis resources. We do not guarantee crisis intervention; if you are in danger, please contact emergency services or a crisis helpline.

Sharing & Disclosures

We share data only as described here. We do not sell your journal entries or reflection content.

Service Providers: We use a small number of trusted service providers to operate Lens. These providers process data on our behalf and only as necessary to deliver the service.

Examples include:

  • Hosting and infrastructure (e.g., Vercel)
  • Authentication (e.g., Clerk)
  • Payments (e.g., Stripe)
  • AI processing (e.g., OpenAI)
  • Analytics (if used, with minimal data)

These providers are contractually required to protect your information and may only use it to provide services to us.

Legal Requests: We may disclose information when required by law, court order, or government request, or when we believe disclosure is necessary to protect rights, safety, or property.

Business Transfers: If we merge, sell, or transfer assets, your information may be transferred as part of that transaction. We will notify you of any change in control where required.

California "Sale" and "Share": We do not sell personal information as defined under the CCPA/CPRA. We do not share personal information for cross-context behavioral advertising. If our practices change, we will update this policy and provide a way to opt out where required.

International Transfers

We are based in the United States. If you are in the EU, UK, or another region with strict transfer rules, your data may be transferred to and processed in the U.S. or elsewhere. Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement (or addendum) to protect your information.

Data Retention

We retain your information as long as your account is active and as needed to provide Lens, comply with law, and resolve disputes. Retention periods are determined based on the nature of the data, the purpose for which it is used, and applicable legal requirements. We do not delete your reflections simply because you downgrade or pause your plan — your content remains stored; access may depend on your plan. If you request deletion, we will delete or anonymize your data subject to legal exceptions (e.g., backups, legal hold, legitimate interest). Backups may retain data for a limited period after deletion.

Security

We use encryption in transit (e.g., TLS) and encryption at rest where appropriate. We limit access to your data to those who need it to operate Lens. No system is completely secure; we work to protect your information and will notify you of breaches where required by law.

Your Choices & Rights

GDPR / UK GDPR: You have the right to access, rectify, erase, restrict processing, data portability, object to certain processing, and withdraw consent where applicable. You may lodge a complaint with a supervisory authority in your country.

U.S. state laws (e.g., California, Virginia, Colorado, Connecticut): You may have the right to know what we collect, to delete, to correct, to opt out of sale/share, and to limit use of sensitive personal information where applicable. We do not discriminate against you for exercising these rights. Some states allow an appeal if we decline a request; we will provide information about that when relevant. California residents may use an authorized agent subject to verification. Where required by law, we will provide an appeals process for denied requests and instructions on how to submit an appeal.

To exercise your rights, contact us at support@lensjournal.app. We will verify your identity and respond within the timeframes required by law.

Cookies & Tracking

We use a minimal set of cookies and similar technologies — for example, to keep you signed in and to understand how the site is used (e.g., analytics). We do not use your journal content for advertising. Where we use non-essential cookies, we will obtain consent where required. You can adjust cookie settings in your browser; some features may not work if you disable essential cookies. We describe our approach to "Do Not Track" and similar signals in our cookie notice or settings, where available.

Children

Lens is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly. If you believe a child has provided us data, please contact us at support@lensjournal.app.

Changes To This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and change the "Last updated" date. For material changes, we may notify you by email or through the product. We encourage you to review this policy periodically.

Contact

For privacy questions, requests, or complaints: support@lensjournal.app. Mailing address: Dreamers Anonymous LLC, 1401 21st St Ste R, Sacramento, CA 95811.

Global Notices

In addition to the rights above, residents of other jurisdictions may have specific rights:

  • Canada (PIPEDA): You may access and correct your information and file a complaint with the Office of the Privacy Commissioner.
  • Brazil (LGPD): You have rights to access, correction, anonymization, portability, and deletion, and may lodge a complaint with the ANPD.
  • Australia (Privacy Act): You may access and correct your information and complain to the OAIC.
  • Japan (APPI): You may request disclosure, correction, and cessation of use, and may lodge a complaint with the relevant authority.
  • Singapore (PDPA): You may access and correct your data and complain to the PDPC.

To exercise any of these rights, contact us at support@lensjournal.app.