Privacy Policy

Last updated: February 2026

Data Collected

We collect the following categories of personal and health data when you use Dream Sequence:

  • Account information: name, email address, and hashed password.
  • Health data: sleep, heart rate, workout, and stress metrics imported from Oura Ring, CSV files, or manual entry.
  • Device tokens: hashed identifiers for NFC/RFID/BLE wristbands used in installation check-ins.
  • Usage data: audit logs of actions performed (login, data access, consent changes) for security and compliance.

How We Use Your Data

  • Display your health metrics on your personal dashboard.
  • Enable check-in experiences at physical installations (with your consent).
  • Share anonymized, scope-limited data with installation artists (only when you explicitly enable “Allow Artist Access”).
  • Provide data export for your personal records (GDPR right to portability).

Data Storage & Security

  • Health data is encrypted at rest using AES-256-GCM.
  • Passwords are hashed with bcrypt (cost factor 12).
  • Device identifiers are stored as HMAC-SHA256 hashes, never in plaintext.
  • Sessions use JWT tokens with 24-hour expiry and secure, HTTP-only cookies.
  • Data is stored in PostgreSQL hosted by Vercel (or your self-hosted instance).
  • All connections use HTTPS with HSTS enforcement.

Third Parties

We integrate with the following third-party services:

  • Oura: OAuth integration to import ring data. We store your access token (encrypted) to fetch data on your behalf.
  • Google: Optional sign-in via Google OAuth. We receive your name, email, and profile picture.
  • Vercel: Hosting and database infrastructure.

We do not sell your data to any third party.

Your Rights

  • Access: Export all your data at any time from Settings.
  • Deletion: Delete your account and all associated data from Settings. Audit logs are retained for compliance but contain no health data.
  • Correction: Edit or re-import your health records at any time.
  • Consent withdrawal: Revoke artist/admin data access at any time from Settings. Changes take effect immediately.
  • Portability: Download your data as JSON via the export feature.

Contact

For privacy-related inquiries, please contact the project maintainer via the repository at GitHub.

Terms of ServiceSign InDashboard