Privacy policy
Last updated: 30 September 2025
Who we are. Ruya is owned and operated by Lifetoweb LTD (Company No. 09877182), Demsa Accounts 565 Green Lanes, Haringey, London, England, N8 0RL. Contact us at support@ruya.co.
Data controller. For the Services described below, the data controller is Lifetoweb LTD.
Languages. We support many languages and may add more over time. Translations help you understand the policy, but English UK (en-GB) is the original and legally correct version if anything differs.
1) What this policy covers
This policy explains how we collect, use, and protect your personal data when you use:
- Main website: ruya.co (info, blog, cookie settings)
- Web app: web.ruya.co (your account and entries)
- Mobile apps: Ruya for Android and iOS (your account and entries)
We call these the Services.
2) The data we collect
a) Account data
- What we collect: Display name, email, and password (if you create a local login).
- Sign in with Apple/Google: We receive your email and a name/username from them.
- Why: To create your account and keep you signed in.
b) Your content
- Entries: Dreams, Diaries, Life Events you add to your timeline.
- AI Dream Interpretation (optional): If you choose this, the entry you select is sent to our AI to generate an interpretation based on a framework you pick.
- Voice dictation (mobile apps only): Speech-to-text happens on your device. We receive only the text you submit. The web app does not support voice dictation.
- Scan dictation (camera scanning): We use Azure AI to scan a document/photo to fill inputs. We do not keep the image on our servers.
c) Cookies and analytics
- Necessary cookies (all apps and sites): Language selection and authentication (to keep you logged in).
- Analytics (ruya.co only): Google Analytics and Microsoft Clarity, and only if you allow it. Manage your choice at ruya.co/pages/manage-cookies.
- No third-party cookies in web.ruya.co or the mobile apps.
d) Technical data
- IP address, device type, app version, and crash info (to keep things secure and fix problems).
- Operational logs: We do not log your entry contents.
Important: We only share dream/entry data with our AI to provide interpretations. We do not sell your data. There are no public sharing features today.
3) What we use your data for (and legal reasons)
Purpose | Data used | Legal basis |
---|---|---|
Create and manage your account | Account data | Contract |
Free journaling timeline | Your entries | Contract |
AI dream interpretations (optional) | Selected entry content | Consent + Contract |
Trials and subscriptions | Account data; subscription status | Contract |
Keep Services secure and fix issues | Technical data; crash info | Legitimate interests (security, fraud prevention) |
Analytics on ruya.co | Cookie/usage data (if allowed) | Consent |
Legal compliance | Minimal data as required | Legal obligation |
4) Subscriptions (RevenueCat)
We manage in-app purchases and subscriptions using RevenueCat. We identify your subscription with a stable App User ID. We do not share your email with RevenueCat. If you delete your account, we also clear your RevenueCat customer record to complete the deletion.
5) Emails we send (from Azure)
We use an email service on Microsoft Azure to send essential account emails only: sign-up, email verification, and password reset.
6) AI processing (Azure OpenAI)
When you ask for an AI interpretation, your selected entry is sent to Azure OpenAI to generate the result. Microsoft states they do not use your data to train their base models. Requests and responses may be stored for up to 30 days (encrypted, restricted access) to debug failures, investigate abuse, or improve content filters for flagged prompts or completions.
7) Sharing your data
- Microsoft Azure (hosting, database, AI processing as above)
- Sign-in providers (Apple/Google) if you choose them
- Analytics on ruya.co (Google Analytics, Microsoft Clarity) if you consent
- RevenueCat for subscription management (App User ID only)
- App stores (Apple App Store, Google Play) for in-app purchases
- Payment partner if you pay on the web (we do not store card details)
- Email provider on Azure for account emails
- Professional advisers or authorities if required by law or to protect rights and safety
We do not allow advertisers to access your entries.
8) Where we store and process data
We host on Microsoft Azure. Your data may be processed in the Azure region(s) we use and, for AI, in Azure regions that host Azure OpenAI. If data leaves the UK/EEA, we use lawful safeguards such as Standard Contractual Clauses (SCCs) and the UK Addendum, as provided by Microsoft and our processors.
9) Data retention and deletion
- You control your data. You can delete any entry and it is removed instantly and permanently. You can also delete all entries, then delete your account.
- Where to delete: Use the Profile page (or the Profile link in the app) to delete entries and your account.
- Operational logs: We do not log entry contents.
- Backups: We keep encrypted database backups for 30 days to recover from rare disasters. Deleted items disappear when backups roll over after 30 days.
10) Intended use and misuse
We designed Ruya to journal real dreams, diaries, and life events and to offer optional AI interpretations. To keep the Service fair and safe, we may process minimal technical or abuse-prevention data to detect and stop misuse (for example, automating access, exploiting features, or account sharing), consistent with this policy and our Terms.
11) Your privacy rights (worldwide)
Wherever you live, you can ask us to:
- Access your data
- Correct your data
- Delete your data (entries and account)
- Download or port your data
- Object to or restrict certain uses
- Withdraw consent (for things like analytics cookies and optional AI features)
To use these rights, email support@ruya.co. We may ask you to verify your identity. We aim to reply within one month, or the time required in your region.
Regional notes
- EEA/UK (GDPR): You have rights to access, rectification, erasure, restriction, portability, and objection. You can complain to your local authority (for example, the UK ICO).
- California (CCPA/CPRA): We do not “sell” or “share” your personal information for cross-context behavioural advertising. You have rights to know, delete, correct, and not be discriminated against for exercising your rights. If we ever start “sharing,” we will add a “Do Not Sell or Share My Personal Information” option.
- Brazil (LGPD): Rights include confirmation of processing, access, correction, anonymisation, blocking, deletion, portability, and complaint to the ANPD.
- Canada (PIPEDA): Rights to access and correct personal information and to complain to the OPC.
- Australia (Privacy Act): Rights to access and correct personal information and to complain to the OAIC.
12) Children’s privacy
Our AI interpretation service is not for anyone under 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child used Ruya and shared personal data, contact us and we will delete it.
13) Security
- HTTPS (SSL) for all connections
- Data stored on Microsoft Azure with strong security controls
- Access to production systems is limited to authorised staff
If a data breach occurs that risks your rights or freedoms, we will notify you and, where required, the relevant authority.
No system is 100% perfect, but we work hard to protect your data.
14) Cookies
- Necessary (all apps and sites): Language and authentication cookies.
- Analytics (ruya.co only): Google Analytics and Microsoft Clarity (optional). Manage at ruya.co/pages/manage-cookies.
- No third-party cookies in web.ruya.co or the mobile apps.
15) Links to other websites
Sometimes we link to other sites. We do not run those sites. Please read their privacy policies, as we are not responsible for their content or practices.
16) If we add sharing features in the future
We may add a feature that lets you share your own content (for example, a dream or AI-generated image or video). If we do:
- Sharing will be off by default and fully controlled by you.
- You choose exactly what to share and with whom.
- You can stop sharing or delete shared items at any time.
- We will update this policy and in-app screens before it goes live.
17) If we sell or restructure our business
If we sell, merge, or restructure our company, your data may transfer to the new owner so the Services can continue. The new owner must honour this Privacy Policy (or one that is just as protective). We will tell you about the change and your choices. You keep your rights, and you can delete your account and entries if you do not want to continue.
18) Law enforcement and legal requests
We only disclose information when we are legally required to do so, and we will push back on requests that are too broad. Where the law allows, we will notify you before sharing your information.
19) Automated decisions
AI interpretations help you understand your dreams. They do not produce legal or similarly significant effects about you. You can always choose not to use AI features.
Complaints
If you are unhappy with how we handle your personal data, please email support@ruya.co. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local data protection authority.
21) Changes to this policy
We may update this page sometimes. We will change the “Last updated” date at the top when we do.
22) Contact us
Questions or privacy requests? Email support@ruya.co.