Privacy Policy
Last updated: 30. 03. 2026
This Privacy Policy describes how The Operator collects, uses, and discloses information when you use the Nyxly mobile application (the “App”) on Android and iOS devices. The Operator is based in Germany and the App is available globally. This Privacy Policy is designed to comply with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.
The App does not require an account to use. All dream journal entries and user-generated content are stored locally on your device unless you explicitly choose to create a local backup or export files. The Operator has no access to this local data.
By using the App, you agree to the practices described in this Privacy Policy.
1. Information Collected
The Operator collects only the minimum information necessary to operate and improve the App. No account is created, and no personally identifiable information (such as name, email address, or phone number) is collected directly by the App.
Analytics Data
The Operator uses PostHog for anonymized analytics, hosted exclusively on EU servers at eu.i.posthog.com. All data sent to PostHog is anonymized and does not contain any personal identifiers. It may include aggregated usage statistics such as app opens, feature usage, session duration, and anonymized device information (e.g., device type or operating system version). This helps The Operator understand how the App is used and improve it.
Subscription Data
Monthly, yearly, and lifetime subscriptions are handled entirely by RevenueCat. RevenueCat processes payments through the Apple App Store or Google Play Store. The Operator does not collect or store any payment card details or other financial information. RevenueCat may provide The Operator with non-personal transaction information, such as subscription status, transaction IDs, last-seen timestamps, and technical device data (e.g., device type and operating system) necessary for managing subscriptions.
Device Permissions
- Face ID (iOS only): The App requests Face ID access solely to enable faster unlocking of the locked App. Biometric data is handled exclusively by Apple’s LocalAuthentication framework and is neither stored nor transmitted by the App.
- Storage Access: The App requests storage access only through the system file picker for user-initiated actions (e.g., creating local on-device backups or exporting dream entries as PDF or Markdown files). The App does not have full or background access to your device storage and does not scan or read files without your explicit consent via the picker.
Local Data
Dream journal entries, settings, backups, and any other user-generated content are stored locally on your device. The Operator has no access to, does not process, and does not store this data on any server.
The Operator does not collect location data, contacts, camera access (beyond Face ID for unlocking), or any other sensitive personal information unless you voluntarily provide it when contacting support.
2. Use of Information
The Operator uses the collected information solely for the following purposes:
- Providing, maintaining, and improving the App (including subscription management).
- Processing and verifying subscriptions through RevenueCat.
- Analyzing anonymized usage patterns to enhance user experience and App functionality.
- Responding to user support requests (if any).
- Complying with legal obligations.
3. Sharing of Information
The Operator does not sell any user data. Information is shared only as necessary with the following third parties:
- RevenueCat: As a data processor for subscription management and billing. RevenueCat receives limited technical and transaction data as described above.
- PostHog: For anonymized analytics on EU servers only.
- Apple and Google: For App distribution, payment processing (via App Store or Google Play), and platform compliance. These providers collect data according to their own privacy policies.
No other sharing occurs unless required by law or in the event of a business transfer (e.g., merger or acquisition), in which case affected users would be notified.
4. International Data Transfers
The Operator is located in Germany (EU). PostHog data remains entirely within the EU. Subscription-related data shared with RevenueCat (a U.S.-based service) may involve a transfer outside the EU. Such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) as set out in RevenueCat’s Data Processing Addendum and in accordance with GDPR requirements.
5. Data Retention
- Local dream journal data is retained on your device for as long as you choose to keep it and is deleted when you remove it or uninstall the App.
- Anonymized analytics data in PostHog is retained according to PostHog’s retention policies (typically short-term for aggregated insights).
- Subscription-related transaction data is retained only as long as necessary for billing, fraud prevention, and legal compliance.
6. Your Data Protection Rights (GDPR)
As an EU resident (or where GDPR applies), you have the following rights regarding any personal data The Operator processes:
- Right to access
- Right to rectification
- Right to erasure (“right to be forgotten”)
- Right to restrict processing
- Right to data portability
- Right to object to processing
Because the App collects minimal personal data and most content is stored locally on your device (which you fully control), exercising these rights is straightforward for any data held by The Operator. To exercise your rights or if you have questions, contact The Operator using the details below. The Operator will respond within one month (or as required by law).
7. Security
The Operator takes reasonable technical and organizational measures to protect any data under its control. However, local data on your device is protected by your device’s security features (e.g., passcode, biometric lock). The Operator cannot guarantee the security of data stored on your device.
8. Children’s Privacy
The App is not directed to children under the age of 13 (or 16 in certain jurisdictions). The Operator does not knowingly collect personal data from children. If you believe data from a child has been collected, please contact The Operator immediately.
9. Changes to This Privacy Policy
The Operator may update this Privacy Policy from time to time. The updated version will be posted within the App and the “Last updated” date will be revised. Continued use of the App after changes constitutes acceptance of the new policy.
10. Contact Information
If you have any questions, concerns, or wish to exercise your data protection rights, please contact The Operator at:
Loading...
Data Controller: The Operator (Germany)
This Privacy Policy is provided as a template tailored to the described App features and practices. It is recommended to have it reviewed by a qualified legal professional to ensure full compliance with applicable laws in your jurisdiction.