Open Dream

Privacy Policy

Last updated: June 8, 2026 · Effective: June 8, 2026

This Privacy Policy describes how Open Dream Studios (“Open Dream”, “we”, “us”, or “our”) collects, uses, shares, and protects information when you use our applications, websites, and services (collectively, the “Service”). The Service includes the Open Dream web application, the Open Dream mobile applications for iOS and Android, and the backend infrastructure that supports them.

By creating an account or using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

1. Who We Are

Open Dream is a project-management and operations platform built for internal teams. Each customer (a “Project Owner”) creates one or more “Projects” inside the Service and invites collaborators — typically the Project Owner's employees, contractors, or partners — to participate in that Project. Inside a Project, authorized users manage information such as customers, products, jobs, tasks, employees, scheduling, media, and similar operational data on the Project Owner's behalf.

Where the Service is used by an organization (the Project Owner), that organization is the controller of the data stored in its Project, and Open Dream acts as a processor (or sub-processor) of that data. For data we collect directly from individual users to operate the Service itself (such as account credentials), Open Dream is the controller.

Contact for privacy questions: Open Dream Studios — opendreamstudios@gmail.com.

2. Information We Collect

2.1 Account Information

When you create an account, sign in, or are invited to a Project, we collect:

  • Email address
  • First and last name
  • Profile photo URL (only when you sign in with Google or Apple and the identity provider supplies it)
  • A unique authentication identifier issued by Firebase Authentication
  • The identity provider you used (email/password, Google, or Apple)
  • Optional profile settings you choose (display theme, etc.)

2.2 Project Content

While using a Project, the Service stores the information that authorized users enter into it. Depending on which features the Project Owner uses, this may include:

  • Information about end customers of the Project Owner's business, including names, email addresses, phone numbers, mailing addresses, and free-form notes
  • Information about employees or contractors of the Project Owner, including names, email addresses, phone numbers, mailing addresses, employment-related fields such as position, department, wage, hire date, and time-clock records
  • Information about products, inventory, jobs, tasks, scheduling, and the relationships between them
  • Media files (images, videos, and similar) that users upload to the Project
  • Free-form notes, descriptions, and metadata associated with the above
  • Optional configuration data, including integration credentials that the Project Owner provides

Project Content belongs to the Project Owner. Open Dream stores and processes it on the Project Owner's behalf in order to provide the Service.

2.3 Payment and Billing Information

If a Project Owner subscribes to a paid plan, we use Stripe to process payments. We do not store full payment card numbers on our servers. Stripe collects and processes payment-card information directly. We receive limited billing metadata from Stripe (subscription status, last four digits of the card, billing email, invoice history) needed to operate the subscription.

2.4 Usage and Device Information

When you use the Service, we automatically collect limited technical information needed to operate it securely:

  • IP address and approximate location derived from IP
  • Browser type, operating system, and application version
  • Device identifiers needed by the mobile applications
  • Log data describing actions taken in the Service (for example, that an upload completed or that a record was modified)
  • Error and crash data needed to diagnose problems

We do not use cookies or similar tracking technologies for advertising or cross-site tracking.

2.5 Information From Third-Party Identity Providers

If you choose to sign in with Google or Apple, the provider sends us the basic identity information needed to create or look up your account (typically your email address, a stable user identifier, and your name). We do not receive your password from the provider. Where Apple's “Hide my email” feature is used, we receive a relay address rather than your real email and we honor that throughout the Service.

2.6 Optional Communications

If you contact us by email, we receive your email address and the contents of your message. We use this only to respond to your inquiry.

3. How We Use Your Information

We use the information described above for the following purposes:

  • To create and maintain your account
  • To authenticate you and protect the security of your account and the Service
  • To provide the features of the Service, including storing, retrieving, and synchronizing Project Content across the authorized users of a Project
  • To deliver media you upload and to generate compressed or derivative versions of that media for efficient delivery
  • To process subscription payments and to send transactional messages related to your subscription
  • To send required service messages such as security alerts, password reset emails, invitation acceptances, and changes to this Privacy Policy
  • To diagnose and resolve technical problems and to improve the reliability of the Service
  • To comply with applicable law and to enforce our Terms of Service

We do not sell your personal information. We do not use your information or your Project Content for advertising, marketing profiling, or training of generative AI models that are not owned or operated by Open Dream.

4. How We Share Your Information

We share information only as described below.

4.1 With Other Users of Your Project

Information you place into a Project is visible to other users that the Project Owner has authorized for that Project. The Project Owner controls who is invited and what level of access each user has.

4.2 With Our Service Providers (Sub-Processors)

We use a small set of trusted service providers to operate the Service. Each provider has access only to the categories of information needed to perform its function and is bound by data protection terms. Our current sub-processors include:

  • Google LLC — Firebase Authentication, Firebase Admin SDK, and related identity services
  • Apple Inc. — Sign in with Apple (only when you choose Apple as your sign-in method)
  • Amazon Web Services, Inc. — Amazon S3 for media storage and content delivery
  • Railway Corporation — server hosting
  • Vercel Inc. — web application hosting and edge delivery
  • Stripe, Inc. — payment processing for paid subscriptions
  • Twilio Inc. — outbound text messaging for Projects that enable SMS features
  • Resend, Inc. — transactional email delivery
  • Anthropic, PBC and OpenAI, Inc. — text-generation features inside Projects that have opted into them; content sent to these providers is processed under their respective enterprise data-handling terms and is not used to train their public models

A Project Owner that connects an additional third-party integration inside a Project (for example, a calendar, a website builder, or a phone system) authorizes data to flow to that third party. Those third parties act under their own privacy policies.

4.3 Legal and Safety Disclosures

We may disclose information if we believe in good faith that doing so is required to comply with law, valid legal process, or a lawful government request, or to protect the rights, property, or safety of Open Dream, our users, or the public.

4.4 Business Transfers

If Open Dream is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction. We will notify you of any such transfer that materially affects your data and your choices about it.

5. Where Your Information Is Stored and How We Protect It

The Service is operated from the United States. By using the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States.

We use commercially reasonable administrative, technical, and organizational measures to protect your information. These include TLS encryption in transit between your device and our servers, encryption at rest for stored media and database backups, scoped access controls for our team, periodic backup of database state, and the use of Firebase Authentication as our identity layer (which provides industry-standard token-based authentication, secret rotation, and protection against credential abuse).

No system is perfectly secure. We cannot guarantee absolute security of information you provide.

6. How Long We Keep Your Information

We retain account information and Project Content for as long as your account remains active. When you delete your account or when a Project Owner deletes a Project, we delete the associated data within a commercially reasonable period, subject to:

  • Backup retention windows of up to ninety (90) days, after which backups are overwritten
  • Records we are legally required to keep (for example, tax, billing, or fraud-prevention records)
  • De-identified or aggregated data that can no longer be linked to you

Project Content created by a deleted user that is owned by the Project (for example, customer records, products, jobs, media) is retained in the Project unless the Project Owner deletes it.

7. Your Privacy Rights and Choices

You have the following rights with respect to information we hold about you. Depending on the law that applies to you, some of these rights may be subject to exceptions:

  • The right to access the personal information we hold about you
  • The right to correct inaccurate personal information
  • The right to delete your account and the personal information tied to it (see Section 8 below)
  • The right to receive a portable copy of your personal information in a structured, commonly used format
  • The right to object to or restrict certain processing
  • The right to withdraw consent where processing relies on consent
  • The right to lodge a complaint with a data protection authority

To exercise any of these rights, contact us at the email address above. We will respond within the time required by applicable law (generally within thirty (30) days).

If you are using the Service as an invited collaborator of a Project, some of these requests may need to be made through, or coordinated with, the Project Owner, because the Project Owner is the controller of the Project Content.

8. Account Deletion

You can delete your account at any time, from inside the Open Dream app or from the web application, by opening Settings and selecting “Delete account”. Confirming the deletion will:

  • Permanently delete your user record from our database, including your name, email, profile photo URL, and stored preferences
  • Permanently delete your Firebase Authentication user, which revokes all of your active sign-in sessions
  • Remove your access to any Projects you were a member of

Project Content that the Project owns (customer records, product records, media files, etc.) remains with the Project, because the Project Owner is the controller of that data. If you wish to also remove Project Content that you contributed, contact the Project Owner or contact Open Dream and we will assist where we are able.

You may also request account deletion by emailing us at the address above. We will complete the deletion within thirty (30) days, subject to the limited backup-retention exceptions described in Section 6.

After your account is deleted, you will no longer be able to sign in to the Service. The deletion is permanent and cannot be undone.

9. Children's Privacy

The Service is not directed to children under the age of thirteen (13). We do not knowingly collect personal information from children under thirteen (13). If you believe a child has provided personal information to us, please contact us and we will delete it.

The Service is generally not intended for individual end-consumers under the age of sixteen (16). Project Owners are responsible for ensuring that any users they invite are of an appropriate age under applicable law.

10. International Transfers

We process information in the United States. If you access the Service from outside the United States, you consent to the transfer of your information to and processing in the United States, which may have different data-protection rules than the country in which you reside.

11. California and Other U.S. State Disclosures

If you are a resident of California or another U.S. state that grants specific consumer privacy rights (including Colorado, Connecticut, Utah, and Virginia), you have the rights described in Section 7.

We do not sell or share personal information for cross-context behavioral advertising. We have not done so in the preceding twelve (12) months.

The categories of personal information we collect, the purposes for which we collect them, and the categories of third parties we share them with are described in Sections 2, 3, and 4 above. We retain information as described in Section 6.

You may designate an authorized agent to make a request on your behalf. We may require the agent to provide proof of your written permission.

We will not discriminate against you for exercising any of your rights.

12. European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent local law applies. The legal bases on which we rely to process your information are:

  • Contract: to provide the Service you have requested
  • Legitimate interests: to secure the Service, prevent abuse, diagnose problems, and improve reliability
  • Consent: where you have given specific consent (for example, to receive optional communications)
  • Legal obligation: to comply with applicable law

You have the rights listed in Section 7, plus the right to lodge a complaint with your local data protection authority.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the “Last updated” date above. If you continue to use the Service after a change takes effect, you accept the updated Privacy Policy.

14. Contact Us

If you have questions, comments, or requests regarding this Privacy Policy or our handling of your information, contact us:

Open Dream Studios — opendreamstudios@gmail.com


See also the Open Dream Terms of Service and the Open Dream overview.