← Back to Docs

Privacy Policy

Last Updated: June 10, 2026

Who We Are

Data Controller: Euphora Labs, TOO

Registered Address: Krylova 44, Karaganda, Kazakhstan

Contact: [email protected]

UK Representative (Article 27 UK GDPR): Ilya Tsymbal, Room 1603F, Block A, White Rose View, 16 Merrion Way, Leeds LS2 8PT

EU Representative (Article 27 EU GDPR): In the process of being appointed. This policy will be updated with their details.

What Data We Collect

Data Stored on Your Device

Your personal content is encrypted on your device using AES-256-GCM. The encryption key is held in the iOS Keychain, and may sync through iCloud Keychain if you have it enabled, so your data can be restored on a new device. We cannot access or read this data.

Encrypted on your device:

Stored in your iOS app settings on your device:

Data Processed for AI Phrasing

When the app generates personalized texts, data is sent from your device through our backend to Anthropic for AI processing. Depending on the moment, this may include:

This data transits our backend servers but is not stored on them. It is forwarded to Anthropic for processing and discarded from our servers immediately after the response is returned.

Subscription Data

When you subscribe, Apple processes your payment. RevenueCat manages your subscription status on our behalf. Data processed includes:

We do not receive or store your payment card details, billing address, or Apple ID.

Technical Data

Anonymous Analytics

We use PostHog (EU hosting) to collect anonymous usage signals (e.g., "app opened", "promise created"). Each device is identified by an anonymous identifier generated locally; we do not create user profiles. IP addresses are processed by PostHog only to derive approximate region and are not stored with analytics events. No personal content or identifiable information is collected.

Big Five Test on the Website

The website at nightmare.app/test hosts an optional personality test. Your answers to the 10 questions are processed entirely in your browser and never leave your device.

What we store on Upstash Redis (EU):

The random code: to transfer your scores to the iOS app without retaking the test.

Anonymous usage counters: to understand how the test is used.

The random code cannot be used to identify you and is not linked to any other data we hold. Using the code in the app is optional: you can always skip it and take the identical test directly in the app instead.

Why We Process Your Data

The data described under "Data Processed for AI Phrasing" is necessary to generate your personalized texts. If it is not available, the app continues to function, but those texts cannot be generated.

Who Receives Your Data

We do not sell, rent, or share your personal data for advertising or marketing purposes. No third party uses your data for AI model training.

International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence:

Data Retention

Your Rights

Under UK GDPR, EU GDPR, and applicable data protection laws, you have the right to:

Since your data is stored locally on your device, you can access, edit, export, or delete it directly in the app (Settings > Backup & Export or Settings > Delete All Data).

To exercise any right or ask questions: [email protected]. We respond within one month.

Personality Assessment & AI-Generated Content

Big Five Personality Assessment

The app includes a personality assessment based on the Big Five (OCEAN) model: a short version taken during onboarding and a deeper calibration completed inside the app. Your scores reflect tendencies, not a clinical assessment or a fixed label. They are stored locally on your device, and when the app generates personalized texts, they are included in the data sent to Anthropic to personalize the tone and framing.

AI-Generated Content

Personalized texts in the app are generated by artificial intelligence (Anthropic Claude). The app's decisions are made by deterministic logic on your device; AI is used to phrase the resulting texts. AI output may contain inaccuracies, errors, or inappropriate content. AI output does not constitute professional advice of any kind.

Nightmare is not therapy, medical advice, diagnosis, or mental health treatment. The AI is not a licensed professional. Do not use it for crisis situations, diagnosis, or treatment decisions. If you need support, contact a qualified mental health professional or emergency services: 999 (UK), 988 (US), 112 (EU).

Data Security

Children's Privacy

Minimum Age

Nightmare is for users aged 13 and older.

If You Are Under 13

We do not knowingly collect personal data from anyone under 13. If you are under 13, please do not use Nightmare. If a parent or guardian informs us that their child under 13 has used the app, we will delete any data we can associate with that child's device. Parents can also remove all local data themselves by using the "Delete All Data" button in the app's Settings.

If You Are Between 13 and 17

You may use Nightmare. Some countries require a parent or guardian's permission for users under a certain age. By using Nightmare, you confirm that you have any parental permission required in your country.

How We Protect Younger Users

The privacy protections described throughout this policy apply equally to users of all ages. This includes on-device encryption, no advertising or data sales, anonymous analytics only, and no required accounts or personal information.

For Parents

If you are a parent or guardian and have questions about your child's data, you can:

Email us at [email protected].

For US Residents

We do not sell your personal information. We do not share personal information for targeted advertising. We do not use sensitive personal information for purposes beyond what is disclosed in this policy.

Under applicable US state privacy laws (including the California Consumer Privacy Act, as amended), you have the right to:

We will not discriminate against you for exercising these rights.

To exercise your rights: [email protected]

Complaints

If you have concerns about how we handle your data:

  1. Contact us: [email protected]
  2. UK: Information Commissioner's Office
  3. EU: Your local Data Protection Authority

Changes to This Policy

We may update this policy. Material changes will be reflected by an updated "Last Updated" date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact

Euphora Labs, TOO

Address: Krylova 44, Karaganda, Kazakhstan

Email: [email protected]