Reverie Memories Imagined memory images.
Home Terms Support Sign in

Privacy Notice

How Reverie Memories handles private material.

Reverie Memories is built around private imagined-memory images. This notice explains what we collect, why we collect it, how we protect it, and how you can ask for review, correction, deletion, or access.

Effective date
July 1, 2026
Analytics
Aggregate first-party counts only.
Privacy requests
Open the report form

1. Information we collect

Depending on how you use Reverie Memories, we may collect:

  • account information such as email address, optional display name, session state, and invite status;
  • authentication information such as password credentials, TOTP factor metadata, passkey public credential metadata, OAuth profile identifiers, and security timestamps;
  • uploaded moment photos and person photos;
  • prompts, relationship selections, saved notes, moment metadata, generated result metadata, and private generated images;
  • support and report information such as category, short non-sensitive context, report IDs, lookup codes, status, and optional follow-up email;
  • limited operational metadata needed to serve requests, protect accounts, debug failures, prevent abuse, and maintain deletion/audit records.

2. How we use information

We use information to:

  • create and secure your account;
  • store private uploads and generated results in your account;
  • queue and process imagined-image generation;
  • show, download, delete, and review your moments;
  • operate invite, waitlist, passkey, password, TOTP, and OAuth flows;
  • investigate reports, takedown requests, abuse attempts, security events, and product failures;
  • maintain aggregate launch-health analytics without private content.

3. What we do not do

  • We do not sell your photos, prompts, generated results, or account information.
  • We do not use third-party ad pixels, session replay, heatmaps, or behavioral ad tracking in the current launch surface.
  • We do not store payment card details because live billing is not enabled in the current MVP.
  • We do not intentionally put prompts, image bytes, R2 object keys, account secrets, OAuth tokens, provider payloads, or payment identifiers into ordinary analytics, GitHub, Linear, screenshots, or public support channels.

4. Storage and processors

Reverie Memories is Cloudflare-first. Account metadata, auth state, moment metadata, and aggregate analytics are stored in D1/KV where applicable. Private uploads and generated images are stored in R2. Generation jobs use a Cloudflare Queue and a generator Worker.

Future provider-bound reference-image generation must be reviewed before broader rollout. Provider retention, logging, deletion, training, support, and abuse-handling assumptions must be disclosed before public likeness-preservation claims or paid provider-backed launch.

5. Cookies and authentication

Reverie Memories uses an HttpOnly `cg_session` cookie to keep you signed in. OAuth state and one-time login state are short-lived. Passwords are stored as derived password hashes, not plaintext passwords. TOTP secrets are encrypted before storage.

6. Analytics

The current analytics path records only aggregate daily counts for allowlisted events such as landing views, signup starts, signup completions, report submissions, and generation status counts. It does not store emails, prompts, filenames, upload IDs, moment IDs, object keys, image bytes, session IDs, IP addresses, user agents, or per-user timelines.

7. Reports, takedowns, and safety

Reports should begin with the minimum information needed to investigate: a category, a link or ID if you have one, and a short non-sensitive description. Do not send private photos, prompts, account secrets, payment details, session cookies, invite codes, or deeply personal grief details unless a trained process requires it.

Severe reports involving suspected CSAM, sexualized minors, non-consensual intimate imagery, threats, extortion, or imminent safety issues may be escalated and may require preserving limited records needed for legal or safety handling.

8. Deletion and retention

You can delete moments where product deletion controls are available. Deletion removes account-visible access and follows the implemented D1/R2 deletion workflow for generated results and associated unreferenced uploads. Some limited records may remain for security, abuse review, legal compliance, duplicate-removal analysis, deletion audit, or service integrity.

We retain personal information only as long as needed for the purposes described here, unless a longer period is required for security, abuse review, legal process, or operational records.

9. Your choices and rights

You may ask to access, correct, delete, export, or review personal information associated with your account. Depending on where you live and which laws apply, you may also have rights to know what is collected, withdraw consent, object to certain uses, limit certain sensitive uses, or avoid discrimination for exercising privacy rights.

Start through the report form. We may need enough information to verify the account or content involved, and we will not ask for more sensitive information than the request reasonably requires.

10. Children and minors

Reverie Memories is not directed to children under 13, and account creation is intended for adults. If you believe a child provided personal information without proper consent, or if a generated image raises a child-safety concern, report it immediately through the report form.

11. Security

We use account-scoped access checks, private R2 object keys, HttpOnly session cookies, password hashing, encrypted TOTP secrets, and privacy-limited analytics. No internet service can guarantee perfect security, so please do not include private photos, prompts, account secrets, or object keys in support messages unless a trained process specifically asks for them.

12. Changes

We may update this Privacy Notice as Reverie Memories changes. Material changes to privacy practices should be presented before they apply to new uses that depend on those changes.

The Terms of Service explain the agreement for using Reverie Memories.

Return to signup