v1.0. Last updated: 23 June 2025
Dreem collects and uses Personal Data to provide your organization with the Dreem platform (the “Services”) — a system for product information management (PIM), digital asset management (DAM), content-production workflows, and intelligent automation — as well as all related services and integrations.
This Privacy Policy applies to all users of the Services, including API access, regardless of plan. The Free plan is only excluded from the Service Level Agreement.
This Privacy Policy also applies to Dreem.ai (the “Website”) and any other interactions you might have with Dreem, such as customer service requests. If you do not accept this Privacy Policy, please refrain from using the Services, Website, or any part of Dreem’s operations.
Additionally, a separate agreement (the “Terms of Service”) governs the delivery, access, and use of the Services, including the handling of data such as media, files, or other content submitted through Services accounts (collectively referred to as “Customer Data”). The organisation (such as your employer or another entity or individual) that entered into the Terms of Service (the “Customer”) manages its instance of the Services and all associated Customer Data.
California Notice of Collection of Personal Information: We collect the information described below under “Information Dreem Collects” for the business and commercial purposes described below under “Use of Personal Data.”
When you visit Dreem’s website, servers automatically log standard browser data (IP address, browser type/version, pages visited, timestamps, and related diagnostics).
Dreem collects device information when you access the Services or Website, subject to your browser or device settings.
You may provide your name, email address, work address, and website.
Data generated during use of the Dreem platform, such as asset metadata, product records, workflow logs, and analytics.
We collect Personal Data in three ways:
Dreem acts as a data processor on behalf of Customers when processing Customer Data submitted via the Services. The Customer is the data controller in this context.
For other types of data, Dreem acts as the data controller, including:
Dreem does not use Customer Data for its own purposes without written instructions or consent from the Customer.
Dreem’s core activities do not involve large-scale processing of special-category data or systematic monitoring. Therefore, a Data Protection Officer is not required under GDPR Art 37. Privacy inquiries: legal@dreem.ai
Dreem processes Personal Data only when a legal basis applies. These includes:
| Purpose | Legal Basis |
|---|---|
Service delivery and platform access |
Contractual necessity (Art. 6(1)(b)) |
Website operation and analytics |
Legitimate interests (Art. 6(1)(f)) |
Customer support (platform users) |
Contractual necessity (Art. 6(1)(b)) |
Support inquiries (visitors, leads) |
Legitimate interests (Art. 6(1)(f)) |
Product improvement |
Legitimate interests (Art. 6(1)(f)) |
AI feature training (non-Pro plans) |
Legitimate interests (Art. 6(1)(f)) |
Marketing communications |
Consent (Art. 6(1)(a)) |
Legal compliance |
Legal obligation (Art. 6(1)(c)) |
When Dreem relies on legitimate interests, it always balances them against the user’s rights and expectations. You may object to such processing at any time (see Your Rights).
To access and use the Services, you must provide certain Personal Data (such as your name and email address). If you do not provide this information, Dreem will be unable to register your account or provide the Services.
Providing other Personal Data (e.g., for marketing or personalization) is optional and will only be processed with your consent.
Consent can be withdrawn at any time. Past processing remains lawful.
Dreem uses Personal Data to:
In short: Free/Starter/Team data may improve models; Pro data never trains models unless you opt in.
Dreem uses anonymized platform data from Free, Starter, and Team plans to improve AI model accuracy and feature quality. This processing does not apply to Pro plans. Training datasets are aggregated, de-identified, and stored separately from production systems.
This applies only to Free, Starter, and Team plans. Pro plans are excluded by default.
Safeguards:
Legal basis: Legitimate interest, with protective measures in place.
Dreem’s AI may apply suggestions (e.g., tagging or categorization) in a staging area only. No data is published or synced externally (e.g., Shopify) without human review. A user must confirm and approve any changes before they reach production.
Dreem’s AI features never produce automated decisions with legal or similarly significant effects under GDPR Article 22. All outputs (e.g., tagging or suggestions) require user review and approval before publication or integration.
If our Services include AI features subject to the EU AI Act or other applicable laws, Dreem will comply with any required transparency, logging, or documentation obligations.
Dreem shares Personal Data with third-party service providers (e.g., hosting, analytics, support tools). All subprocessors are bound by strict agreements. Before adding or replacing any subprocessor, we will:
Subprocessor list: https://dreem.ai/legal/subprocessors
Dreem stores Customer Data and Personal Data in the EU/EEA. If data is transferred outside this region — for example, to subprocessors or service providers in the United States — Dreem uses legally approved safeguards, such as:
For a list of subprocessors and transfer locations, see: https://dreem.ai/legal/subprocessors.
As a data subject, you have the following rights under applicable data protection laws:
To exercise any of these rights, email us at legal@dreem.ai with “DSAR Request” in the subject line and include relevant details. We will acknowledge your request within 5 business days and respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority. In Denmark, contact Datatilsynet - https://www.datatilsynet.dk
| Data category | Retention period |
|---|---|
User account data |
30 days after account deletion |
System & access logs |
30 days after account deletion |
Chat/support logs |
12 months |
Encrypted backups |
Purged within 35 days |
Marketing contact history |
24 months or until you opt out |
Dreem is not intended for individuals under 16. If Dreem becomes aware of such data, it will be deleted. Contact legal@dreem.ai for assistance.
Dreem does not request special-category data. If uploaded, the customer is responsible for lawful processing. Dreem will help delete such data if notified.
Dreem utilises various cookies and related technologies on our Website and in the Services to gather information. To learn more about how we use these tools, as well as your options for opting out and other settings, please refer to our Cookie Policy.
Dreem applies strong security controls to safeguard Customer data:
A DPA with SCCs and UK IDTA is available upon request. Dreem also maintains Legitimate-Interest Assessments.
Dreem is not responsible for the privacy practices of linked external sites.
Dreem may update this policy. Material changes will be announced via email or platform. Consent will be requested if needed.
This policy is governed by Danish law. Disputes will follow this order: negotiation -> mediation -> Danish courts.
EU/EEA users may contact their local authority or:
Datatilsynet – The Danish Data Protection Agency
Carl Jacobsens Vej 35,
2500 Valby, Denmark
https://www.datatilsynet.dk
Dreem.ai ApS
Business registration number: 41956895
Nupark 43,
7500 Holstebro,
Denmark
legal@dreem.ai
| Version | Date | Key changes |
|---|---|---|
1.0 |
23 Jun 2025 |
Initial publication |