Privacy policy

Last updated: June 12, 2026

Introduction

At DreamPhones (operated by SoulHeal Technology), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, purchase our products (including DreamPhones sleep headphones and DreamPhones Focus headphones), use the DreamApp mobile application, or otherwise interact with our services.

Because we collect health-related information such as sleep data, heart rate, and heart rate variability (HRV), this policy also serves as our consumer health data privacy policy under the Washington My Health My Data Act and similar state laws. See the "Consumer Health Data" section below.

By using our services, you acknowledge this policy. Where the law requires your consent — for example, before we collect consumer health data or camera-based biometric measurements — we will ask for it separately in the app. Your use of our products and services is also governed by our Terms of Service.

Information We Collect

Information You Provide

We collect information you voluntarily provide when you:

  • Create an account or make a purchase
  • Subscribe to our newsletter
  • Contact our customer support
  • Participate in surveys or promotions

This may include your name, email address, shipping address, phone number, and payment information. Our online store is hosted by Shopify and payments are handled by third-party payment processors; we do not store your full payment card number.

Information Collected Automatically

When you visit our website, we automatically collect certain information about your device and browsing activity, including:

  • Device type, browser type, and operating system
  • IP address and general location
  • Pages visited and time spent on our site
  • Referring website or source

Information Collected Through the Mobile App

When you use the DreamApp (our mobile app for iOS and Android), we may collect:

  • Device and session data: DreamPhones headset serial number, session duration, taVNS (transcutaneous auricular vagus nerve stimulation) intensity settings, and session history
  • Chat messages: Conversations with Dr. Sophie, our AI wellness companion, to provide personalized guidance
  • Push notification tokens: Device tokens for delivering session reminders and wellness insights (with your permission)
  • Bluetooth data: We use Bluetooth Low Energy (BLE) to communicate with your DreamPhones headset. On Android devices running version 11 and below, BLE scanning requires location permissions as a system requirement — we do not use this permission to track your location

Information Collected by the DreamPhones Headset

The DreamPhones headset communicates with the mobile app over Bluetooth Low Energy (BLE). It does not independently send your usage data to our servers. Data flows as follows:

  • Via the app: The headset shares its serial number, battery level, stimulation status, and session data with the mobile app over BLE. The app then transmits relevant data to our servers as described in the "Information Collected Through the Mobile App" section above
  • Firmware updates: The headset connects to our server solely to check for and download firmware updates. These checks transmit only the device serial number and current firmware version
  • On-device storage: The headset stores settings locally (such as stimulation intensity preference, audio volume, and device name). This data stays on the headset and is not transmitted to our servers

How We Use Your Information

We use the information we collect to:

  • Process and fulfill your orders
  • Communicate with you about your purchases and account
  • Send promotional emails and updates (with your consent)
  • Improve our website, products, and services
  • Prevent fraud and ensure security
  • Comply with legal obligations

Apple Health, Android Health Connect, Sleep Data, and Camera Biometrics

When you use the DreamPhones mobile app, we may process health-related and biometric-adjacent data to deliver app features.

Apple Health Data

  • We only access Apple Health data after you grant permission in iOS.
  • On iOS, we may request heart rate variability (HRV), resting heart rate, and sleep data to support session insights, wellness tracking, sleep trends, and session reports.
  • You can revoke Apple Health access at any time in the Health app settings.

Android Health Connect Data

  • On supported Android devices, we only access Health Connect data after you grant permission.
  • We may read data such as HRV, resting heart rate, and sleep records to power the Health screen, sleep-related insights, and session reports.
  • You can revoke Health Connect access at any time in Health Connect or Android settings.

Camera-Based Measurements (rPPG)

  • With your explicit permission, the app uses the front camera to capture a short video of your face during biometrics setup before a session. We will ask for your consent in the app before the first capture, and the feature is entirely optional.
  • The video is processed using remote photoplethysmography (rPPG) to estimate measurements such as heart rate and HRV. We do not use it to identify you, and we do not create facial recognition templates or any other biometric identifier.
  • Raw camera video is deleted promptly once your measurements have been calculated (and any related troubleshooting is complete), and in all cases no later than when you delete your account. Derived measurements such as heart rate and HRV are stored with your account as described under "Data Retention."
  • We do not sell camera-based or other biometric data, share it with advertisers or data brokers, or disclose it except as described in this policy. You can revoke camera access at any time in your device settings; camera-based features will simply be unavailable.

Use Restrictions for Health and Biometrics Data

  • We use this data only to operate and improve DreamPhones features, including session personalization, sleep trend presentation, report generation, and service reliability.
  • We do not sell Apple Health data, Health Connect data, sleep data, biometric measurements, or related personal data.
  • We do not use Apple Health data, Health Connect data, sleep data, or biometric data for advertising, ad targeting, or cross-app/cross-site tracking.
  • We do not share Apple Health data or Health Connect data with data brokers or ad networks.

Consumer Health Data (Washington My Health My Data Act)

SoulHeal Technology is based in Washington State. This section serves as our Consumer Health Data Privacy Policy under the Washington My Health My Data Act and applies to the "consumer health data" we collect. Similar protections apply under comparable laws in other states.

Consumer Health Data We Collect

  • Sleep data, sleep summaries, and sleep trends
  • Heart rate, heart rate variability (HRV), and camera-based (rPPG) measurements
  • taVNS session data, such as session duration, intensity settings, and session history
  • Health-related information you choose to share in conversations with Dr. Sophie, our AI wellness companion
  • Data you authorize us to read from Apple Health or Android Health Connect

Sources and Purposes

We collect consumer health data directly from you, from your DreamPhones headset via the DreamApp, from your device's camera (with your permission), and from Apple Health or Health Connect (with your permission). We collect it only with your consent or to the extent necessary to provide a product or service you have requested, and we use it solely to deliver and improve the features described in this policy — session personalization, sleep and focus insights, health dashboards, and session reports — and for security, troubleshooting, and legal compliance.

How We Share Consumer Health Data

We do not sell consumer health data, and we will never sell it without the separate, signed authorization that the law requires. We do not use or share it for advertising. We disclose it only to service providers that process it on our behalf under contracts requiring confidentiality and data protection (such as cloud hosting and infrastructure providers), with your consent, or when required by law. You may request a list of the third parties and affiliates with whom we have shared your consumer health data by emailing contact@dreamphones.ai.

Your Consumer Health Data Rights

  • Right to know and access: confirm whether we collect, share, or sell your consumer health data, and access that data, including a list of the third parties with whom we have shared it
  • Right to withdraw consent: withdraw your consent to our collection or sharing of your consumer health data at any time
  • Right to delete: have your consumer health data deleted, including from our backups and by our service providers

To exercise these rights, email contact@dreamphones.ai or use our Delete My Data page. We will not discriminate against you for exercising them. If we deny your request, we will explain why, and you may appeal by replying to our decision. If your appeal is denied and you live in Washington, you may raise a concern with the Washington State Attorney General at www.atg.wa.gov.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy:

  • Account data: Retained while your account is active. Deleted within 30 days of an account deletion request.
  • Session history and VNS data: Retained while your account is active to power your health dashboard and session reports.
  • Chat messages: Retained while your account is active to provide continuity in your wellness conversations.
  • Health and biometric data: Raw camera video used for biometric measurement is processed in real time and deleted promptly once your measurements have been calculated — we do not keep a video archive. Apple Health and Health Connect data are accessed from your device with permission. We may store selected health-derived metrics, sleep summaries, and session reports in your account for as long as needed to provide app features; they are deleted when you delete your account.
  • Push notification tokens: Retained while your account is active and notifications are enabled. Tokens are removed when you disable notifications or delete your account.

After account deletion, we may retain anonymized, aggregated data that cannot identify you for analytics and service improvement.

Information Sharing

We do not sell your personal information, and we do not share it for ad targeting or cross-context behavioral advertising. We may share your information with:

  • Service Providers: Third parties who assist with payment processing, e-commerce hosting (Shopify), shipping, email delivery, cloud hosting, and analytics, under contracts that limit how they may use your data
  • Business Partners: When necessary to provide you with products or services you have requested
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, and this policy will continue to apply to it

Consumer health data and biometric measurements are shared only as described in the "Consumer Health Data" section above.

Relationship with Shopify

Our online store at store.dreamphones.ai is hosted by Shopify, which collects and processes personal information about your access to and use of the store in order to provide and improve the services for you. Information you submit to the store will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the services for you. In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy. Depending on where you live, you may exercise certain rights with respect to your personal information via the Shopify Privacy Portal.

Cookies and Tracking

We use cookies and similar technologies to enhance your browsing experience, analyze site traffic, and personalize content. You can control cookie preferences through your browser settings.

We may also use third-party analytics services (such as Google Analytics) to help us understand how visitors use our site.

Our website recognizes Global Privacy Control (GPC) signals. Because we do not sell personal information or share it for targeted advertising, there is no sale or sharing to opt out of, but where the law treats a GPC signal as an opt-out request, we honor it.

Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information and account
  • Opt out of marketing communications
  • Request data portability

To exercise any of these rights, please contact us using the information below. We may need to verify your identity before fulfilling a request. If we decline a request, we will explain why, and depending on where you live you may have the right to appeal our decision.

To request deletion of your account and all associated data, visit our Delete My Data page. Deletion requests are processed within 30 days.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. In the last 12 months we have collected the categories of personal information described in "Information We Collect" above: identifiers (such as name and email), commercial information (such as purchase history), internet activity, general location inferred from IP address, and sensitive personal information (the health and biometric measurements described above). Your rights include:

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of your personal information — we do not sell or share your personal information, and we honor Global Privacy Control signals as described above
  • The right to limit the use of sensitive personal information — we use health and biometric data only to provide the services you request, not for advertising or profiling
  • The right to non-discrimination for exercising your privacy rights

You may use an authorized agent to submit a request on your behalf; we will ask the agent for proof of authorization.

EU, EEA, and UK Residents (GDPR)

If you are in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases:

  • Contract: to fulfill orders, manage your account, and provide the app and services you request
  • Consent: for health and biometric data, marketing emails, and optional features such as camera-based measurements — you can withdraw consent at any time
  • Legitimate interests: to secure and improve our services and prevent fraud
  • Legal obligation: to comply with tax, accounting, and other legal requirements

You have the rights of access, rectification, erasure, restriction of processing, data portability, and objection, as well as the right to withdraw consent at any time without affecting prior processing. You also have the right to lodge a complaint with your local supervisory authority (or, in the UK, the Information Commissioner's Office).

International Data Transfers

We are based in the United States, and your information is processed on servers in the United States, which may have data protection laws different from those in your country. Where required for transfers from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK equivalent) with our service providers.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including encryption of data in transit and access controls. However, no method of transmission over the internet is 100% secure.

If a data breach affects your personal information, we will notify you and the relevant regulators as required by applicable law, without undue delay.

Children's Privacy

Our services are not directed to children, and you must be at least 18 years old to create an account or make a purchase. We do not knowingly collect personal information from anyone under 18 — and in particular not from children under 13 (or the higher age that applies in your country), consistent with the Children's Online Privacy Protection Act (COPPA). If you believe a child has provided us with personal information, please contact us at contact@dreamphones.ai and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. If a change materially affects how we handle your personal information — especially consumer health data — we will provide more prominent notice (such as email or an in-app notice) and, where the law requires it, ask for your consent.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: contact@dreamphones.ai
Address: SoulHeal Technology
7513 SE 27th St, Suite A
Mercer Island, WA 98040, USA