Last updated: May 26, 2026. Your privacy matters. This policy explains what data we collect, how we use it, and your rights.
Account data (provided by you): email address, display name, birth date, birth hour, and gender — only when you choose to register an account.
Usage data (generated automatically): lottery type preferences, saved predictions, suggestions you submit, and vote history.
Technical data (collected automatically): IP address, browser type and version, device type, pages visited, and timestamps — standard web server logs. We do not collect precise geolocation, device fingerprinting, or browsing history across other websites.
We use your birth information solely to personalize your lottery number predictions through Eastern metaphysics (Bazi) calculations. This data is processed strictly for algorithmic generation and is never used to identify you outside of this platform.
We use your email address to: send password reset links, notify you of important service updates, and communicate about your account. We will never send you marketing emails without your explicit consent.
We use technical and usage data to: operate and improve the service, detect and prevent fraud or abuse, and comply with legal obligations.
We never sell, rent, or trade your personal data to third parties. Period.
We use essential first-party cookies for security (CSRF protection), session management (keeping you logged in via HttpOnly cookies), and language preferences. These cookies do not track personal behavior.
Some integrated services — such as our payment processors (e.g., Stripe) and security provider (Cloudflare Turnstile) — may set their own strictly necessary cookies for fraud detection, transaction security, and regulatory compliance. We also use Plausible Analytics for privacy-friendly traffic analysis, which does not use cookies and does not identify individual users.
If we ever introduce advertising cookies in the future, we will update this policy, notify registered users, and provide opt-out instructions.
For users in the European Economic Area (EEA) and the UK, our legal basis for processing your data is: (a) your consent when you register and provide birth information, (b) legitimate interest in operating and securing the service, and (c) legal obligation where applicable. You may withdraw consent at any time by deleting your account.
Depending on your jurisdiction, you have the right to: access the personal data we hold about you, correct inaccurate data, delete your data (right to erasure), restrict or object to processing, data portability (receive your data in a machine-readable format), and not be discriminated against for exercising these rights.
To exercise any of these rights, contact us through the suggestions feature on the website or the contact information in the footer. We will respond within 30 days as required by law. We may need to verify your identity before processing your request.
We retain your account data for as long as your account is active. If you delete your account, we permanently delete your personal data within 30 days, except where we are required by law to retain certain information (such as fraud prevention records). Server logs are retained for a maximum of 90 days. Prediction history is retained until you delete your account.
Your data is stored securely using industry-standard encryption. Passwords are hashed with argon2 — even we cannot see your original password. Authentication tokens are stored in HttpOnly cookies (inaccessible to JavaScript, immune to XSS attacks). We use TLS/HTTPS in production to encrypt data in transit. No security system is perfect, but we take commercially reasonable measures to protect your data.
Daydreamer is not intended for children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact us immediately and we will delete it.
Your data is stored and processed in the United States. If you are located outside the US, your data will be transferred to and processed in the US. By using our service, you consent to this transfer. We take appropriate safeguards to ensure your data remains protected across borders.
We do not sell your personal data. We only share information with trusted service providers who help us operate our website, provided they keep this information confidential. Our providers include:
Cloudflare: Website security, DDoS protection, and bot detection (Turnstile). Subject to Cloudflare's privacy policy.
Payment Processors (e.g., Stripe): Secure payment processing and financial fraud prevention. If you make a voluntary contribution, your payment is processed directly by our payment providers — we do not collect or store your full credit card information. These processors may use cookies as described in their respective privacy policies.
Plausible Analytics: Privacy-friendly, cookie-less website traffic analysis.
Affiliate & Ad Partners: Tracking referral traffic and displaying relevant advertisements. Ad networks integrated in the future will be disclosed in updates to this policy.
In the event of a data breach affecting your personal information, we will notify affected users via email and relevant authorities within 72 hours of discovery, as required by applicable law.
We will notify registered users of any material changes to this privacy policy via email at least 14 days before they take effect. Non-material changes (such as clarifying wording) take effect upon posting. Continued use after changes take effect constitutes acceptance.
For privacy questions, data requests, or to exercise your rights under GDPR, CCPA, or other privacy laws, contact us at . You also have the right to file a complaint with your local data protection authority.
← Back to Daydreamer