Dream content is sensitive. This page explains plainly what is collected, how it is protected, and what you can do with your data.
Pierce the Shadow is run by one person: Gregor Vollmaier, based in Slovenia. As a Slovenian resident operating a service accessible to people in the EU, this site falls under GDPR. Gregor is the data controller. You can reach him at gregor@piercetheshadow.com.
Pierce the Shadow collects only what is needed to function.
- Your email address — if you choose to sign in. Used only to send you a magic login link. Not used for marketing. Not shared. Stored in an EU database.
- Your dream text and exploration — if you choose to save your diary. The elements you explore, chips you select, text you write across all four levels, and your own words. Encrypted at rest using AES-256-GCM. Never read by a human. When you explore a dream, it is sent to Anthropic's API over an encrypted connection. By default, Anthropic does not use API inputs to train its models — you can read their policy at anthropic.com/privacy.
- Anonymous usage events — for everyone, without sign-in. Session ID (random, not tied to you), which level you reached, roughly how many resonances you selected. No IP address stored. No dream content in analytics. Used to understand how the experience is working.
If you explore a dream without signing in, nothing is stored beyond the anonymous event. The dream text never leaves your browser in a form that can be associated with you.
Dream data and personal data are never sold, shared, or licensed to any third party. Ever. This is written into the founding constitution of this project and cannot be changed by operational decisions.
There is no advertising on this site. No ad network sees your data. No tracking pixels, no third-party cookies.
By default, Anthropic does not use API inputs or outputs to train its models. Dream content sent for exploration is covered by this policy. If that ever changes on their end, this page will be updated.
All dream content stored in the database is encrypted at rest using AES-256-GCM, with the encryption key held separately as a server secret. The database itself sits in the EU (Cloudflare D1, EU region). Connections are encrypted in transit via HTTPS.
Dream text is never written to application logs. When your dream is sent to the AI for exploration, it goes directly to Anthropic's API over an encrypted connection and is not stored by the server beyond the API response.
In the event of a data breach, the site will notify you and the relevant supervisory authority (the Slovenian Information Commissioner) within the timeframes required by GDPR.
Under GDPR you have the right to access, correct, or delete your data. Pierce the Shadow tries to make this as simple as possible.
- Delete a single dream From your diary — open the dream, scroll to the bottom, and delete it. Gone immediately and permanently.
- Delete your account and all data From the user menu (top right corner) — choose "delete account". This permanently deletes your email address, all saved dreams, and all exploration data. There is no archive, no soft delete, and no way to recover it.
- Request a copy of your data or ask a question Email gregor@piercetheshadow.com. You'll hear back within a few days.
If you choose to, you can contribute dreams from your diary to the collective — either individually, or by turning on contributor mode, which adds future explored dreams by default. Contribution is always opt-in. It can be turned off at any time, and individual dreams can be excluded regardless of mode.
When a dream is contributed, it is stored anonymously. Your name, email address, and account are never attached to it. The dream text itself is stored as written — the system does not scan or remove personal details. If your dream contains names, places, or other details you would prefer not to share, keep that dream private.
Contributed dreams may be used for collective pattern analysis — to surface themes, symbols, and emotional currents that appear across many dreams. They will not be sold, shared with third parties, or used for advertising. This is a Constitutional commitment, not a policy that can be changed by operational decisions.
To un-contribute a dream: open it in your diary and toggle the contribution status off. It will be removed from the collective pool.
Pierce the Shadow uses one cookie: an authentication session token, set only when you sign in. It keeps you signed in across visits. It contains no personal information — just an opaque token that the server uses to identify your session. This cookie is strictly necessary for the sign-in feature to work and does not require your consent under the ePrivacy Directive.
There are no third-party cookies, no tracking cookies, and no advertising cookies. The anonymous analytics use a session ID held in memory only — it is not written to a cookie and disappears when you close the tab.
If this privacy policy changes in a meaningful way, a note will appear on the site. The current version was last updated on 5 June 2026.
Questions or concerns: gregor@piercetheshadow.com.