Skip to main content

Privacy Policy

Effective Date: April 16, 2026

Lucid Dream Software, Inc. (“Company,” “we,” “our,” or “us”) operates the SmartSupplySystem platform available at sss.luciddream.com (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our Service. Please read this policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

When you create an account or use the Service, we may collect the following information that you voluntarily provide:

  • Account information: name, email address, and password (or Google account credentials if you use Google OAuth sign-in)
  • Product definitions: consumable product data, templates, and project configurations you create within the Service
  • Wallet information: Solana blockchain wallet addresses (public keys) and encrypted mnemonic phrases associated with your account
  • API keys: keys generated for connecting AI clients to the SmartSupplySystem MCP server
  • Assessment responses: answers provided through our pilot program self-assessment
  • Communications: any messages, feedback, or inquiries you send to us

1.2 Information Collected Automatically

When you access the Service, we automatically collect certain information, including:

  • Device and browser data: IP address, browser type, operating system, device identifiers, and screen resolution
  • Usage data: pages visited, features used, click patterns, session duration, and referring URLs
  • Cookies and similar technologies: as described in Section 5 below

1.3 Information from Third-Party Services

If you sign in using Google OAuth, we receive your name, email address, and profile picture from Google. We do not receive your Google password.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Create and manage your account
  • Process your product definitions and compile them to blockchain tokens
  • Facilitate connections between your AI clients and the SmartSupplySystem MCP server
  • Send transactional emails (account verification, password resets, service notifications)
  • Respond to your inquiries and provide customer support
  • Analyze usage patterns to improve and optimize the Service
  • Detect, prevent, and address technical issues, fraud, or security threats
  • Comply with legal obligations

We do not sell your personal information. We do not use your product definitions or project data for purposes unrelated to providing the Service.

3. Blockchain Data and Permanence

SmartSupplySystem uses the Solana blockchain to record consumable authentication tokens. You should be aware of the following characteristics of blockchain technology:

  • Public visibility: Blockchain transactions are recorded on a public, distributed ledger. Wallet addresses and transaction metadata written to the blockchain are publicly viewable by anyone.
  • Immutability: Data written to the blockchain cannot be modified or deleted. This is a fundamental property of blockchain technology and is outside our control.
  • Pseudonymity: Blockchain wallet addresses are pseudonymous. We do not publish your name or email address to the blockchain. However, your wallet address may be linked to your identity if you share it publicly.
  • Current environment: The Service currently operates on the Solana Devnet (development network). No real monetary value is involved in devnet transactions.

Because blockchain data is permanent and public, you should exercise care about what information you include in product definitions that may be written to the blockchain.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

  • Service providers: We use third-party services to operate the platform, including Supabase (authentication and database), Convex (real-time database), Vercel (hosting), Google Analytics (analytics), and Resend (transactional email). These providers process data on our behalf and are contractually bound to protect your information.
  • AI client connections: When you connect an AI client (such as Claude or ChatGPT) to the SmartSupplySystem MCP server using your API key, that AI client may access your product definitions and project data as authorized by you. We are not responsible for how third-party AI providers handle data transmitted through their platforms.
  • Blockchain networks: When you compile a project, the resulting token data and metadata are written to the Solana blockchain, which is publicly accessible as described in Section 3.
  • Legal requirements: We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential cookies: Required for the Service to function. These manage your authentication session and security preferences. You cannot opt out of essential cookies while using the Service.
  • Analytics cookies: We use Google Analytics (GA4) with Consent Mode v2 to understand how visitors use the Service. Analytics cookies are only activated after you provide consent through our cookie consent banner. You may withdraw consent at any time by clearing your cookies or adjusting your browser settings.

Most web browsers allow you to control cookies through their settings. Note that disabling essential cookies may prevent you from using certain features of the Service.

6. Data Storage and Security

Your data is stored on servers operated by our service providers, primarily located in the United States. We implement reasonable administrative, technical, and physical security measures to protect your information, including:

  • Encryption of data in transit using TLS/HTTPS
  • Encryption of sensitive data at rest (including mnemonic phrases)
  • Authentication via Supabase with support for password hashing and OAuth token management
  • Row-level security policies on database tables
  • API key authentication for MCP server connections
  • Regular review of security practices

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: retained while your account is active and for a reasonable period afterward to comply with legal obligations
  • Product definitions and projects: retained while your account is active; deleted upon account deletion except for data already written to the blockchain
  • Blockchain data: permanent and cannot be deleted (see Section 3)
  • Analytics data: retained according to Google Analytics default retention settings (currently 14 months)
  • Assessment data: retained for up to 24 months after submission

You may request deletion of your account and associated data by contacting us at the email address below or by using the account deletion feature in your Settings page.

8. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information:

8.1 General Rights

  • Access: request a copy of the personal information we hold about you
  • Correction: request that we correct inaccurate personal information
  • Deletion: request deletion of your personal information, subject to the limitations described in Section 7 (blockchain data cannot be deleted)
  • Data portability: request a machine-readable copy of your data

8.2 European Economic Area (GDPR)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation, including the right to restrict processing and the right to object to processing. Our legal basis for processing your data is typically your consent (for analytics), performance of a contract (for providing the Service), or our legitimate interests (for security and service improvement). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

8.3 California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, the right to request deletion of your personal information, and the right not to be discriminated against for exercising your privacy rights. As stated above, we do not sell personal information. To exercise your rights, contact us at the email address below.

To exercise any of these rights, please contact us at david@luciddream.com. We will respond to verified requests within 30 days (or sooner if required by applicable law).

9. Children's Privacy

The Service is designed for business use and is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at the email address below.

10. International Data Transfers

Lucid Dream Software, Inc. is based in Illinois, United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States.

11. Third-Party Links and Services

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through the Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective Date” at the top of this page and, where appropriate, notify you by email or through a notice on the Service. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Lucid Dream Software, Inc.
Email: david@luciddream.com