How we handle your data.

Accounts use email and password authentication provided by our backend platform. Passwords are never stored in plain text; they are hashed and managed by the auth provider, not by DreamLux.

Sessions are kept in your browser and refresh automatically. You can sign out at any time from the application UI to revoke the local session.

Access to administrative actions (managing Before / After transformations and uploading images) is restricted to accounts with an explicit admin role stored in a dedicated roles table. Regular signed-in users cannot create, modify, or delete that content.

Public pages (home, generator landing, Avant / Après gallery, pricing, this page) are readable without an account.

DreamLux stores the data you provide to operate the product: your account email, the Before / After transformation entries you publish (title, category, optional description, ordering), and the images you upload through the admin panel.

We do not knowingly collect sensitive categories of personal data. Do not upload images that contain content you are not authorized to share.

The application is built on Lovable and runs on its managed cloud platform, which provides the database, authentication, file storage, and serverless runtime DreamLux uses. Network traffic to the application is served over HTTPS.

Database access is governed by row-level security policies so that requests can only read and write rows that the policies allow for the requesting user.

Uploaded images are kept in a private storage bucket. The gallery delivers them through long-lived signed URLs so that the Before / After cards display correctly to visitors. Image paths are randomized and not enumerable.

Modification and deletion of an uploaded file is restricted to the admin account that uploaded it.

DreamLux uses the minimum browser storage required to keep you signed in (session token in localStorage) and to remember UI preferences. We do not currently deploy third-party advertising or cross-site tracking pixels.

Transformation entries and uploaded images remain in the system until an admin removes them from the admin panel. Account deletion requests can be made through the contact address below.

If you believe you have found a security issue affecting DreamLux, please report it privately to the team rather than disclosing it publicly. Contact: security@dreamlux.app. We will acknowledge reports and investigate in good faith.