Privacy Policy

Last Edited: April 16, 2026

1. Definitions. "Personal data" means information that identifies or reasonably relates to an identifiable individual. "Customer Data" means content and information submitted to, generated within, or processed through the Services by or on behalf of a Customer, including messages, files, prompts, inputs, outputs, and other communications. "Other Information" means information collected or generated in connection with operation of the Services that is not Customer Data. Customer Data that has been aggregated or de-identified such that it no longer constitutes Personal Data is not Customer Data and is treated as Other Information for the purposes of this Privacy Policy. Capitalized terms not defined here have the meanings given in the User Terms of Service, Acceptable Use Policy, or Enterprise Services Agreement.

2. Scope and Purpose. This Privacy Policy explains how A Dream Inc. (d/b/a "Popcorn") ("we," "us," or "our") collects, uses, discloses, retains, and protects personal data in connection with the Popcorn services available at popcorn.ai (the "Services"). It applies to users, visitors, and other individuals whose personal data is processed by us in connection with operation of the Services and related websites, support channels, and communications.

This Privacy Policy does not apply to third-party applications, tools, artificial intelligence services, or other software that integrate with or are accessible through the Services ("Third-Party Services" or "Third-Party Integrations"). Third-Party Services operate under their own terms of service and privacy policies, and we do not control how such third parties collect, use, or process personal data. You are responsible for reviewing and complying with the terms and privacy practices of any Third-Party Services you enable or use.

Access to and use of the Services may be governed by a separate written agreement between the Customer and A Dream Inc. (an "Enterprise Services Agreement") where applicable. That agreement governs delivery, configuration, and use of the Services, including the processing of messages, files, prompts, outputs, and other content submitted through the Services ("Customer Data").

The organization or individual that enters into the Enterprise Services Agreement (the "Customer") controls its workspace, including user access, settings, integrations, retention configurations, and administrative actions, as well as all Customer Data associated with that workspace. If you access the Services through a workspace, your use of the Services and the processing of Customer Data are subject to the Customer's policies and instructions. Questions regarding workspace-specific practices should be directed to the applicable Customer.

This Privacy Policy describes our general data practices and does not override or modify the Enterprise Services Agreement or Customer instructions regarding Customer Data.

3. Controller and Processor Roles. For Customer Data, the applicable Customer is the data controller and we act as a service provider or data processor, processing Customer Data only in accordance with the Customer's instructions, the Enterprise Services Agreement, and applicable law. For Other Information, we act as the data controller (or "business," "controller," as applicable under relevant law). Responsibilities, rights, and obligations differ depending on this distinction.

4. Applicability of Enterprise Services Agreements. The processing of Customer Data is governed by the Enterprise Services Agreement and any applicable data processing addendum between us and the Customer. Requests relating to Customer Data, including access, deletion, or export, should generally be directed to the Customer that controls the workspace.

5. Categories of Personal Data Collected. In the course of providing the Services, we collect and process certain personal data and operational data as necessary to enable core functionality, including collaboration, automation, integrations, and artificial-intelligence features. This data may be processed transiently or in real time and may not be retained beyond what is necessary to perform the requested operation.

This includes, without limitation:

  • Conversations, messages, prompts, and content submitted within workspaces, channels, threads, and direct messages;
  • Decisions, actions, and events initiated through the Services, such as triggering workflows, creating or updating records in third-party systems, executing webhooks, or invoking integrations;
  • Contextual and configuration information, including user time zone, workspace settings, permissions, and feature configurations;
  • Information retrieved from or transmitted to external services through authorized integrations;
  • Webhook payloads, API requests, and responses necessary to perform requested actions;
  • AI-related inputs and contextual data required to generate outputs or perform automated tasks;
  • Talk-Through Session Data, including: (i) voice audio captured during a Talk-Through session, which is processed solely for transcription and is permanently deleted immediately upon transcription completion; (ii) transcribed text generated from voice audio, which is retained as Customer Data; (iii) cursor movement recordings, including timestamped records of on-screen cursor activity during a session; (iv) screen state data, including screenshots and visual recordings of on-screen content captured during a session; and (v) code context associated with content displayed during the session. Raw audio is not retained beyond the transcription process;
  • In-Channel App data, including application code, configuration, and associated outputs generated within a channel by Authorized Users or the AI agent using the /update command or equivalent invocation;
  • Agent execution logs, including records of actions taken by the AI agent within the Workspace-Owned Computer, retrieved data, web browsing activity conducted via the embedded browser or Perplexity API, and success/failure outcomes of agent-initiated operations. Agent execution logs may be accessed by A Dream personnel for debugging, performance monitoring, and product improvement purposes as described in Section 6.

Some of this data is processed dynamically to fulfill user requests and enable functionality and may not be persistently stored by us except as described in this Privacy Policy, the User Terms of Service, or the applicable Enterprise Services Agreement.

The Services may generate derived data from Customer Data, including summaries, decisions, action items, participant associations, contextual inferences, and User Memory generated through AI-enabled features. Such derived information may be stored as Communication Memory or User Memory (collectively "Derived Data" or "Memory").

Certain information processed through the Services is stored, logged, or retained for limited periods in order to operate, secure, support, and improve the Services, comply with legal obligations, and enforce agreements. Subject to the retention practices described below, such information may include:

  • Messages, conversations, and content processed through the Services, subject to system-defined retention limits, including automatic deletion of private messages after approximately twenty-four (24) hours;
  • Metadata and logs associated with service usage;
  • Information received from Third-Party Tools, integrations, and artificial-intelligence services;
  • Account-level, subscription, billing-administration, and workspace-management information for Customers;
  • Security, fraud-prevention, and operational logs maintained to protect the Services and Users.

We do not retain private messages, private channel content, or direct messages beyond the applicable retention period described in Section 14, except where required to comply with legal obligations or valid legal process.

6. AI-Related Data Processing. When users interact with AI-enabled features, inputs and outputs are processed to provide functionality of the Services. AI-generated outputs are probabilistic and may vary over time for identical inputs.

  • Derived Data may be used to personalize interactions, generate summaries, or support future actions within the Services.
  • Unless otherwise specified in the Enterprise Services Agreement, Customer Data submitted to AI features is not used by us to train general-purpose artificial intelligence models.
  • We may process limited data to operate, secure, monitor, and improve the Services.
  • AI-related processing may involve transient storage, caching, or logging for performance, security, or abuse-prevention purposes.
  • Third-party artificial intelligence service providers may process Customer Data to generate outputs or perform requested tasks.

Talk-Through Feature. When an Authorized User activates the Talk-Through Feature, the Services process voice audio in real time to generate a text transcription. The raw audio file is permanently deleted immediately upon completion of transcription and is not retained, stored, or accessible thereafter. Transcribed text, cursor movement data, screenshots, and associated code context are retained as Customer Data and processed as described in this Privacy Policy. The transcription process may involve transmission of audio data to third-party transcription service providers, which are subject to contractual confidentiality obligations.

A Dream explicitly discloses that its personnel may access certain Customer Data in the course of operating and improving the Services. The scope, purposes, and safeguards applicable to such access are described below.

  • (a) Scope of Access. A Dream personnel may access the following categories of Customer Data: (i) agent execution logs, including records of actions taken by the AI agent within the Workspace-Owned Computer, retrieved data, web browsing activity, and success/failure outcomes; (ii) In-Channel App data, including application code, configuration, and associated outputs; (iii) Talk-Through session data, limited to transcribed text, cursor movement recordings, screen state data, and code context (but expressly excluding raw audio, which is permanently deleted upon transcription); (iv) messages and prompts submitted to AI-enabled features; and (v) metadata associated with the foregoing.
  • (b) Purposes. Access is limited to the following purposes: debugging errors and failures in agent operations; improving the success rate and reliability of AI-enabled features; monitoring for misuse, abuse, and policy violations; investigating security incidents; and supporting Customers upon request.
  • (c) Model Training. Customer Data accessed under this section is not used to train general-purpose artificial intelligence models unless the Customer has explicitly opted in to such use.
  • (d) Access Controls. Access to Customer Data is governed by internal access-control policies, limited to personnel with a documented business need, and subject to confidentiality obligations.
  • (e) Customer Notice. A Dream provides this disclosure so that Customers may make informed decisions about use of the Services, including configuring workspace settings and instructing Authorized Users accordingly.

Debugging. In connection with operating and improving the Services, A Dream personnel may engage in the following debugging-related activities:

  • (a) Review agent execution logs to identify failure points, error patterns, and potential improvements to agent behavior;
  • (b) Review In-Channel App data to diagnose errors in application deployment, configuration, or output generation;
  • (c) Review Talk-Through session data (excluding raw audio) to diagnose transcription errors, cursor-tracking issues, or context-resolution failures; and
  • (d) Access metadata, timestamps, and operational telemetry associated with the foregoing data categories to correlate events and diagnose system-level issues.

Privilege and Confidentiality. Customers and Authorized Users should be aware of the following regarding data submitted to or processed through the Services:

  • (a) A Dream personnel who access Customer Data under this section are not lawyers and do not provide legal advice. Access by A Dream personnel does not create an attorney-client relationship or any legal privilege;
  • (b) Submission of privileged, confidential, or legally protected information to or through the Services may result in disclosure of such information to A Dream personnel and, depending on the circumstances, may risk waiver of applicable privileges or protections;
  • (c) Customers are advised to evaluate whether submission of sensitive, privileged, or confidential information through the Services is appropriate in light of this disclosure and to implement internal policies and user guidance accordingly; and
  • (d) A Dream makes no warranty or representation that Customer Data processed through the Services will remain privileged, confidential, or protected from disclosure beyond the commitments expressly set forth in the Enterprise Services Agreement and this Privacy Policy.

7. Artificial Intelligence Service Providers. To provide AI-enabled functionality, we may transmit conversation data, messages, contextual information, and related metadata to third-party artificial intelligence service providers. These providers process such data on our behalf in accordance with contractual arrangements and their applicable terms.

Use of AI-enabled features requires this processing. By accessing or using the Services, you acknowledge and agree that your data will be processed in this manner to provide AI functionality. You may not opt out of such processing while continuing to use the Services. If you do not agree to this processing, you must discontinue use of the Services.

8. Sources of Personal Data. Personal data is collected directly from users or Customers, automatically through use of the Services, from third-party services authorized by Customers, and from our service providers and affiliates supporting operation of the Services.

9. Purposes of Processing. We process personal data for the following business purposes:

  • To provide, operate, maintain, and secure the Services;
  • To authenticate users and manage accounts and workspaces;
  • To enable collaboration, messaging, file sharing, integrations, and AI-enabled features;
  • To provide customer support and respond to inquiries;
  • To monitor performance, diagnose errors, support quality assurance and safety, and improve reliability and functionality;
  • To detect, prevent, and investigate fraud, abuse, security incidents, and policy violations;
  • To comply with legal obligations and enforce agreements;
  • To send operational, security, legal, and administrative communications;
  • To develop new features and improve existing functionality; and
  • To generate aggregated or de-identified analytics for business and product improvement.

Where permitted by law, we may also send marketing or promotional communications, which recipients may opt out of.

10. Legal Bases for Processing. Where required by law, we process personal data based on performance of a contract, legitimate business purposes, compliance with legal obligations, and consent where applicable. Legitimate business purposes include operating and improving the Services, maintaining security, preventing misuse, and supporting Customers; see paragraph 9 for more detail.

11. Data Sharing and Disclosure. We share personal data in the following circumstances:

  • With Customers and workspace administrators, in accordance with Customer instructions, workspace configurations, and applicable law. Customers control access to Customer Data within their workspaces;
  • Within the Services, where information may be visible to other authorized users based on workspace settings, channel membership, and access-control configurations;
  • With service providers and subprocessors who assist in operating, securing, and improving the Services, subject to contractual obligations;
  • With third-party services, when enabled by a Customer or user through integrations, extensions, or connected applications;
  • With professional advisers, including legal counsel, auditors, and consultants, as necessary for compliance, dispute resolution, or corporate governance purposes;
  • In connection with corporate transactions, including mergers, acquisitions, reorganizations, divestitures, or asset sales, where personal data may be transferred as part of the transaction;
  • For legal and safety purposes, including to comply with applicable law, legal process, or governmental requests, and to protect the rights, safety, or property of A Dream, its users, or the public;
  • With consent, where an individual has authorized the disclosure.

Users may opt out of certain non-essential data sharing as permitted by applicable law and subject to the functionality requirements of the Services. Opt-out requests may be submitted to contact@popcorn.ai.

Memory elements (including Communication Memory and User Memory) are visible to Authorized Users within the applicable workspace. Customers may configure workspace settings to control the scope and visibility of Memory elements, and Authorized Users may view, edit, or delete their User Memory through the Services.

12. Third-Party Integrations. If a Customer enables third-party services, those services may access personal data as required for integration. We do not control third-party practices, and their terms and privacy policies apply.

13. Cookies and Similar Technologies. We use cookies and similar technologies on our public-facing websites to support functionality, security, analytics, and marketing activities. We do not use advertising cookies or third-party ad tracking technologies within Customer workspaces or within the core Services.

14. Data Retention. We retain personal data only for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and maintain security and integrity. Private messages are automatically deleted after approximately twenty-four (24) hours and are not recoverable thereafter.

Deletion of messages or content by a user or Customer results in deletion of associated metadata and derived data, except where retention is required for legal compliance, security, or fraud-prevention purposes, or where such data has been aggregated or de-identified.

Public messages and posts are retained unless deleted by the author or a workspace administrator, or until the workspace is deleted or the applicable retention period expires.

Other account, usage, and technical information is retained for as long as the account is active and for a reasonable period thereafter, subject to applicable law and legal obligations.

Talk-Through raw audio is permanently deleted immediately upon completion of transcription and is not retained, stored, or accessible thereafter. Transcribed text and associated session data are retained as Customer Data, subject to the retention practices described in this section.

In-Channel App data, including application code, configuration, and associated outputs, is retained as Customer Data for the duration of the applicable workspace or until deleted by a Customer or workspace administrator.

15. Security. We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or disclosure. No system can be guaranteed to be completely secure.

Clicking links to third-party sites navigates you off our website and platform; we do not control or endorse content and the security of third-party sites.

Access to Customer Data by A Dream personnel is subject to internal access-control policies, limited to personnel with a documented business need, and governed by confidentiality obligations. For more information regarding the scope and purposes of such access, see Section 6.

16. Children. The Services are not directed to individuals under sixteen (16) years of age. We do not knowingly collect personal data from children under that age.

17. User Rights. Depending on your jurisdiction, you may have certain rights with respect to your personal data, including the right to request access, correction, deletion, or information about processing.

Memory elements (including Communication Memory and User Memory) may be viewed, edited, or deleted by Authorized Users through the Services. Customers may configure workspace-level Memory settings, including enabling or disabling Memory features.

For Customer Data processed on behalf of a Customer in our capacity as a data processor, rights requests should be directed to the applicable Customer. We will assist the Customer in fulfilling such requests in accordance with the Enterprise Services Agreement and applicable law.

For Other Information processed by us as a data controller, individuals may submit rights requests directly to us at contact@popcorn.ai. We will verify the identity of the requestor before fulfilling any request.

Certain rights may be limited where fulfillment would adversely affect the rights or freedoms of others, where data is required for legal compliance, or where an applicable exception or exemption applies. Where we are unable to fulfill a request, we will provide an explanation and, where reasonably practicable, offer voluntary assistance.

18. California and U.S. State Privacy Rights. This section provides additional disclosures required under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), and similar U.S. state privacy laws.

Categories of Personal Information Collected. In the preceding twelve (12) months, we have collected the following categories of personal information as defined under the CCPA/CPRA:

  • Identifiers (e.g., name, email address, account identifiers);
  • Internet or other electronic network activity information (e.g., browsing activity within the Services, interaction data, log data);
  • Professional or employment-related information (e.g., company name, job title, where provided);
  • Geolocation data (e.g., approximate location derived from IP address);
  • Audio, electronic, or visual information (e.g., Talk-Through transcribed text, cursor recordings, screen state data; raw audio is not retained);
  • Inferences drawn from the above (e.g., Derived Data, Memory elements).

No Sale of Personal Information. We do not sell personal data as defined under the CCPA/CPRA or similar U.S. state laws. We do not share personal information for cross-context behavioral advertising purposes.

Right to Know, Correct, and Delete. Subject to applicable law, California residents and residents of other applicable U.S. states may request: (i) disclosure of the categories and specific pieces of personal information collected; (ii) correction of inaccurate personal information; and (iii) deletion of personal information, subject to applicable exceptions.

Right to Opt Out. Because we do not sell personal information or share it for cross-context behavioral advertising, there is no applicable opt-out right under the CCPA/CPRA at this time. If our practices change, we will update this Privacy Policy and provide an opt-out mechanism.

Authorized Agents. You may designate an authorized agent to submit a request on your behalf. The authorized agent must provide proof of authorization, and we may require verification of identity directly from the consumer.

Non-Discrimination. We do not discriminate against individuals who exercise their privacy rights.

To submit a request, contact us at contact@popcorn.ai. We will verify the identity of the requestor before fulfilling any request.

19. Changes to This Privacy Policy. We may update this Privacy Policy from time to time. Material changes will be communicated through the Services or other reasonable means.

20. Contact Information. Questions or requests regarding this Privacy Policy may be directed to:

A Dream Inc. (d/b/a "Popcorn")

Email: contact@popcorn.ai

Mailing Address: 2261 Market Street, STE 60578, San Francisco, CA, 94114

Cookie Policy

At A Dream Inc. (d/b/a "Popcorn"), we value transparency about how we collect and use information. This Cookie Policy explains how and when we use cookies and similar technologies in connection with our websites and related online properties.

What Are Cookies?

Cookies are small text files that are placed on your computer or mobile device when you visit a website. They may be session-based or persistent.

How Do We Use Cookies?

We generally use cookies for authentication and session management, security, preferences and functionality, performance and analytics, and advertising and marketing on our public websites only.

Your Choices and Cookie Controls

Most web browsers allow you to control cookies through their settings. You may block cookies entirely, delete existing cookies, or configure your browser to notify you when cookies are set.

Updates to This Cookie Policy

We may update this Cookie Policy from time to time. For more information about how we collect, use, and share information, please review our Privacy Policy.