Privacy Policy

Last updated: October 28, 2025

1. Introduction

Welcome to Rhythmic. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our habit tracking application.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (used for authentication and account recovery)
  • Username (chosen by you, visible to other users)
  • Profile avatar (optional)
  • Password (stored encrypted, never in plain text)

2.2 Habit and Usage Data

To provide the core functionality of Rhythmic, we collect:

  • Habit titles and descriptions you create
  • Completion logs (dates when you mark habits as complete)
  • Loop memberships and roles (owner, admin, member)
  • Friend connections
  • Pings sent and received
  • Privacy settings for individual habits (public vs. private)

2.3 Device and Technical Information

We automatically collect:

  • Device timezone (to display habit schedules in your local time)
  • Push notification token (if you enable notifications)
  • App version and device type (for troubleshooting)
  • IP address (for security and fraud prevention)

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Rhythmic service
  • Enable you to track habits and view your progress
  • Allow you to create and participate in Loops with other users
  • Send push notifications for pings, invites, and daily reminders (if enabled)
  • Display habit completion status to Loop members based on your privacy settings
  • Calculate streaks and habit statistics
  • Prevent abuse and enforce our Terms of Service
  • Improve and debug the app

We do not sell your data to third parties. We do not use your habit data for advertising or share it with advertisers.

4. Data Sharing and Visibility

4.1 What Other Users Can See

Rhythmic is designed for accountability with friends. Here's what's visible to other users:

  • Loop Members: Can see your username, avatar, and completion status for habits in shared Loops
  • Public Habits: Loop members can see the habit title, description, and your completion dates
  • Private Habits: Loop members can only see your total completion count, NOT the habit title or specific dates
  • Friends: Can see your username, avatar, and send you Loop invites

4.2 Third-Party Services

We use the following third-party services to operate Rhythmic:

  • Supabase: Database and authentication provider (data encrypted at rest)
  • Apple Push Notification Service (APNs): For delivering push notifications to iOS devices
  • Cloudflare: For hosting our website and providing security

These services are bound by strict data processing agreements and cannot access your data beyond what's necessary to provide their service.

5. Your Privacy Controls

You have control over your privacy in Rhythmic:

  • Habit Privacy: Mark any habit as public or private when creating or editing it
  • Loop Membership: Leave any Loop at any time from the Loop settings
  • Notifications: Toggle push notifications, pings, and daily reminders in Settings
  • Friend Requests: Accept or decline friend requests individually
  • Account Deletion: Delete your account entirely from Settings (see Section 8)

6. Data Security

We take security seriously and implement industry-standard measures to protect your data:

  • All data transmitted between your device and our servers is encrypted using HTTPS/TLS
  • Passwords are hashed using bcrypt before storage
  • Database hosted on Supabase with encryption at rest
  • Access to user data is restricted to essential operations only
  • Regular security audits and updates

However, no system is 100% secure. While we do our best to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your data for as long as your account is active. Specifically:

  • Active Accounts: All habit logs, Loop data, and account information are retained indefinitely while your account exists
  • Deleted Habits: When you delete a habit, its completion logs are also deleted immediately
  • Deleted Accounts: When you delete your account, all personal data is permanently deleted within 30 days
  • Loop Data: If you leave a Loop, your completion history in that Loop is retained for other members' records, but your access is removed

8. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate information in your profile settings
  • Deletion: Delete your account and all associated data (Settings → Delete Account)
  • Data Portability: Request an export of your habit data in a machine-readable format
  • Objection: Object to certain processing activities (e.g., disable notifications)

To exercise these rights, contact us through the app or via email.

9. Children's Privacy

Rhythmic is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately and we will delete it.

10. International Data Transfers

Rhythmic is operated from and our servers are located in the United States. If you are accessing the app from outside the United States, your data will be transferred to and stored in the U.S. By using Rhythmic, you consent to the transfer of your data to the United States.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. If we make material changes, we will notify you through the app or via email. Your continued use of Rhythmic after such changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

  • Through the in-app contact form (Settings → Help & Support)
  • Via email (contact information available in the app)

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (note: we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

14. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
← Back to Home