Privacy Policy

1. Overview

Ritualz is a minimal habit tracker available on iPhone, Android, and the web. This policy explains what we collect, how we use it, and the rights you have over your data.

2. What we collect

• Account: your name and email when you sign up, either directly or through Sign in with Apple or Google.
• Habit data: the rituals you track and your completion history.
• Subscription state: whether you have an active subscription, as confirmed by the platform that processed your purchase (Apple, Google Play, or Stripe).

We don’t collect device fingerprints, advertising IDs, or third-party tracking data.

3. How we use it

• Run the app: sync your habits across iPhone, Android, and the web.
• Manage subscriptions: verify billing state with the platform that processed your purchase.
• Improve Ritualz: understand which features are used most, via anonymous aggregated metrics — never tied to your account.

4. Third parties

A small number of services help run Ritualz:

• Apple In-App Purchase — App Store subscriptions.
• Google Play Billing — Play Store subscriptions.
• Stripe — web subscriptions.
• Supabase — secure cloud storage of your habit data.
• RevenueCat — cross-platform subscription state.

Each handles your information under their own privacy policy. We do not sell your data.

5. Storage and security

Your data is stored on secure cloud servers with industry-standard encryption in transit (TLS) and at rest. Access is restricted to the developer and is logged.

We take reasonable care to protect your data, but no system is 100% impenetrable.

6. Your rights

• Access: view what we hold about you.
• Modify: update or correct any of it.
• Delete: request full removal of your account and data.

Email mitchell.h.koh@gmail.com from your registered address and we’ll act within 30 days.

7. Cookies and tracking

The marketing site uses no cookies or analytics tracking. The web app uses a single session cookie to keep you signed in. No ad networks. No cross-site trackers.

8. Children

Ritualz isn’t intended for children under 13 and we don’t knowingly collect data from them. If a child has signed up, email us and we’ll remove the account.

9. Compliance

We make a reasonable effort to comply with GDPR (EU) and CCPA (California). Email us for any specific compliance request.

10. Retention

We keep your data for as long as your account is active. After deletion, we wipe it within 30 days unless we’re legally required to keep it longer.

11. Changes

If we update this policy, we’ll change the effective date at the top. Material changes will be announced in-app or by email.

12. Contact

Questions? Email:

mitchell.h.koh@gmail.com