Privacy Policy — Ritmo

Effective date: 2025-11-04

This Privacy Policy explains what information Ritmo collects, how we use it, and your choices. Ritmo is a personal focus and timer app with optional widgets (weather, quotes, calendar), user authentication, and an AI voice assistant. We use analytics to improve the product. If anything here is unclear, contact us at:danilofranco.work@gmail.com

Summary

  • We store timer state and preferences locally on your device.
  • User accounts are authenticated using Apple or Google Sign-In, or email and password. Your authentication data is encrypted using AES-256 encryption.
  • We use PostHog analytics (including optional session replay) to understand usage patterns and improve the app. We do not collect sensitive personal data.
  • The AI voice assistant uses your microphone for real-time conversations. We do not record, store, or transmit your voice conversations or transcriptions to our servers.
  • Calendar access is used only to display upcoming events on your device and is not sent to our servers.
  • Weather data is fetched from a third‑party API using your selected city name.

Information We Process

1. Information you choose or generate in the app

  • Language selection (en/es/it)
  • Timer interactions: selected preset name, custom timer minutes entered, break duration chosen
  • Widget configuration: which header widget(s) are shown (weather, quotes, calendar, todo)

How used: to make the app work and to understand which features are most useful.

2. Device and app information (analytics)

  • Device model, OS version, app version/build, anonymous device/app instance identifiers
  • Basic usage events (screens, taps, errors) and performance signals
  • Network metadata (e.g., IP) used by PostHog to derive coarse location and anti‑abuse

How used: to diagnose issues, measure performance, and guide improvements.

3. Calendar (optional, only if you enable the calendar widget)

  • What we access: your local calendar metadata (event title and start/end time) for the next days
  • Where processed: on‑device; used only to render the calendar widget
  • What we do not do: we do not upload calendar contents to our servers or to analytics vendors

4. User Authentication (optional)

  • Authentication providers: Apple Sign-In or Google Sign-In
  • What we collect: email address, full name (if provided by OAuth provider), unique user ID
  • Purpose: to enable AI voice assistant features

5. AI Voice Assistant (optional, requires authentication)

  • Microphone access: required to enable real-time voice conversations with the AI assistant
  • What we track: session duration and usage limits for quota management
  • What we DO NOT collect: we do not record, store, or transmit your voice conversations, audio recordings, or transcriptions to our servers

6. Notifications and Live Activities (iOS)

We schedule local notifications on your device for timer completion and use Live Activities to display timer progress. We do not collect notification tokens for push, and we do not send notification content to servers.

7. Weather (optional, only if you view the weather widget)

We call WeatherAPI using your selected city name to fetch current/forecast data. This request is made from the app to the weather provider and includes your city text and standard network metadata.

Analytics and Session Replay

We use PostHog (`posthog-react-native`) with Session Replay (`posthog-react-native-session-replay`) and autocapture enabled to better understand how Ritmo is used:

  • Event names we send include examples like `widget_toggled`, `language_selected`, `custom_timer_set`, `break_duration_selected`, `ai_agent_tool_called`, `voice_agent_session_ended`, `feedback_response`, and `store_review_requested` with minimal properties (e.g., widget type, language code, minutes, session duration, platform).
  • Autocapture automatically tracks UI interactions such as button taps, screen views, and navigation events to understand user behavior.
  • Session Replay captures UI screens and interactions to help us reproduce bugs and UX issues. We do not knowingly record sensitive text fields in Ritmo. However, content shown on screen (e.g., visible calendar event titles when the calendar widget is open, or todo list items) may appear in a replay.

Controls:

Legal Bases

  • Consent: user authentication via Apple/Google Sign-In, or email and password; AI voice assistant and microphone access; analytics and session replay.
  • Legitimate Interests: operating core app features (timer persistence, local notifications); improving app quality through analytics.

Data Retention

  • On‑device storage (timer state, preferences): kept until you clear app data or uninstall.
  • User accounts: retained until you request account deletion. Authentication tokens are encrypted and stored on your device.
  • AI voice sessions: no recordings are stored. Only session duration and usage metadata are retained for quota management.
  • Analytics (PostHog): retained up to 24 months, after which it may be aggregated or deleted. We will honor deletion requests sooner upon request.

Sharing

We do not sell your data. We share limited data with service providers strictly to operate the app:

  • PostHog - analytics and session replay

Your Rights

You have the right to access, correct, delete, or export your personal data. To exercise your rights, email danilofranco.work@gmail.com with your device details and any relevant timestamps so we can identify your analytics profile or user account. We will respond within 30 days.

For account deletion, include your registered email address in your request. We will delete your account, profile data, and any associated analytics data.

Security

We use reasonable safeguards to protect data in transit and at rest. No method of transmission or storage is 100% secure.

Changes to This Policy

We may update this policy to reflect changes to the app or laws. We will revise the "Effective date" above and, when material, notify you in‑app or via release notes.

Contact

Owner/Developer: Danilo Franco
Email: danilofranco.work@gmail.com