✓ Designed with GDPR Principles in Mind

Rhythmica™ is designed with GDPR principles and privacy-by-design in mind. We collect minimal non-identifying data for analytics and do not collect personally identifiable information (PII) through our analytics systems.

1. Scope of this Policy

This Privacy Policy applies to information collected through Rhythmica™ websites, mobile applications, and related online services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this Policy.

2. Data Controller

The data controller responsible for your personal information is Rhythmica LLC, the owner and operator of Rhythmica™ (referred to as "we," "us," or "our" in this Policy).

If you have questions about this Policy or our data practices, you can contact us at:

Email: rob@rhythmica.app

Address: Rhythmica LLC, 312 W. 2nd St Suite 4209, Casper, WY 82601, USA

3. What Data We Collect

3.1 Non-Identifying Analytics Data

We collect non-identifying usage analytics to understand how users interact with our apps and improve the Service. We design our analytics to be non-identifying and do not associate analytics data with real-world identities or accounts.

Data Point What We Collect Purpose
Client ID Random UUID generated on device Track unique devices (not users)
Session ID Random UUID per session Track individual sessions
App Version e.g., "1.2.3" Track which app version is being used
Platform "ios" or "web" Understand platform usage
Session Duration Number of seconds Understand engagement patterns
Actions Per Session Count of user interactions Measure engagement
Songs Started Count of songs played Content usage analytics
Onboarding Status Boolean (completed or not) Track onboarding completion
Audio Load Errors Count of errors Technical debugging

3.2 Anonymous Feedback Data

When you submit feedback through the app, we collect:

  • Feedback type: bug, feature, improvement, general, or content_issue
  • Message: Your feedback text (5-5000 characters)
  • App version, platform, OS version: Technical context
  • Content path: Which content you were viewing (e.g., "en/es/verbs/hablar")
  • Rating: Optional 1-5 star rating
  • Sentiment: positive, neutral, or negative
  • Screen/feature: Where you were in the app
  • Locale/timezone: For context only (not precise location)

Note: Feedback is not linked to personally identifiable information. We do not collect names, email addresses, or other direct identifiers with feedback submissions.

4. What Data We DON'T Collect

❌ No Personal Identification

We explicitly do NOT collect:

  • Names – We never ask for or store your name
  • Email addresses – No email is required to use the app
  • Phone numbers – We don't collect phone numbers
  • Physical addresses – No home or mailing addresses
  • IP addresses – We do not intentionally log or retain IP addresses for analytics or user identification
  • Device identifiers – No IDFA, Android Advertising ID, or device serial numbers
  • Precise location data – No GPS coordinates or precise geolocation
  • Payment information – Payments are processed by third-party payment providers (e.g., Apple App Store), and we do not store credit card numbers or payment details on our servers
  • Biometric data – No fingerprints, face scans, or other biometrics
  • Social media profiles – No social media account linking or data collection
  • Contact lists – We never access your contacts
  • Photos or camera – We don't access your camera or photo library

5. How We Use Your Information

We use the non-identifying data we collect for:

  • Improving the Service: Understanding usage patterns, identifying bugs, and developing new features.
  • Technical debugging: Identifying and fixing technical issues like audio loading errors.
  • Content optimization: Understanding which songs and languages are most popular.
  • User experience: Measuring engagement, session duration, and feature usage.
  • Security: Detecting unusual patterns that might indicate abuse or technical issues.

Because our analytics data is designed to be non-identifying, we cannot use it to:

  • Identify individual users
  • Track users across different apps or websites
  • Build user profiles for advertising
  • Sell or share data with third parties for marketing

7. How We Share Your Information

We do not sell your data. We may share non-identifying analytics and feedback data with:

  • Service providers: Trusted third-party vendors who help us operate the Service, such as:
    • Supabase (database hosting - non-identifying analytics storage)
    • Vercel (app hosting and infrastructure)
    These providers are bound by strict confidentiality agreements and can only use data to provide services to us.
  • Legal requirements: If required by law, regulation, legal process, or governmental request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality protections.

Because our analytics data is designed to be non-identifying, there is minimal privacy risk even if shared with service providers.

8. Cookies and Similar Technologies

We may use cookies and local storage to:

  • Remember your settings and preferences (e.g., language selection)
  • Maintain session information and keep you logged in
  • Store anonymous client IDs for analytics

You can configure your browser to refuse cookies or alert you when cookies are being sent. However, some features of the Service may not function properly without them.

Cookie types we use:

  • Essential cookies: Required for the Service to function (session management)
  • Analytics cookies: Help us understand usage patterns (non-identifying)
  • Preference cookies: Remember your settings and choices

9. Data Retention

We retain non-identifying analytics and feedback data for:

  • Analytics data: Up to 2 years for trend analysis and service improvement
  • Feedback data: Indefinitely, as it contains no identifying information and supports long-term product improvement
  • Aggregated data: We may retain aggregated, non-identifiable data indefinitely for statistical purposes

When we no longer need data, we will delete or anonymize it.

10. Data Security

We use industry-standard security measures to protect your information:

  • HTTPS encryption for all data transmission
  • Secure database hosting with Supabase
  • API key authentication to prevent unauthorized access
  • Regular security updates and monitoring

However, no method of transmission over the Internet is completely secure, and we cannot guarantee absolute security.

11. Your Rights (GDPR & Privacy Laws)

Depending on your location, you may have the following rights:

  • Right to access: Request access to data we hold about you (note: our analytics is anonymous)
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data
  • Right to restriction: Request limitation of processing
  • Right to data portability: Request a copy of your data in a portable format
  • Right to object: Object to processing of your data
  • Right to withdraw consent: Withdraw consent at any time (where consent is the legal basis)
  • Right to lodge a complaint: Contact your local data protection authority

Important: Because our analytics data is designed to be non-identifying (using random UUIDs instead of user accounts), we cannot identify specific users to fulfill data access or deletion requests related to analytics. Where data cannot be linked to an individual, certain rights may not be technically applicable. However, you can delete the app to stop any further data collection.

To exercise your rights or ask questions, contact us at rob@rhythmica.app.

12. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 (or under the minimum age of digital consent in your jurisdiction) without appropriate parental consent.

Our analytics system does not differentiate between children and adults, as it's entirely anonymous. If you believe a child has provided feedback that includes identifiable information, please contact us at rob@rhythmica.app.

13. International Data Transfers

Rhythmica™ is operated from the United States. If you access the Service from outside the United States, your anonymous data may be transferred to, stored in, and processed in the United States or other countries.

For EU users: We rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards when transferring data from the EU to third countries. Because our analytics data is designed to be non-identifying, the risk of cross-border data transfers is minimal.

14. Third-Party Services

We use the following third-party services:

We do not use:

  • Google Analytics
  • Facebook Pixel or other social media tracking
  • Advertising networks
  • Cross-site tracking cookies

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be communicated via email or in-app notification.

Your continued use of the Service after any changes constitutes acceptance of the updated Policy.

16. Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at:

Email: rob@rhythmica.app
Subject: "GDPR Request" or "Data Protection Inquiry"

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Email: rob@rhythmica.app
Address: Rhythmica LLC, 312 W. 2nd St Suite 4209, Casper, WY 82601, USA