Data Deletion and Retention Policy

Purpose

This policy explains how Ritual retains, deletes, and manages user data across its applications, integrations, local software, backend systems, and supporting infrastructure.

Ritual retains personal data only for as long as reasonably necessary to provide the service, support user-requested features, maintain security and reliability, comply with legal obligations, resolve disputes, and enforce agreements.

Retention Principles

• Retain data only as long as reasonably necessary for the relevant feature or operational purpose.
• Minimize storage of high-sensitivity data where a less sensitive derived value will satisfy the product need.
• Stop future ingestion when a user disconnects an integration or revokes permissions.
• Honor verified deletion requests subject to technical, contractual, and legal limitations.

How Ritual Treats Different Data Types

• Account and authentication data may be retained while an account remains active and for a reasonable period thereafter for security, integrity, and compliance purposes.
• Habit logs and user-created content may be retained until deleted by the user, deleted as part of an account deletion workflow, or no longer required for product operation.
• Health, wearable, and biometric data may be retained while the relevant feature remains active and for so long as needed to provide analytics, history, and user-requested functionality.
• Plaid connection metadata, normalized transaction data, and derived daily spending records may be retained for sync integrity, spending rollups, troubleshooting, history, and user-requested features.
• Desktop activity, screen-time, screenshot, OCR, and memory-related data may be stored locally on the user's device and, where enabled, may also be processed through Ritual cloud services.
• Operational logs and diagnostics may be retained for limited periods for debugging, abuse prevention, incident response, and service reliability.

Integration Disconnects

Disconnecting an integration generally revokes the connection's active status inside Ritual and stops future syncs from that provider.

Disconnecting an integration does not necessarily delete historical data already imported into Ritual unless Ritual specifically performs a deletion workflow for that data or the user submits a verified deletion or account deletion request.

Account and Data Deletion

When Ritual processes a verified account or data deletion request, Ritual takes reasonable steps to delete or de-identify data from active systems, subject to legal obligations, fraud prevention, abuse prevention, backup and disaster recovery constraints, and technical limitations in third-party systems.

Residual copies may persist temporarily in backups, logs, caches, or recovery systems until those systems cycle out the relevant data in the ordinary course.

Local Data and Configured Retention Windows

Some local recorder and memory features use product-configured cleanup behavior and retention windows. For example, certain local recorder configurations apply a default retention window for thumbnails and OCR-related data stored on the user's device.

Review and Enforcement

Ritual reviews this policy at least annually and when introducing material changes to its data architecture, vendors, deletion workflows, retention workflows, or legal obligations.

Retention and deletion practices are enforced through a combination of application logic, local cleanup behavior, integration disconnect flows, operational procedures, and verified account or data deletion handling.

Contact

Questions or verified deletion requests relating to this policy may be submitted through Ritual's support or contact channels made available within the product or on Ritual's website.