Privacy Policy

Introduction

This Privacy Policy explains how Ritual collects, uses, stores, and shares personal information when you use Ritual's applications, websites, desktop software, mobile companion applications, integrations, and related services.

Ritual is a behavior-tracking and personal data product. Depending on the features you use, Ritual may process information you enter directly, information generated by your devices, information imported from connected health or wearable providers, computer activity and screen-time information, and financial data obtained through Plaid to support user-selected tracking and analytics features.

Information We Collect

• Account and authentication information, such as name, email address, account identifiers, and session metadata.
• Habit logs, notes, AI chat prompts, imported files, and other content you choose to create or upload.
• Health, wearable, and biometric data when you connect providers such as Apple Health, Whoop, Oura, Garmin, or Fitbit.
• Financial account, transaction, and spending-rollup data when you connect Plaid for spending tracking.
• Desktop activity, screen-time, screenshot, OCR, and local memory/search data when you enable relevant desktop permissions and features.
• Device, diagnostic, analytics, and usage information used to operate, secure, and improve the service.

How We Use Information

• To provide, operate, secure, and improve Ritual.
• To authenticate users and maintain accounts and sessions.
• To ingest, normalize, store, and display user-selected tracking data.
• To generate analytics, trends, rollups, summaries, and other product features.
• To support AI-assisted experiences you choose to use.
• To troubleshoot errors, detect abuse, and maintain reliability and security.
• To comply with legal obligations and enforce applicable terms.

Health, Wearable, and Financial Data

Health, wearable, and biometric data is collected only when you choose to connect a supported provider or enable a supported sync path.

If you connect Plaid, Ritual may process institution metadata, account metadata, normalized transaction records, and derived daily spending totals. Ritual currently uses Plaid-backed data for the narrow purpose of helping users track spending as a Ritual habit or behavior.

Ritual does not sell personal information and does not use Plaid-derived financial data for advertising or cross-context behavioral advertising.

How We Share Information

Ritual may share information with service providers and subprocessors that help operate the service, including providers that support authentication, hosting, database infrastructure, analytics, AI features, error monitoring, and financial connectivity.

Examples of provider categories used by Ritual may include Clerk for authentication, Plaid for financial connectivity, Turso for database infrastructure, Tinybird for analytics processing, hosting providers such as Vercel, AI model providers for AI features you choose to use, OpenPanel for product analytics, and Sentry or similar tools for reliability monitoring.

Ritual may also share information when required by law, to protect rights and security, at your direction, or as part of a business transaction subject to appropriate safeguards.

Data Retention and Deletion

Ritual retains personal information for as long as reasonably necessary to provide the service, maintain security and reliability, comply with legal obligations, resolve disputes, and enforce agreements.

Retention varies by feature and data type. Disconnecting an integration generally stops future syncs but does not necessarily delete historical data already imported into Ritual unless Ritual specifically processes a deletion workflow or verified deletion request for that data.

Additional details are available in Ritual's data deletion and retention policy.

Your Choices

• Manage connected integrations and sync settings.
• Disconnect Plaid and wearable providers.
• Control local desktop permissions and privacy-related desktop settings.
• Request deletion of certain data or your account, subject to verification and applicable limitations.

Security

Ritual uses administrative, technical, and organizational safeguards designed to protect personal information. These measures may include authentication controls, multi-factor authentication for critical systems, encryption of sensitive integration tokens, encrypted transport, access controls, monitoring, and other security measures appropriate to the nature of the service.

No method of transmission or storage is completely secure, and Ritual cannot guarantee absolute security.

Children's Privacy

Ritual is not intended for children under 13, and Ritual does not knowingly collect personal information from children under 13.

Changes to This Policy

Ritual may update this Privacy Policy from time to time to reflect changes to the service, legal requirements, or Ritual's data practices. When Ritual makes material changes, Ritual will update the effective date above and may provide additional notice where appropriate.

Contact

Questions or requests relating to this Privacy Policy or Ritual's privacy practices may be directed to Ritual through the contact or support channel made available within the Ritual application or on Ritual's website.