Legal

Privacy Policy

Back to RitualContact

Introduction

This Privacy Policy explains how Ritual collects, uses, stores, and shares personal information when you use Ritual's applications, websites, desktop software, mobile companion applications, integrations, and related services (collectively, the "Services").

Ritual is a behavior-tracking and personal data product. Depending on the features you use, Ritual may process information you enter directly, information generated by your devices, information imported from connected health or wearable providers, computer activity and screen-time information, and financial data obtained through Plaid in order to support user-selected tracking and analytics features.

By using Ritual, you acknowledge that your information will be handled as described in this Privacy Policy.

Scope

This Privacy Policy applies to Ritual's:

  • web and desktop applications
  • backend APIs and hosted infrastructure
  • iOS companion application
  • connected integrations, including wearable, health, and financial integrations
  • analytics, support, and product improvement workflows that support the Services

This Privacy Policy does not apply to third-party products, websites, or services that Ritual does not control, even when they are connected to Ritual. Those services are governed by their own terms and privacy notices.

Information We Collect

The information Ritual collects depends on which features you use.

1. Account and Authentication Information

When you create or use a Ritual account, Ritual may receive account and authentication-related information such as:

  • name
  • email address
  • profile image
  • account identifiers
  • session and authentication metadata

Ritual uses Clerk as its authentication provider for account sign-in, session management, and security features such as multi-factor authentication.

2. Habit, Journal, and User-Provided Content

Ritual collects information you choose to create or upload in the product, such as:

  • habits, categories, and goals
  • manual habit logs and notes
  • imported files, screenshots, or other user-submitted content
  • AI chat prompts, messages, and related context you choose to provide

3. Health, Wearable, and Biometric Data

If you connect health or wearable integrations, Ritual may receive and process data such as:

  • activity metrics, including steps, workouts, calories, recovery, and strain
  • sleep-related data
  • heart-rate and related biometric data
  • Apple Health and HealthKit-derived metrics
  • device identifiers and source metadata for connected wearable or mobile devices

This data is only collected when you choose to connect a provider or enable a supported sync flow.

4. Financial Data

If you connect a financial account through Plaid, Ritual may receive and process financial information needed to support Ritual's spending-tracking features, including:

  • institution and account metadata, such as institution name, account name, mask, and account type
  • transaction metadata, such as transaction date, merchant or transaction name, amount, pending status, and transaction category or code information made available by Plaid
  • derived daily spending totals and related sync metadata

Ritual currently uses Plaid-backed financial data for the narrow purpose of helping users track spending as a Ritual habit or behavior. Ritual does not represent itself as a general-purpose banking, payments, lending, brokerage, or accounting product. Plaid's handling of information is governed by Plaid's own disclosures and user-facing materials in Plaid Link.

5. Desktop Activity, Screen Time, and Local Memory Data

If you enable Ritual's desktop tracking, screen-time, or recorder features, Ritual may process information such as:

  • active application usage
  • browser and window activity metadata
  • timestamps, durations, and activity summaries
  • screen-time imports from connected mobile or operating-system features
  • screenshots, thumbnails, OCR text, and derived local memory/search data

Some of this information may remain stored locally on your device, depending on the feature and your configuration. Certain memory or recorder workflows may also upload data to Ritual's backend when cloud sync or related features are enabled.

6. Device, Usage, and Diagnostic Information

Ritual may automatically collect limited technical information such as:

  • device type and operating system
  • app version
  • crash, error, and performance information
  • IP address and request metadata
  • usage analytics and event data

7. Information from Third Parties

Ritual may receive information from third-party service providers and integrations you choose to use, including authentication, analytics, infrastructure, AI, wearable, and financial connectivity providers.

How We Use Information

Ritual uses personal information to:

  • provide, operate, and secure the Services
  • authenticate users and maintain accounts and sessions
  • ingest, normalize, store, and display user-selected tracking data
  • compute analytics, trends, rollups, summaries, and derived habit metrics
  • support desktop, wearable, health, and financial sync features
  • provide AI-powered product features you choose to use
  • troubleshoot errors, detect abuse, protect the Services, and maintain system reliability
  • communicate with users about the Services, including important updates and support matters
  • improve product functionality, quality, and performance
  • comply with legal obligations and enforce applicable terms

Ritual does not sell personal information and does not use Plaid-derived financial data for advertising or cross-context behavioral advertising.

How We Share Information

Ritual may share information with service providers and subprocessors that help operate the Services, including providers that support:

  • authentication and account security
  • cloud hosting and infrastructure
  • database and analytics infrastructure
  • financial connectivity
  • AI or transcription functionality
  • error monitoring and product analytics

Examples of provider categories used by Ritual may include:

  • Clerk for identity and account authentication
  • Plaid for financial account connectivity
  • Turso and related database infrastructure for application data storage
  • Tinybird for analytics processing
  • Vercel and related infrastructure providers for application hosting
  • OpenAI or other model providers for AI features you choose to use
  • OpenPanel or similar analytics providers for product analytics
  • Sentry or similar tools for error and reliability monitoring

Ritual may also share information:

  • when you direct Ritual to connect to or interact with a third-party integration
  • with your consent or at your direction
  • to comply with law, regulation, legal process, or valid governmental request
  • to protect the rights, safety, and security of Ritual, its users, or others
  • as part of an actual or proposed merger, financing, acquisition, or sale of assets, subject to appropriate confidentiality protections

Ritual does not share consumer financial data obtained through Plaid except as necessary to provide the user-requested feature, maintain the Services, comply with law, or as otherwise permitted by the user's direction and applicable law.

Data Minimization

Ritual aims to collect and retain only the information reasonably necessary to provide the features a user chooses to use.

Examples:

  • health and wearable data is collected only when a user connects a supported provider or enables a supported sync path
  • financial data is collected only when a user connects Plaid and is used to support spending tracking
  • desktop activity or memory-related data is collected only when the relevant permissions and product features are enabled

Data Retention

Ritual retains personal information for as long as reasonably necessary to provide the Services, maintain product functionality, comply with legal obligations, resolve disputes, and enforce agreements.

Retention may vary by data type and feature. For example:

  • account records, habits, and integration state may be retained while an account remains active
  • integration data may remain stored until deleted, disconnected, or no longer needed for the relevant feature
  • certain local recorder or memory data may be subject to automatic deletion or retention windows configured in the product
  • logs and operational records may be retained for security, abuse prevention, debugging, and service reliability purposes

Disconnecting an integration may stop future syncs, but it does not necessarily delete historical data that has already been imported into Ritual unless Ritual specifically offers or processes a deletion request for that data.

Your Choices and Controls

Depending on the product feature and your jurisdiction, you may be able to:

  • update account profile information
  • disconnect integrations such as Plaid or wearable providers
  • enable or disable sync features
  • manage local desktop permissions
  • adjust privacy-related desktop recorder settings, such as excluded apps or titles
  • request deletion of certain data or your account, subject to technical and legal limitations

If you would like to request deletion of your account or personal data, Ritual may require sufficient information to verify the request before acting on it.

Security

Ritual uses administrative, technical, and organizational safeguards designed to protect personal information. These measures may include authentication controls, multi-factor authentication for critical systems, encryption of sensitive integration tokens, encrypted transport, access controls, monitoring, and other security measures appropriate to the nature of the data and the Service.

No method of transmission or storage is completely secure, and Ritual cannot guarantee absolute security.

International Processing

Ritual and its service providers may process information in the United States and other jurisdictions where Ritual or its providers operate. By using the Services, you understand that your information may be transferred to and processed in countries that may have different data protection laws than the country where you live.

Children's Privacy

Ritual is not intended for children under 13, and Ritual does not knowingly collect personal information from children under 13. If Ritual learns that it has collected personal information from a child under 13 without appropriate authorization, Ritual will take steps to delete that information.

Changes to This Privacy Policy

Ritual may update this Privacy Policy from time to time to reflect changes to the Services, legal requirements, or Ritual's data practices. When Ritual makes material changes, Ritual will update the effective date above and may provide additional notice where appropriate.

Contact

Questions or requests relating to this Privacy Policy or Ritual's privacy practices may be directed to Ritual using the contact or support channel made available within the Ritual application or on Ritual's website.