What information do we collect?
We automatically collect information such as your IP address and device ID in order to provide our services to you. We also collect information from you when you register or fill out a form or upload information to the System.
The information we may collect includes, without limitation:
1. Content and Contact data, such as: IP address, Email addresses, Phone numbers, your wellbeing profile, how and when you use the Ritual App, and other similar data as well as photos or other content you may upload in connection with your use of the Ritual App.
2. Metadata related to your use of the System, such as: when you open the App or login to the System and how you use the System.
What do we use your information for?
Any of the information we collect from you may be used in one of the following ways:
- We provide curated guided wellbeing practice services to you. We process personal information as necessary to perform these services. In addition to storing and retrieving data, we carry out necessary processing to generate insights of your interactions with the System.
- To personalize your experience (your information helps us to better respond to your individual needs)
- To improve our Service (we continually strive to improve based on the information and feedback we receive from you)
- To provide and improve customer service (your information helps us to more effectively respond to your customer service and support needs)
Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.
Where do we process data?
Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer your personal information except in accordance with this policy. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety. Additionally, in the event our business is acquired by a third party the information used in the operation of our business will necessarily be transferred in connection with that acquisition. Anonymized non-personally identifiable information may be provided to other parties for analytics, marketing, advertising, or other uses.
We use sub-processors to provide us with some services that are necessary to provide the System. Those subprocessors and the services they provide are listed below and by using the System you consent to the transfer of your personal information to them for the purposes of allowing us to operate the System: Firebase; AWS; Sentry (bug reporting).
California Online Privacy Protection Act Compliance
Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent.
We ensure that persons authorized to process your personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
We take Technical and Organizational measures in accordance with Article 32 of the GDPR
Company respects the conditions referred to in paragraphs 2 and 4 of Article 28.3 of the GDPR for engaging another processor;
We will use commercially reasonable efforts, insofar as this is possible, for the fulfilment of our obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GPDR, as such, we will, at the request of a verifiable data subject, which should be exercised via emailing the request to firstname.lastname@example.org:
- Provide a copy of all personal data we have regarding a data subject
- Delete or return all personal data to the data subject, unless Union or Member State law requires storage of the personal data;
- Update or modify the personal data regarding the data subject to the extent that it is incorrect