Ink

PRIVACY POLICY

Last updated: June 26, 2026

This Privacy Policy explains how Rhythmic, Inc. ("Company," "we," "us," or "our") collects, uses, and discloses your information when you use our products, tools, and services, and outlines your rights and choices. It applies to Ink and to the other applications, websites, and tools we operate, generally hosted at rhythmicapps.com and its subfolders (for example, rhythmicapps.com/Ink), and any other standalone tools or sites we operate (each a "Product" and collectively, the "Products").

Please read this Privacy Policy carefully.

1. INTERPRETATION AND DEFINITIONS

Words with initial capitalization have the meanings defined below. These definitions apply equally to the singular and plural forms.

  • Account - A unique account created for you to access a Product or parts of it.
  • Affiliate - An entity that controls, is controlled by, or is under common control with the Company.
  • Application - Ink, provided by the Company.
  • Company - Rhythmic, Inc., registered in Delaware, United States.
  • Device - Any device that can access a Product (e.g., smartphone, tablet, or computer).
  • Personal Data - Any information that relates to an identified or identifiable individual.
  • Service Provider - A third-party company or individual that processes data on our behalf.
  • Usage Data - Information collected automatically when using a Product (e.g., device type, session duration).
  • You - The individual using a Product, or the legal entity represented by that individual.

2. INFORMATION WE COLLECT

We collect information you provide voluntarily and data collected automatically when you use a Product.

Information you provide

  • Profile Data: your email address, password, and any optional profile details.
  • Payment Data: when you make purchases, payment information is processed by third-party providers (e.g., Apple, Google). We do not store your full payment credentials.
  • Support & Feedback: any information you provide when contacting us for support, completing surveys, or giving feedback.

Data collected automatically

  • Usage Data: how you interact with the Product, including features accessed, session duration, and frequency.
  • Device & Browser Data: IP address, device type, OS version, time zone, and language settings.
  • Referrer & Campaign Data: information on how you discovered the Product (e.g., ad source, referral link).
  • Cookies & Similar Technologies: used to maintain sessions and measure performance on our websites. You can control cookies through your browser settings.

Tracking and advertising identifiers

With your permission through the App Tracking Transparency prompt, and where otherwise permitted, we collect your Apple Identifier for Advertisers (IDFA) or Google Advertising ID (AAID) and use them, through the attribution partners listed in the Third-Party Services and SDKs section, to measure campaign effectiveness, attribute installs, and understand where users discover the Product. You can reset or disable these identifiers, and change your tracking choice, at any time in your device settings.

Journaling content

Ink supports a physical, pen-and-paper journaling practice; it is designed to help you begin, continue, and return to writing in your own journal, not to store the text you write there. We do not store the text of your journal entries as product data, on your device or on our servers, and we do not include journal text, highlight text, or raw photo or media content in our analytics or attribution telemetry. The only journaling information we collect is the optional session details you explicitly choose to add in the app, such as marking a session complete or adding a short note.

Voice notes and transcription (optional)

Voice journaling is optional. If you use it, Ink records a voice note with your device microphone and, with your consent, sends the audio to our transcription provider (OpenAI) to convert it to text for your journal entry on your device. We do not store the audio or the resulting transcript on our servers. OpenAI may retain the audio for a limited period solely for security and abuse monitoring and does not use it to train its models. We keep only a content-free usage record, such as the audio duration, to manage quota and prevent abuse. You can use Ink without enabling voice transcription.

Photos and media

Any photos you add to Spaces, and any profile photo you set, stay on your device. Ink does not sync these images to our backend by default; they remain local to your device unless you choose to export them through your device's own systems.

Anonymous app identity and reset

You can use Ink without an account. To support app continuity, deletion handling, and associated backend records, we assign an anonymous identifier that is not tied to your name or email. If you use Ink while signed out, you can clear this anonymous activity and return Ink to a fresh-install state on the device using "Reset Ink on this device." Data already linked to a Rhythmic account is governed by the account-deletion controls in the "Delete Your Personal Data" section.

After you delete your account or reset Ink on this device, we may keep a limited de-identified record of the action itself, such as the deletion type, platform, and the number of records removed, for security and accounting purposes. This record does not include your journal text, account identifiers, or device identifiers.

3. HOW WE USE YOUR PERSONAL DATA

We process your personal data for the following purposes:

  • To provide and improve the Product: operate, maintain, and enhance the experience, enable core functionality, troubleshoot technical issues, authenticate users, and secure access to your account.
  • To analyze and enhance the Product: we use aggregated and anonymized data to understand how users interact with the Product, run surveys, test features, and identify improvements.
  • To customize your experience: for instance, to determine which payment options, promotions, or recommendations to display.
  • To process payments: we rely on trusted third-party payment providers (such as Apple, Google) to process purchases and subscriptions. We do not store full payment details.
  • To enforce terms and prevent fraud: enforce our Terms, prevent fraud, resolve disputes, and detect malicious activity. Where required by law or in cases involving fraud or legal claims, we may share relevant information with law enforcement authorities.
  • To communicate with you: via email, in-app messages, or push notifications about your account, Product usage, or feature changes, including reminders or security notices.
  • To send marketing communications: we may send messages about features, offers, and events. You can opt out of marketing emails at any time via the "Unsubscribe" link in the email footer.
  • To provide customer support: respond to inquiries, confirm transactions, and send legal or status notices.
  • To comply with legal obligations: process or share information when required by applicable law, regulation, legal process, or government request.

AI features

To provide and improve our AI features, we process information about how you interact with them (for example, which AI features you use and how often). Certain AI functionality is delivered using third-party AI providers listed in the Third-Party Services and SDKs section; the content needed to provide the feature may be processed by those providers under their data-processing terms.

4. THIRD-PARTY SERVICES AND SDKs

The Product relies on the third-party services and SDKs listed below. Each acts as a service provider/processor on our behalf unless stated otherwise. This section is assembled from the processors this app actually ships.

Amplitude (Amplitude, Inc.)

Product analytics and event tracking, to understand how users navigate and interact with the Product so we can improve functionality and engagement. Amplitude does not sell user data or use it for advertising. Privacy Policy: https://amplitude.com/privacy

Sentry (Functional Software, Inc.)

Error monitoring and performance tracking. Collects crash reports, error logs, and device information to help us identify and fix issues. Sentry does not use advertising identifiers. Privacy Policy: https://sentry.io/privacy/

Expo (650 Industries, Inc.)

App development and over-the-air update infrastructure. May collect device identifiers and push tokens when delivering updates. Privacy Policy: https://expo.dev/privacy

Supabase (Supabase, Inc.)

Backend infrastructure and data hosting, including account management, secure data storage, operational telemetry, and account and data deletion handling. Supabase acts as a data processor on our behalf and does not use your data for its own purposes. Privacy Policy: https://supabase.com/privacy

RevenueCat (RevenueCat, Inc.)

Subscription and in-app purchase management. Processes purchase history and subscription status to validate receipts, prevent fraud, and sync purchases across devices. Acts as a data processor and does not sell or share personal data. Privacy Policy: https://www.revenuecat.com/privacy/

Payment Processors (Apple, Google)

Process subscription and in-app payments. We never store full credit card data.

AppsFlyer (AppsFlyer Inc.)

Our primary mobile attribution and marketing-measurement provider, and the partner that presents the App Tracking Transparency prompt. Where permitted (including after you allow tracking through that prompt), AppsFlyer may collect device identifiers such as the IDFA or AAID, IP address, and engagement and conversion data to attribute installs and measure campaign performance across our marketing channels (including Meta, Google, and TikTok). AppsFlyer processes this data on our behalf as a processor and does not use it for its own advertising purposes. Privacy Policy: https://www.appsflyer.com/legal/services-privacy-policy/

AppStack (AppStack)

Used alongside AppsFlyer for campaign management, attribution, and ad-performance optimization. AppStack may collect device identifiers, IP address, and engagement and conversion data to attribute installs and optimize ad delivery across supported ad networks (including Meta, Google, and TikTok). AppStack processes this data on our behalf as a processor and does not use it for its own advertising purposes. Privacy Policy: https://www.appstack.tech/legal/privacy-policy

OpenAI (OpenAI, L.L.C.)

Provides AI features. The content you submit to those features is sent to OpenAI to generate the result and may be retained by OpenAI for a limited period solely for security and abuse monitoring. Privacy Policy: https://openai.com/privacy

5. APP TRACKING TRANSPARENCY (ATT)

In accordance with Apple's App Tracking Transparency framework, Ink may request your permission to track activity across apps and websites owned by other companies for advertising and attribution purposes. If you decline, we respect your choice and disable tracking features not essential to operating the Product.

6. SENSITIVE DATA

Ink supports general wellbeing. We are not a medical provider and do not collect "Protected Health Information" under HIPAA. However, we recognize that the information you choose to record about your wellbeing (for example, how you are feeling, what you are practicing or working on, and any notes or reflections you add) can be sensitive, and we treat it with additional care. We process this data solely to provide the Product to you. The content you record remains private to you and is not shared externally unless you choose to export or disclose it.

7. LEGAL BASES FOR PROCESSING (EEA/UK USERS)

If you reside in the European Economic Area or the United Kingdom, our legal bases for processing include:

  • Contract performance - to deliver the Product.
  • Consent: for tracking, cookies, and marketing communications (and, where applicable, for any special category data described in the Sensitive Data section).
  • Legitimate interests - to improve and secure the Product.
  • Legal obligation - to comply with applicable laws.

You have the right to withdraw consent at any time.

8. YOUR RIGHTS AND CHOICES

Depending on your jurisdiction, you may have the right to access or request a copy of your data, request correction or deletion, withdraw consent for marketing or tracking, request data portability, and object to certain processing. To exercise these rights, email us at support@rhythmicapps.com.

California residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, use, and disclose; to delete it (subject to exceptions); to correct inaccurate information; to opt out of the "sharing" of personal information for cross-context behavioral advertising; and to non-discrimination for exercising these rights.

We do not "sell" personal information for monetary consideration. However, our use of analytics and advertising identifiers with the attribution partners listed in the Third-Party Services and SDKs section may constitute "sharing" under California law.

To exercise these rights, email support@rhythmicapps.com or use the "Do Not Sell or Share My Personal Information" link in our website footer. Where required, we also honor opt-out preference signals such as Global Privacy Control (GPC) transmitted by your browser. We will respond to verified requests within 45 days.

Other U.S. state privacy rights

If you reside in a U.S. state with a comprehensive consumer privacy law (such as Virginia, Colorado, Connecticut, Texas, Oregon, and others), you may have rights similar to those above, including to access, correct, delete, and obtain a copy of your personal data, and to opt out of targeted advertising, the sale of personal data, and certain profiling. To exercise these rights, contact us at support@rhythmicapps.com. You may also have the right to appeal a decision on your request.

9. DATA RETENTION

We retain your personal data only as long as necessary for the purposes stated in this Policy. Retention periods include:

  • Account data: retained until your account is deleted or as legally required.
  • Attribution/analytics data: up to 24 months (aggregated data may persist longer in anonymized form).
  • Website analytics data: up to 26 months (configurable; aggregated reports may persist longer).
  • AI feature data: up to the retention window stated by the AI provider in the Third-Party Services and SDKs section.

10. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in the United States, the European Union, and/or other countries where we or our service providers operate. The primary processing location for Ink is the United States. These countries may have data-protection laws that differ from those in your jurisdiction.

When we transfer personal data from the European Economic Area, United Kingdom, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission (and the UK Addendum where applicable), and we maintain data-processing agreements with our service providers requiring them to protect your data consistent with this Privacy Policy.

If you have questions about international transfers, contact us at support@rhythmicapps.com.

11. DATA SECURITY

We use encryption, access controls, and secure servers to protect your data. However, no internet transmission or electronic storage is completely secure, and we cannot guarantee absolute security.

12. DATA BREACH NOTIFICATION

If a security breach results in unauthorized access to your personal data, we will notify the relevant supervisory authorities as required by applicable law (where required, within 72 hours of becoming aware), and we will notify affected users without undue delay where the breach is likely to result in a high risk to your rights and freedoms. We maintain incident-response procedures to detect, investigate, and respond to potential security incidents.

13. CHILDREN'S PRIVACY

Ink is not directed to, and is not intended for use by, anyone under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us personal data, please contact us at support@rhythmicapps.com and we will delete it.

14. LINKS TO OTHER WEBSITES

Our Products may contain links to third-party websites not operated by us. We are not responsible for the content or privacy practices of those sites. Please review their privacy policies before providing any personal data.

15. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. The updated version will always be available at https://rhythmicapps.com/ink/privacy. We will let you know via email and/or a prominent notice on the Product prior to the change becoming effective, and update the "Last updated" date above. Changes are effective when posted.

16. DELETE YOUR PERSONAL DATA

You have the right to delete, or request that we help delete, the personal data we have collected about you. You may update, amend, or delete your information at any time by signing in to your Account and visiting the account settings section, or by contacting us. Please note we may need to retain certain information where we have a legal obligation or lawful basis to do so. To make a request, contact support@rhythmicapps.com.

17. EU / UK CONTACT AND REPRESENTATIVE

For questions about how we process the personal data of individuals in the EEA and the UK, you can contact our EU-based point of contact:

Gabriel Kwakyi Schumanngasse 67 1/7 1170 Vienna, Austria support@rhythmicapps.com +43 699 8189 6557

EEA and UK data subjects may contact us at this address regarding the processing of their personal data.

CONTACT US

If you have any questions or requests regarding this Privacy Policy, please contact us:

Rhythmic, Inc. Attention: Privacy Officer Email: support@rhythmicapps.com Address: 251 Little Falls Drive, Wilmington, DE 19808, United States