PRIVACY POLICY

Last updated: June 25, 2026

This Privacy Policy explains how Rhythmic, Inc. ("Company," "we," "us," or "our") collects, uses, and discloses your information when you use our products, tools, and services, and outlines your rights and choices. It applies to Trebit and to the other applications, websites, and tools we operate, generally hosted at rhythmicapps.com and its subfolders (for example, rhythmicapps.com/Trebit), and any other standalone tools or sites we operate (each a "Product" and collectively, the "Products").

Please read this Privacy Policy carefully.

1. INTERPRETATION AND DEFINITIONS

Words with initial capitalization have the meanings defined below. These definitions apply equally to the singular and plural forms.

• Account - A unique account created for you to access a Product or parts of it.
• Affiliate - An entity that controls, is controlled by, or is under common control with the Company.
• Application - Trebit, provided by the Company.
• Company - Rhythmic, Inc., registered in Delaware, United States.
• Device - Any device that can access a Product (e.g., smartphone, tablet, or computer).
• Personal Data - Any information that relates to an identified or identifiable individual.
• Service Provider - A third-party company or individual that processes data on our behalf.
• Usage Data - Information collected automatically when using a Product (e.g., device type, session duration).
• You - The individual using a Product, or the legal entity represented by that individual.

2. INFORMATION WE COLLECT

This Product stores the content you create primarily on your own device. We do not receive or store that on-device content on our servers. The information described below is limited to what is necessary to operate, support, and improve the Product.

We collect information you provide voluntarily and data collected automatically when you use a Product.

Information you provide

• Payment Data: when you make purchases, payment information is processed by third-party providers (e.g., Apple, Google). We do not store your full payment credentials.
• Support & Feedback: any information you provide when contacting us for support, completing surveys, or giving feedback.

Data collected automatically

• Usage Data: how you interact with the Product, including features accessed, session duration, and frequency.
• Device & Browser Data: IP address, device type, OS version, time zone, and language settings.
• Referrer & Campaign Data: information on how you discovered the Product (e.g., ad source, referral link).

Tracking and advertising identifiers

With your permission through the App Tracking Transparency prompt, and where otherwise permitted, we collect your Apple Identifier for Advertisers (IDFA) or Google Advertising ID (AAID) and use them, through the attribution partners listed in the Third-Party Services and SDKs section, to measure campaign effectiveness, attribute installs, and understand where users discover the Product. You can reset or disable these identifiers, and change your tracking choice, at any time in your device settings.

3. HOW WE USE YOUR PERSONAL DATA

We process your personal data for the following purposes:

• To provide and improve the Product: operate, maintain, and enhance the experience, enable core functionality, troubleshoot technical issues.
• To analyze and enhance the Product: we use aggregated and anonymized data to understand how users interact with the Product, run surveys, test features, and identify improvements.
• To customize your experience: for instance, to determine which payment options, promotions, or recommendations to display.
• To process payments: we rely on trusted third-party payment providers (such as Apple, Google) to process purchases. We do not store full payment details.
• To enforce terms and prevent fraud: enforce our Terms, prevent fraud, resolve disputes, and detect malicious activity. Where required by law or in cases involving fraud or legal claims, we may share relevant information with law enforcement authorities.
• To communicate with you: via email, in-app messages, or push notifications about your account, Product usage, or feature changes, including reminders or security notices.
• To send marketing communications: we may send messages about features, offers, and events. You can opt out of marketing emails at any time via the "Unsubscribe" link in the email footer.
• To provide customer support: respond to inquiries, confirm transactions, and send legal or status notices.
• To comply with legal obligations: process or share information when required by applicable law, regulation, legal process, or government request.

4. THIRD-PARTY SERVICES AND SDKs

The Product relies on the third-party services and SDKs listed below. Each acts as a service provider/processor on our behalf unless stated otherwise. This section is assembled from the processors this app actually ships.

Amplitude (Amplitude, Inc.)

Product analytics and event tracking, to understand how users navigate and interact with the Product so we can improve functionality and engagement. Amplitude does not sell user data or use it for advertising. Privacy Policy: https://amplitude.com/privacy

Sentry (Functional Software, Inc.)

Error monitoring and performance tracking. Collects crash reports, error logs, and device information to help us identify and fix issues. Sentry does not use advertising identifiers. Privacy Policy: https://sentry.io/privacy/

Expo (650 Industries, Inc.)

App development and over-the-air update infrastructure. May collect device identifiers and push tokens when delivering updates. Privacy Policy: https://expo.dev/privacy

RevenueCat (RevenueCat, Inc.)

Subscription and in-app purchase management. Processes purchase history and subscription status to validate receipts, prevent fraud, and sync purchases across devices. Acts as a data processor and does not sell or share personal data. Privacy Policy: https://www.revenuecat.com/privacy/

Payment Processors (Apple, Google)

Process subscription and in-app payments. We never store full credit card data.

• Apple: https://www.apple.com/legal/privacy/
• Google: https://policies.google.com/privacy

AppStack (AppStack)

Used alongside AppsFlyer for campaign management, attribution, and ad-performance optimization. AppStack may collect device identifiers, IP address, and engagement and conversion data to attribute installs and optimize ad delivery across supported ad networks (including Meta, Google, and TikTok). AppStack processes this data on our behalf as a processor and does not use it for its own advertising purposes. Privacy Policy: https://www.appstack.tech/legal/privacy-policy

5. APP TRACKING TRANSPARENCY (ATT)

In accordance with Apple's App Tracking Transparency framework, Trebit may request your permission to track activity across apps and websites owned by other companies for advertising and attribution purposes. If you decline, we respect your choice and disable tracking features not essential to operating the Product.

6. SENSITIVE DATA

Trebit supports general wellbeing. We are not a medical provider and do not collect "Protected Health Information" under HIPAA. However, we recognize that the information you choose to record about your wellbeing (for example, how you are feeling, what you are practicing or working on, and any notes or reflections you add) can be sensitive, and we treat it with additional care. We process this data solely to provide the Product to you. The content you record remains private to you and is not shared externally unless you choose to export or disclose it.

This sensitive content is stored on your device and is not transmitted to or stored on our servers.

7. LEGAL BASES FOR PROCESSING (EEA/UK USERS)

If you reside in the European Economic Area or the United Kingdom, our legal bases for processing include:

• Contract performance - to deliver the Product.
• Consent: for tracking, cookies, and marketing communications (and, where applicable, for any special category data described in the Sensitive Data section).
• Legitimate interests - to improve and secure the Product.
• Legal obligation - to comply with applicable laws.

You have the right to withdraw consent at any time.

8. YOUR RIGHTS AND CHOICES

Depending on your jurisdiction, you may have the right to access or request a copy of your data, request correction or deletion, withdraw consent for marketing or tracking, request data portability, and object to certain processing. To exercise these rights, email us at support@rhythmicapps.com.

California residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, use, and disclose; to delete it (subject to exceptions); to correct inaccurate information; to opt out of the "sharing" of personal information for cross-context behavioral advertising; and to non-discrimination for exercising these rights.

We do not "sell" personal information for monetary consideration. However, our use of analytics and advertising identifiers with the attribution partners listed in the Third-Party Services and SDKs section may constitute "sharing" under California law.

To exercise these rights, email support@rhythmicapps.com. We will respond to verified requests within 45 days.

Other U.S. state privacy rights

If you reside in a U.S. state with a comprehensive consumer privacy law (such as Virginia, Colorado, Connecticut, Texas, Oregon, and others), you may have rights similar to those above, including to access, correct, delete, and obtain a copy of your personal data, and to opt out of targeted advertising, the sale of personal data, and certain profiling. To exercise these rights, contact us at support@rhythmicapps.com. You may also have the right to appeal a decision on your request.

9. DATA RETENTION

We retain your personal data only as long as necessary for the purposes stated in this Policy. Retention periods include:

• Attribution/analytics data: up to 24 months (aggregated data may persist longer in anonymized form).

10. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in the United States, the European Union, and/or other countries where we or our service providers operate. The primary processing location for Trebit is the United States. These countries may have data-protection laws that differ from those in your jurisdiction.

When we transfer personal data from the European Economic Area, United Kingdom, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission (and the UK Addendum where applicable), and we maintain data-processing agreements with our service providers requiring them to protect your data consistent with this Privacy Policy.

If you have questions about international transfers, contact us at support@rhythmicapps.com.

11. DATA SECURITY

We use encryption, access controls, and secure servers to protect your data. However, no internet transmission or electronic storage is completely secure, and we cannot guarantee absolute security.

12. DATA BREACH NOTIFICATION

If a security breach results in unauthorized access to your personal data, we will notify the relevant supervisory authorities as required by applicable law (where required, within 72 hours of becoming aware), and we will notify affected users without undue delay where the breach is likely to result in a high risk to your rights and freedoms. We maintain incident-response procedures to detect, investigate, and respond to potential security incidents.

13. CHILDREN'S PRIVACY

Trebit is not directed to, and is not intended for use by, anyone under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us personal data, please contact us at support@rhythmicapps.com and we will delete it.

14. LINKS TO OTHER WEBSITES

Our Products may contain links to third-party websites not operated by us. We are not responsible for the content or privacy practices of those sites. Please review their privacy policies before providing any personal data.

15. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. The updated version will always be available at https://rhythmicapps.com/trebit/privacy. We will let you know via email and/or a prominent notice on the Product prior to the change becoming effective, and update the "Last updated" date above. Changes are effective when posted.

16. DELETE YOUR PERSONAL DATA

You have the right to delete, or request that we help delete, the personal data we have collected about you. Because this Product stores your content on your device, you can delete it directly within the Product or by deleting the app; we do not hold a separate copy on our servers. Please note we may need to retain certain information where we have a legal obligation or lawful basis to do so. To make a request, contact support@rhythmicapps.com.

17. EU / UK CONTACT AND REPRESENTATIVE

For questions about how we process the personal data of individuals in the EEA and the UK, you can contact our EU-based point of contact:

Gabriel Kwakyi Schumanngasse 67 1/7 1170 Vienna, Austria support@rhythmicapps.com +43 699 8189 6557

EEA and UK data subjects may contact us at this address regarding the processing of their personal data.

CONTACT US

If you have any questions or requests regarding this Privacy Policy, please contact us:

Rhythmic, Inc. Attention: Privacy Officer Email: support@rhythmicapps.com Address: 251 Little Falls Drive, Wilmington, DE 19808, United States