Privacy Policy

Last Updated: 22 Apr 2026

This Privacy Policy explains how Ritualy collects, uses, stores, and shares personal information when you use our website, web app, PWA, shared links, checkout flows, and related services.

We have written this policy to match the current product as practically as possible. It is intended to help you understand how Ritualy works, but it is not legal advice to you. If you have questions, please contact us.

Information We Collect

  • Account information: If you create an account or sign in through Google, Microsoft, or another login provider, we may collect your name, email address, profile image, provider account ID, and related account metadata.
  • Productivity content: We collect the content you add to Ritualy, such as tasks, projects, notes, rituals, check-ins, calendar-related items, chat messages, and other user-generated content.
  • Calendar integration data: If you connect an external calendar, we may collect calendar permissions, OAuth tokens, token expiry data, permission scopes, calendar identifiers, and calendar event data needed to show calendar information inside Ritualy.
  • Payment and billing information: If you make a payment or contribution, Stripe processes the payment. We receive transaction information such as your email address, payment status, checkout session identifiers, pricing mode, and limited billing metadata.
  • Usage and technical data: We collect technical and usage information such as IP address, browser and device data, app activity, page views, logs, error data, and related diagnostics.
  • Notification data: If you enable push notifications, we may collect a push token, service-worker related data, browser permission state, platform label, and user agent for the subscribing device.
  • Communications: If you contact us, respond to emails, or use account/support flows, we collect the information you include in those communications.
  • Shared-link activity: If you create or use a shared link, we collect the tokenized link data and activity needed to show, update, revoke, or secure that shared content.

Sign-In Providers and Calendar Access

  • If you sign in with Google or Microsoft, we receive basic profile information from that provider so we can create and maintain your account.
  • If you grant calendar permissions, we may also store and use the OAuth credentials, scopes, and related account metadata needed to access your external calendar connection on your behalf.
  • We use connected calendar data to show external calendar information inside Ritualy and support calendar-related features you choose to use.
  • You can revoke provider access through the provider itself, by signing in again with different permissions, or by contacting us for help.

Cookies, Local Storage, and Similar Technologies

We use cookies, local storage, and similar browser technologies for sign-in, security, invite flows, analytics, notification state, drafts, app state, and related product functionality.

  • Authentication and security cookies: We use cookies for secure sign-in flows and session/security features.
  • Invite and access cookies: We may use cookies to help process invite links and related onboarding flows.
  • Browser storage: We store certain app data locally, such as draft content, persisted app state, workspace setup progress, polling preferences, and notification subscription state.
  • Analytics storage: Analytics tools may also use cookies or similar browser storage to help us understand product usage.

Depending on where you are located, some cookies or similar technologies may require consent before they are used. You can also control certain storage behavior through your browser settings, though doing so may affect how Ritualy works.

Analytics

We use PostHog to understand how Ritualy is used and to improve the product.

  • We currently use PostHog to capture page views and related usage events.
  • When you are signed in, we may associate analytics data with your user ID and profile details such as email address and name fields.
  • At the time of this policy update, PostHog autocapture is disabled and session replay is disabled.

AI Features

Ritualy includes AI-assisted features, including chat and writing or content assistance.

  • If you use AI features, we may send your prompts, chat messages, and relevant content or context to third-party AI providers so the feature can generate a response for you.
  • AI features are optional. You can still use core parts of Ritualy without using AI.
  • We may store AI-related inputs, outputs, and related chat history in your account so the feature can work and so you can review prior interactions.

Push Notifications and PWA Features

  • If you enable notifications, we request permission from your browser, register a service worker, and use Firebase Cloud Messaging to manage delivery.
  • We store a push token and certain device/browser details so we can send and manage notifications for that device.
  • Notification permissions are controlled through your browser or device settings, and you can also disable notifications inside Ritualy where available.
  • Because Ritualy is a PWA, some app-like behavior may rely on browser storage, service workers, and related web platform features.

Shared Links and Public Sharing

  • If you create a share link, anyone with that link may be able to view the shared content available through that link.
  • Depending on the feature, a shared link may expose content such as a task title, project title, note content, checklist or step content, and step completion state.
  • In some cases, a recipient using the share link may also be able to update shared checklist or step status through that link.
  • You are responsible for deciding what to share. Treat share links as secret links and revoke them if you no longer want them to work.

How We Use Information

  • To create, secure, and manage your account.
  • To provide the app, website, checkout, sharing, and support flows.
  • To show your productivity data, sync features, and connected calendar information.
  • To operate chat, AI assistance, and other optional product features.
  • To process payments, confirm transactions, manage access periods, and send receipts or account notices.
  • To send service messages, account communications, support replies, and other transactional emails.
  • To send push notifications or other reminders if you enable them.
  • To monitor performance, debug issues, prevent fraud or abuse, and improve Ritualy.
  • To comply with legal obligations and protect our rights and users.

How We Share Information

  • We do not sell your personal information.
  • We share information with service providers that help us operate Ritualy, such as hosting, authentication, calendar integrations, analytics, notifications, email delivery, payments, and AI providers.
  • We share information with Stripe to process payments and payment events.
  • We share information with Google and Microsoft when you choose to use those sign-in or calendar integration features.
  • We share information with Firebase or related messaging services when you enable push notifications.
  • We share information through tokenized public links only when you explicitly create a shared link or invite flow.
  • We may disclose information if required by law, to respond to legal process, or to protect the rights, security, and safety of Ritualy, our users, or others.

Data Storage and Security

We use technical and organizational safeguards designed to protect the service and the information we process, including encrypted transport, authentication controls, access restrictions, backups, and other security measures.

  • Data sent between your device and our service is protected in transit, including over HTTPS/TLS.
  • Certain stored fields may also be encrypted before or while they are stored in our systems.
  • Ritualy is not described here as end-to-end encrypted. Our systems may decrypt data where needed to provide the service.
  • No method of transmission, storage, or security control is perfect, so we cannot guarantee absolute security.

Data Retention

We retain information for as long as reasonably necessary to operate the service, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, and protect the service.

  • Account and core product data are generally retained while your account remains active.
  • Payment and transaction records may be retained for accounting, fraud-prevention, and legal compliance purposes.
  • Analytics data, logs, backups, and support records may remain for a period after deletion depending on system design, security needs, and legal requirements.
  • If you delete your account, we will aim to delete or de-identify personal information within a reasonable period, subject to legal, security, backup, fraud-prevention, and operational exceptions.

Your Rights and Choices

Depending on where you live, you may have privacy rights such as the right to access, correct, delete, or request a copy of certain personal information, or to object to or limit some processing.

  • You can update certain profile information through your account where available.
  • You can disconnect external providers or revoke provider permissions through those providers and related account settings.
  • You can unsubscribe from promotional emails using the unsubscribe link in those messages. We may still send transactional or service emails.
  • You can manage notification permissions through your browser or device settings and, where available, through Ritualy settings.
  • You can contact us to exercise privacy rights that apply to you. We may need to verify your identity before completing certain requests.

International Processing

Ritualy and our service providers may process information in countries other than the one where you live. Those countries may have different data protection laws. Where required, we rely on appropriate safeguards for cross-border transfers.

Children

Ritualy is not intended for children under the minimum age permitted to use the service under our Terms. If you believe a child has provided personal information to Ritualy in a way that should not have happened, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we may notify you by updating this page, updating the "Last Updated" date, or using another reasonable method.

Contact Us

If you have questions about this Privacy Policy or want to make a privacy-related request, please contact us.

Follow us

  • FAQs

  • Pricing

  • Contact

  • Install

  • © 2026 Ritualy

  • built in Australia

  • Privacy Policy

  • Terms