Privacy Policy

1. Data Controller

The data controller responsible for processing your personal data is Faustino System, based in Portugal. For any privacy-related questions, contact us at [email protected]

2. Data We Collect

We collect only the data necessary to provide the Service:

• Account data: name, email address, and profile photo provided by Google at login
• Usage data: tasks, goals, habits, diary entries, and other content you create in the app
• Payment data: subscription status and Stripe customer ID (we never store card numbers)
• Technical data: IP address, browser type, and access logs for security and diagnostics

3. How We Use Your Data

Your data is used exclusively to:

• Provide and maintain the Ritualy Service
• Process payments and manage your subscription
• Send important service notifications (updates, security alerts)
• Respond to your support requests
• Improve the Service based on anonymous usage patterns
• Comply with legal obligations

4. Data Retention

We retain your data for as long as your account is active. If you delete your account, your personal data will be permanently deleted within 30 days, except where retention is required by law.

5. Third-Party Services

We use the following trusted third-party services:

• Stripe — payment processing (PCI DSS compliant)
• Google OAuth — secure authentication
• Resend — transactional email delivery
• Manus — hosting and infrastructure

6. Data Security

We implement technical and organisational measures to protect your data, including HTTPS encryption, secure authentication, and access controls. However, no method of transmission over the Internet is 100% secure.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights:

• Right of access: obtain a copy of your personal data
• Right to rectification: correct inaccurate data
• Right to erasure: request deletion of your data ('right to be forgotten')
• Right to data portability: receive your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interests
• Right to restriction: request that we limit how we process your data

To exercise these rights, contact us at [email protected]. You also have the right to lodge a complaint with the Portuguese data protection authority at cnpd.pt.

8. Cookies

Ritualy uses only essential session cookies required for authentication. We do not use advertising or tracking cookies.

9. Children's Privacy

Ritualy is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email at least 30 days in advance. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or requests, contact us at [email protected]