1. Introduction
Welcome to RYT by Hand ("App," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application. We are committed to protecting your privacy and ensuring transparency about our data practices.
By using RYT by Hand, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the App.
2. Information We Collect
2.1 Personal Information You Provide
When you create an account and use the App, we collect the following personal information:
Account Information:
- Email address (required)
- Password (encrypted, never stored in plain text)
- First name and last name
- Phone number
- Gender
Profile Information (optional):
- Date of birth
- Profile photo
- Address (street address, city, state, zip code, country)
Recipient Information:
When you create custom recipients (contacts who do not have an App account), we collect:
- First name and last name
- Email address (optional)
- Phone number (optional)
- Gender (optional)
- Date of birth (optional)
- Profile photo (optional)
- Address information (optional)
- Relationship type (optional)
User-Generated Content:
- Cards: Text content, attached images, tags, and sending status
- Notes: Text content and due dates
- Events: Event name, description, dates, recurrence settings, and notification preferences
Connections:
- Information about your connections with other App users
2.2 Information Collected Automatically
Device Information:
- Device type and operating system (iOS or Android)
- Device platform information
- App version
Push Notification Tokens:
- Expo Push Notification tokens for delivering notifications to your device
Terms and Privacy Acceptance Records:
- Timestamp of acceptance
- Version of terms and privacy policy accepted
- User agent information
2.3 Information We Do NOT Collect
We do not collect:
- Precise geolocation data
- Contact lists from your device
- Browsing history
- Financial or payment information
- Biometric data
- Data from third-party analytics services (we do not use Google Analytics, Firebase Analytics, Amplitude, Mixpanel, Segment, or similar services)
3. How We Use Your Information
We use the information we collect for the following purposes:
Account Management:
- Create and manage your user account
- Authenticate your identity and maintain session security
- Process password resets and account recovery
Core App Functionality:
- Enable you to create, send, and receive cards
- Allow you to create and manage personal notes
- Allow you to create and manage custom recipients
- Enable connections with other App users
- Schedule and manage personal events and reminders
Notifications:
- Send push notifications for new cards received
- Send push notifications for connection requests
- Send local notifications for upcoming events (birthdays, anniversaries, custom events)
Security:
- Validate active sessions to prevent unauthorized access
- Log security-related operations for audit purposes
- Detect and prevent potential security incidents
Service Improvement:
- Ensure the App functions properly
- Debug and fix technical issues
4. How We Store Your Information
4.1 Cloud Storage
Your data is stored securely using Supabase, a secure Backend-as-a-Service platform:
- Database: PostgreSQL database with Row Level Security (RLS) enabled, ensuring users can only access their own data
- File Storage: Images (profile photos, card images) are stored in Supabase Storage buckets with access controls
4.2 Local Device Storage
Certain data is stored locally on your device:
- Authentication Tokens: Stored securely using Expo SecureStore (encrypted storage)
- Notification Token Cache: Push notification registration data cached using AsyncStorage
- Scheduled Notification IDs: Local notification identifiers stored in AsyncStorage
4.3 Security Measures
We implement the following security measures:
- Row Level Security (RLS): Database policies ensure users can only read, create, update, or delete their own data
- Encrypted Token Storage: Authentication tokens are stored using Expo SecureStore, which provides encrypted storage on the device
- Session Validation: All sensitive operations validate the active session before proceeding
- Ownership Verification: File deletion operations verify ownership before executing
- Security Logging: Critical operations are logged for audit purposes (stored in memory, not persisted to external servers)
- Secure Communications: All data transmitted between the App and our servers uses HTTPS/TLS encryption
5. Data Sharing and Disclosure
5.1 Service Providers
We share data with the following third-party service providers solely to operate the App:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, and file storage | All user data as described in Section 2 |
| Expo | Push notification delivery | Device push tokens, notification content |
5.2 Other Users
When you use certain features, limited information is shared with other users:
- Cards: When you send a card to another user, they can see your name and the card content
- Connections: When you send a connection request, the recipient can see your name and email
- Profile Information: Connected users may view your profile name and photo
5.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders or government agencies).
5.4 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
5.5 No Sale of Personal Information
We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.
6. Push Notifications
6.1 Types of Notifications
The App may send the following types of push notifications:
Remote Push Notifications (via Expo Push API):
- New card received notifications
- Connection request notifications
Local Notifications (scheduled on your device):
- Event reminders (7 days, 3 days, and 1 day before events)
- Birthday reminders
- Anniversary reminders
- Custom event reminders
6.2 Managing Notifications
- You can disable push notifications through your device's system settings
- You can disable specific event reminders within the App
- You can manage notification preferences for individual recipients within the App
6.3 Push Token Storage
We store device push tokens in our database to deliver notifications. Tokens are:
- Associated with your user account
- Automatically removed when you log out
- Deleted when you delete your account
7. Device Permissions
The App may request the following device permissions:
| Permission | Purpose | Required |
|---|---|---|
| Camera | Take photos for profile pictures or card images | Optional |
| Photo Library | Select existing photos for profile pictures or cards | Optional |
| Notifications | Receive push notifications for cards, connections, and event reminders | Optional |
You can manage these permissions at any time through your device's settings. Denying certain permissions may limit App functionality.
8. Data Retention
8.1 Active Accounts
We retain your information for as long as your account is active and as necessary to provide you with our services.
8.2 Account Deletion
When you delete your account:
- All your profile data is permanently deleted
- All cards you created are permanently deleted
- All notes you created are permanently deleted
- All events you created are permanently deleted
- All custom recipients you created are permanently deleted
- Your connections with other users are removed
- Your push notification tokens are deleted
- Your authentication record is deleted from our system
Account deletion is performed atomically through a secure database transaction to ensure complete removal of all associated data.
8.3 Backup and Recovery
Supabase may maintain backups of the database for disaster recovery purposes. These backups are subject to Supabase's data retention policies and security measures.
9. Your Rights and Choices
9.1 Access and Update
You can access and update your personal information at any time through the App's profile settings.
9.2 Account Deletion
You can request deletion of your account and all associated data through the App's settings menu. Deletion is processed immediately.
9.3 Data Portability
If you wish to obtain a copy of your personal data, please contact us using the information provided in Section 13.
9.4 Opt-Out of Notifications
You can opt out of push notifications by:
- Disabling notifications in your device settings
- Disabling specific event notifications within the App
9.5 California Residents
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to know whether personal information is sold or disclosed and to whom
- Right to opt out of the sale of personal information (note: we do not sell personal information)
- Right to request deletion of personal information
- Right to non-discrimination for exercising your rights
9.6 European Economic Area (EEA) Residents
If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making
10. Children's Privacy
The App is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. Supabase servers may be located in different regions. By using the App, you consent to the transfer of your information to these locations.
We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Updating the "Effective Date" at the top of this Privacy Policy
- Displaying a notice within the App when significant changes are made
We encourage you to review this Privacy Policy periodically. Your continued use of the App after any modifications indicates your acceptance of the updated Privacy Policy.
We track which version of the Privacy Policy you accepted during registration.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: support@rytbyhand.com
Website: https://rytbyhand.com
14. Consent
By creating an account and using RYT by Hand, you acknowledge that:
- You have read and understood this Privacy Policy
- You consent to the collection, use, and storage of your information as described herein
- You agree to the terms and conditions of service
Your acceptance of these terms is recorded at the time of account creation, including:
- Timestamp of acceptance
- Version of Privacy Policy accepted
- Device information (user agent)
This Privacy Policy was last updated on December 10, 2024.