Ritual

Privacy Policy

Effective Date: December 15, 2024
Last Updated: December 15, 2024

This Privacy Policy describes how Ritual Mobile, Inc. ("Ritual", "we", "us", or "our") collects, uses, and discloses your information when you use app.ritual.work and our related services (the "Service").

We are committed to protecting your privacy and ensuring the security of your data. This policy explains your choices surrounding how we use your personal information, including how you can object to certain uses and how you can access and update your information.

Scope

This Privacy Policy applies to personal information processed by Ritual Mobile, Inc., including on our websites, mobile applications, and other online or offline offerings. To make this Privacy Policy easier to read, our websites, mobile applications, and other offerings are collectively called the "Service."

1. Information We Collect

We collect information in the following ways:

A. Information You Provide

Account Information: When you create an account, we collect:

  • Name and email address
  • Password (encrypted)
  • Optional profile photo
  • Role within your team or organization

User Content: We collect content you create, upload, or share through the Service, including:

  • Explorations, questions, and answers
  • Documents, recommendations, and problem statements
  • Comments and collaboration data
  • Any other content you choose to upload

Communications: When you contact us for support or feedback, we collect:

  • Your email address and contact information
  • The content of your communications
  • Any attachments you send us

Payment Information: For paid subscriptions, our third-party payment processors collect:

  • Billing address and payment method details
  • Transaction information

We do not directly store your full payment card information on our servers. This is securely processed and stored by our payment processor.

B. Information Collected Automatically

Usage Data: We automatically collect information about your use of the Service:

  • IP address and general location (city/country level)
  • Browser type and version
  • Device information (type, operating system)
  • Pages visited and features used
  • Date and time of access
  • Referring website or application

Cookies and Similar Technologies: We use cookies, pixels, and similar technologies to:

  • Maintain your session and remember your preferences
  • Understand how you use the Service
  • Improve performance and user experience
  • Measure the effectiveness of our marketing

You can control cookies through your browser settings.

C. Information from Third Parties

Single Sign-On: If you sign in using Google or other SSO providers, we receive basic profile information (name, email, profile picture) in accordance with your privacy settings with that provider.

Organization Information: If you use an email address provided by your Organization, we may receive information about your Organization from third-party data enrichment services for business-to-business purposes.

2. How We Use Your Information

We use collected information for the following purposes:

Provide and Improve the Service

  • Create and manage your account
  • Process your subscription and payments
  • Provide customer support
  • Develop, test, and improve our features
  • Train and improve our AI models (see AI section below)
  • Ensure security and prevent fraud

Communications

  • Send service-related announcements and updates
  • Respond to your inquiries and requests
  • Send marketing communications (you can opt out)
  • Conduct surveys and gather feedback

Legal and Safety

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect our rights, privacy, safety, or property
  • Detect and prevent fraud, abuse, or security incidents

AI Model Training and Improvement

How We Use Data for AI:

  • We may use aggregated, de-identified data to improve our AI models and Service features
  • We do not use your specific User Content to train AI models that serve other customers
  • Organization customers have the option to opt out of having their data used for model improvement
  • AI-generated suggestions and recommendations are based on your own workspace data and general models

Enterprise AI Commitments:

  • Your proprietary data remains yours and is not shared with other customers
  • AI models are designed to augment human decision-making, not replace it
  • We implement strict data isolation to ensure Organization data is not cross-contaminated
  • Enterprise customers receive additional controls over AI feature usage

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Within Your Workspace or Organization

  • With other users in your Workspace when you collaborate on shared explorations and content
  • With your Organization's administrators if you use an Organization email address
  • Organization administrators may access workspace information, membership details, and content

Service Providers

We share information with third-party service providers who assist us with:

  • Cloud hosting and infrastructure (AWS, etc.)
  • Payment processing
  • Email delivery and communications
  • Analytics and monitoring
  • Customer support tools

These providers are contractually required to protect your information and use it only for the services they provide to us.

Analytics Partners

  • PostHog: For product analytics and user behavior insights
  • Google Analytics: For website traffic and usage analysis

These partners process usage data in accordance with their own privacy policies.

Legal Requirements

We may disclose your information if required to:

  • Comply with legal obligations, court orders, or government requests
  • Enforce our Terms of Service
  • Protect our rights, privacy, safety, or property
  • Investigate potential violations or security incidents

Business Transfers

If Ritual is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4. Data Security

We implement industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction.

Encryption

  • In Transit: All data is encrypted using TLS 1.2 or higher
  • At Rest: Data is encrypted using AES-256 encryption
  • Key Management: Encryption keys are securely managed using AWS KMS

Access Controls

  • Multi-factor authentication (MFA) available for all users
  • SAML Single Sign-On (SSO) for Business and Enterprise plans
  • Granular permission management and role-based access controls
  • Audit logs for workspace administrators
  • Principle of least privilege for internal access

Monitoring and Response

  • Comprehensive logging and monitoring of critical systems
  • Automated alerting for suspicious activity
  • Incident response procedures and security team
  • Regular security audits and vulnerability assessments

Infrastructure Security

  • Secure, redundant data centers with physical security controls
  • Automated daily backups with encryption and monitoring
  • DDoS protection and high availability architecture
  • Separate development, testing, and production environments

While we implement strong security measures, no system is 100% secure. We cannot guarantee the absolute security of your information.

5. Data Retention

We retain your information for as long as necessary to:

  • Provide you with the Service
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements
  • Achieve the purposes described in this Privacy Policy

Account Deletion

When you delete your account, your User Content becomes immediately inaccessible and is permanently deleted from our servers within 30 days. However:

  • Backup copies may persist for up to 90 days
  • Organization content may be retained by the Organization
  • Some information may be retained for legal compliance
  • De-identified or aggregated data may be retained indefinitely

6. Your Privacy Rights and Choices

Depending on your location, you may have the following rights:

Access and Portability

  • Request a copy of your personal information
  • Export your User Content from the Service

Correction

  • Update inaccurate or incomplete information through your account settings
  • Request correction of information you cannot update yourself

Deletion

  • Delete your account and associated data
  • Request deletion of specific information (subject to legal requirements)

Restriction and Objection

  • Object to certain processing of your information
  • Request restriction of processing in certain circumstances

Marketing Communications

  • Opt out of marketing emails using the unsubscribe link
  • You will still receive transactional emails necessary for the Service (e.g., password resets, billing notifications)

Cookies

  • Control cookies through your browser settings
  • Update cookie preferences in your account settings

To exercise these rights, contact us at: support@ritual.work

We will respond to your request within 30 days. To verify your identity, we may require you to confirm your request through your registered account.

7. International Data Transfers

Ritual is based in the United States, and your information may be transferred to, processed, and stored in the United States or other countries where we or our service providers operate.

When we transfer personal information from the European Economic Area (EEA), UK, or Switzerland to other countries, we implement appropriate safeguards, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data processing agreements with service providers
  • Compliance with applicable data protection regulations

8. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13 without parental consent, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@ritual.work.

9. Third-Party Services and Links

The Service may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to third-party services.

We encourage you to review the privacy policies of any third-party services you access. We are not responsible for the privacy practices or content of third-party services.

10. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information.

Categories of Personal Information Collected

In the last 12 months, we have collected the following categories:

  • Identifiers (name, email, IP address, device identifiers)
  • Commercial information (subscription details, purchase history)
  • Internet activity (browsing history, interactions with the Service)
  • Geolocation data (general location from IP address)
  • Professional information (job title, organization)
  • User Content (as described in Section 1)

Sale or Sharing of Personal Information

We do not sell your personal information. We may share certain information (identifiers, internet activity) with analytics partners (PostHog, Google Analytics) for service improvement purposes.

To opt out of analytics data sharing, you can adjust your cookie preferences in your account settings or contact us at support@ritual.work.

Your CCPA Rights

  • Right to know what personal information we collect and how we use it
  • Right to delete your personal information (subject to exceptions)
  • Right to opt out of the sale or sharing of personal information
  • Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us at privacy@ritual.work.

Non-Discrimination

California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA. We will not discriminate against you for exercising your CCPA rights, including by denying goods or services, charging different prices or rates, or providing a different level or quality of goods or services.

Authorized Agent

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us at privacy@ritual.work and provide written authorization signed by you and your designated agent.

Verification

To protect your privacy, we will take steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. This may include asking you to answer questions regarding your account and use of our Service, or providing identification documents.

Accessibility

This Privacy Policy uses industry-standard technologies and was developed in line with the World Wide Web Consortium's Web Content Accessibility Guidelines, version 2.1. If you wish to print this policy, please do so from your web browser or by saving the page as a PDF.

11. Nevada Privacy Rights

If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at privacy@ritual.work with the subject line "Nevada Do Not Sell Request" and providing us with your name and the email address associated with your account.

Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in Section 13.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

We process your personal information based on:

  • Contract: To provide the Service you requested
  • Legitimate Interests: To improve the Service, ensure security, and conduct business operations
  • Consent: For marketing communications and certain optional features (you can withdraw consent anytime)
  • Legal Obligation: To comply with applicable laws

Your GDPR Rights

  • Right of access to your personal information
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

Supervisory Authority

If you are located in the European Economic Area (EEA), Switzerland, the United Kingdom, or Brazil, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law. If you are not satisfied with our response to your privacy concerns, you may contact your local data protection authority to file a complaint.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

  • Posting the updated policy on this page with a new "Last Updated" date
  • Sending you an email notification
  • Displaying a notice in the Service

Your continued use of the Service after the changes take effect constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Ritual Mobile, Inc.
7 Ivy Ln
Oak Brook, IL 60523
United States

Email: support@ritual.work
Website: www.ritual.work

For privacy-specific inquiries: privacy@ritual.work