RYTM Technology OÜ - Privacy Policy

RYTM Technology OÜ ("RYTM," "we," "us," or "our"), registry code 17155847, address Tartu maakond, Elva vald, Käärdi alevik, Kaera tn 7, 61007, Estonia, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application RYTM and related services (collectively, the "Service"). This policy complies with the General Data Protection Regulation (GDPR) and Estonian data protection laws.

RYTM Technology OÜ is the data controller for the personal data processed in connection with the Service. You can contact us regarding data protection matters at support@rytm.ai.

We collect the following types of information:

• Personal Identification Information:
  • Name (if provided during account setup or support interactions).
  • Email address (required for account registration and communication).
  • Phone number (if provided for account registration or verification).
• Account Information:
  • User ID and credentials.
  • Subscription plan details.
  • Settings and preferences within the App.
• Payment Information:
  • We use third-party payment processors (e.g., App Store / Google Play in-app purchases, Stripe for web). We do not directly store your full credit card number. Payment processors provide us with transaction confirmation details and partial payment method information (e.g., card type, last four digits).
• Usage Data:
  • Information about how you interact with the Service: features used, screens viewed, stocks searched or added to watchlist, interactions with analysis and ratings, buttons clicked, session duration, frequency of use.
  • Queries submitted to the "Ask RYTM AI" chat feature.
• Device and Technical Information:
  • Device type (e.g., iPhone, Android model).
  • Operating system and version.
  • App version.
  • IP address.
  • Device identifiers (e.g., advertising ID, device ID).
  • General location information (derived from IP address, not precise GPS unless specifically requested with consent).
  • Crash reports and performance data.
• Cookies and Similar Technologies:

  If a web version of the App is used, we may use cookies and similar tracking technologies to track activity and hold certain information. You can control cookie preferences through your browser settings.

We process your personal data based on the following legal grounds:

• Performance of a Contract (Art. 6(1)(b)): To provide the Service you requested, manage your account, process subscription payments, and fulfill our obligations under the Terms of Use.
• Legitimate Interests (Art. 6(1)(f)):
  • To improve and develop the Service, including analyzing usage patterns and AI interaction data (often using aggregated or anonymized data).
  • To ensure the security and integrity of our Service, prevent fraud, and troubleshoot issues.
  • To communicate important service-related notices (non-marketing).
  • To train and improve our AI models (we strive to use anonymized or aggregated data where possible, and ensure this interest does not override your rights).
• Legal Obligation (Art. 6(1)(c)): To comply with applicable laws, regulations, court orders, or legal processes (e.g., tax obligations, responding to lawful requests from authorities).
• Consent (Art. 6(1)(a)): For specific purposes where we ask for your explicit consent, such as sending marketing communications or using certain non-essential cookies. You can withdraw your consent at any time.

We use the collected information for the following purposes:

• To create and manage your account.
• To provide, operate, maintain, and improve the Service.
• To process your subscription payments.
• To personalize your experience (e.g., watchlist, preferences).
• To respond to your support requests and communicate with you.
• To monitor and analyze usage trends to understand how the Service is used and enhance its features and usability.
• To improve the accuracy and performance of our AI models (using usage and interaction data, preferably anonymized/aggregated).
• To detect and prevent technical issues, fraud, or security risks.
• To enforce our Terms of Use.
• To comply with legal and regulatory requirements.
• To send you service-related updates, security alerts, and administrative messages.
• To send marketing communications (only with your explicit consent).

We do not sell your personal data. We may share your information with the following categories of third parties only when necessary:

• Service Providers: Companies that perform services on our behalf, such as:
  • Cloud hosting providers (e.g., Azure Cloud, Google Cloud).
  • Payment processors (e.g., App Stores, Stripe).
  • Analytics providers (e.g., Google Analytics).
  • Customer support platforms.
  • Financial data providers (who supply the market data RYTM analyzes).
  • Email service providers.
  These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• Legal Requirements: If required by law, regulation, legal process, or governmental request (e.g., court order, subpoena).
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
• Protection of Rights: To protect the rights, property, or safety of RYTM Technology OÜ, our users, or others.

International Data Transfers:

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or adequacy decisions.

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained for as long as your account is active and for a reasonable period thereafter for legal or administrative purposes (e.g., resolving disputes, enforcing agreements, tax records).
• Usage & Interaction Data: Typically retained in an identifiable form for a shorter period necessary for analysis and improvement, after which it may be anonymized or aggregated.
• Payment Transaction Data: Retained as required by financial regulations and tax laws.

If you request deletion of your account, we will delete or anonymize your personal data in accordance with our procedures and legal obligations.

As a user in the EEA, you have the following rights regarding your personal data:

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request correction of inaccurate or incomplete data.
• Right to Erasure ('Right to be Forgotten'): You can request deletion of your personal data under certain conditions (e.g., it's no longer necessary for the purpose it was collected).
• Right to Restriction of Processing: You can request that we limit the processing of your data under certain circumstances.
• Right to Data Portability: You can request to receive your data in a structured, commonly used, machine-readable format and have it transferred to another controller where technically feasible.
• Right to Object: You can object to the processing of your data based on our legitimate interests.
• Rights Related to Automated Decision-Making: You have rights regarding decisions based solely on automated processing, including profiling, if it produces legal or similarly significant effects (Note: RYTM's core analysis is informational and generally not considered solely automated decision-making with legal effect in this context, but we ensure transparency).
• Right to Withdraw Consent: If processing is based on consent, you can withdraw it at any time.

To exercise these rights, please contact us at support@rytm.ai or use available account settings within the App. We will respond to your request within one month, in accordance with GDPR requirements.

You have the right to manage your personal data. To request the deletion of specific data or your entire RYTM account, please send an email to support@rytm.ai from the email address associated with your account.

• Partial Data Deletion: You can request the deletion of specific data, such as your AI chat history or watchlist, without deleting your account. Please specify in your email which data you wish to be deleted.
• Full Account Deletion: If you request full account deletion, your account credentials, watchlist, and AI chat history will be permanently deleted.
• What is kept: In either case, anonymized analytics data and legally required financial records of your subscriptions will be retained.

We will process your request within 30 days and send a final confirmation.

We implement appropriate technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include encryption, access controls, secure coding practices, and regular security reviews. However, please be aware that no security system is impenetrable, and we cannot guarantee the absolute security of your data.

The Service is not intended for or directed at individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected such data, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy within the App or via email. We encourage you to review this policy periodically. Your continued use of the Service after changes signifies your acceptance of the revised policy.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

RYTM Technology OÜ
Tartu maakond, Elva vald, Käärdi alevik, Kaera tn 7, 61007, Estonia
Email: support@rytm.ai

You have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon - AKI) if you believe our processing of your personal data infringes GDPR or Estonian data protection law. Website: www.aki.ee.