RhythmBack

Privacy Policy

Last updated: January 2026

Your privacy matters. Rhythm is built to help you track your habits, not to track you. Here is exactly what we collect, why, and how we protect it.

What We Collect

Account Information

  • Email address to create and secure your account
  • Google account info if you choose to sign in with Google (name and email only)

Your Activity Data

  • Activity types you create (names, units, display settings)
  • Activity entries you log (dates and values)
  • Goals you set (targets, timeframes, progress)

AI Features & Data Processing

Rhythm uses artificial intelligence to help you track and understand your health habits. Here is exactly what data we send to AI services and how it is processed.

Voice Notes & Transcription

  • Audio recordings you create are sent to OpenAI's Whisper service for transcription
  • Transcribed text is processed by OpenAI to extract activity data (names, values, units)
  • Audio files and transcriptions are stored in your Rhythm account

Weekly Check-Ins & Insights

  • Activity summaries (names, values, patterns, and goal progress) are sent to OpenAI for personalized analysis
  • AI-generated insights are created to help you understand your progress and trends
  • Web searches may be performed to find relevant resources based on your tracked activities

Third-Party AI Provider: OpenAI

  • We use OpenAI's API services (including Whisper for transcription and GPT-4o for analysis)
  • OpenAI retains API data for up to 30 days for abuse detection, then deletes it
  • Your data is not used to train OpenAI's models per their API data usage policy
  • OpenAI's data processing is governed by their Privacy Policy and API Data Usage Policies

What We Send to AI Services

We follow a data minimization approach. We only send the minimum data necessary for each AI feature:

  • Activity names and values (not your email or account details)
  • Goal progress and timeframes
  • Voice recordings (only when you use voice notes)
  • We do not send your email address, name, or authentication details to AI services

AI-Generated Content Storage

  • Transcriptions and AI-generated check-in insights are stored in your Rhythm account alongside your activity data
  • This content is subject to the same security measures and retention policies as your other data
  • You can delete voice notes, transcriptions, and check-ins at any time

What We Do Not Collect

  • No location tracking
  • No contact list access
  • No advertising identifiers
  • No third-party analytics trackers

How We Use Your Data

Your data is used for one purpose: making Rhythm work for you. We use it to display your activities, calculate goal progress, and show your patterns over time. That is it.

How We Protect Your Data

  • All data is encrypted in transit using HTTPS
  • Database access is protected by row-level security, so you can only access your own data
  • Authentication is handled by Supabase, a trusted infrastructure provider
  • Passwords are hashed and never stored in plain text

Data Sharing

We do not sell your data. We do not share it with advertisers. We do not use it for marketing. Your activity data stays between you and Rhythm.

The third parties involved in processing your data are:

  • Supabase – provides our database and authentication infrastructure. They process data on our behalf and are bound by strict data protection agreements.
  • OpenAI – provides AI services for voice transcription and activity analysis. They process activity data and voice recordings to power AI features. Per their API policies, your data is not used to train their models.

Data Retention

Your data is kept as long as you have an account. If you delete your account, we will delete your data. If you want specific data removed, just ask.

Your Rights

You have the right to:

  • Access all the data we have about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format

Regarding AI-Processed Data

In addition to the above rights, you can also:

  • Choose not to use AI features (voice notes and check-ins are optional)
  • Delete individual voice notes and their transcriptions at any time
  • Delete check-ins and their AI-generated insights at any time
  • Request bulk deletion of all AI-generated content by contacting us

Cookies

We use essential cookies only for authentication, so you stay logged in. No tracking cookies. No third-party cookies.

Changes to This Policy

If we make meaningful changes to how we handle your data, we will update this policy and let you know. The date at the top shows when it was last updated.

Questions?

If you have questions about your privacy or this policy, reach out to us at hello@rhythmtracker.com