Privacy Policy

Effective Date: 7 April 2026

1. Introduction

369 Rituals is operated by Matthew Davis trading as 369 Rituals, a sole trader registered in England. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to it. It applies to the 369 Rituals mobile application ("App") and website at 369rituals.com.

2. Who We Are (Data Controller)

The data controller responsible for your personal data is:
Matthew Davis trading as 369 Rituals
England, United Kingdom
Email: hello@369rituals.com

3. What Data We Collect

We collect only the minimum data necessary to provide the service:

• Subscription data: Your Apple device identifier and App Store receipt, processed by RevenueCat to manage your subscription entitlement. RevenueCat does not receive your name, email address, or payment card details.
• Usage data (on-device only): Your ritual logs, streaks, and preferences are stored locally on your device using SwiftData. This data is never transmitted to our servers.
• Push notification token: If you grant permission, we store a device push token to send ritual reminders. You can withdraw this at any time in your device Settings.
• Analytics: We use Apple's privacy-preserving analytics. No personally identifiable information or advertising identifiers (IDFA) are collected.

4. Legal Basis for Processing (UK GDPR)

We process your personal data on the following legal bases under UK GDPR Article 6:

• Article 6(1)(b) — Contract: Processing your subscription data is necessary to perform the contract with you (providing access to premium features).
• Article 6(1)(f) — Legitimate interests: Sending push notifications to remind you of rituals you have opted into supports your use of the App and is proportionate to your privacy rights.
• Article 6(1)(a) — Consent: Where we rely on your consent (e.g. push notification permission), you may withdraw it at any time without affecting the lawfulness of prior processing.

5. How We Use Your Data

We use your data exclusively to:

• Provide and maintain the App and your subscription
• Send ritual reminder notifications (with your permission)
• Improve the App through aggregated, anonymised analytics
• Comply with our legal obligations

We do not sell, rent, or share your personal data with third parties for marketing purposes.

6. Third-Party Services

RevenueCat (privacy policy): Processes your Apple device ID and App Store receipt to verify and manage your subscription. RevenueCat acts as a data processor on our behalf. No payment card details or personal contact information are shared with RevenueCat.

Apple: Apple processes your App Store purchase and may collect data in accordance with Apple's Privacy Policy. We receive only anonymised analytics data.

7. Data Retention

We retain subscription-related data for as long as your account is active and for up to 7 years thereafter to comply with UK tax and accounting law. On-device data (ritual logs) is retained until you delete the App or clear App data. Push notification tokens are deleted within 30 days of you withdrawing permission.

8. Data Storage and Security

Your on-device data is stored locally and protected by iOS device encryption. Subscription data processed by RevenueCat is stored on RevenueCat's servers in the United States under appropriate data transfer safeguards. We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.

9. Your Rights Under UK GDPR

If you are located in the UK or EEA, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data where there is no lawful reason to continue processing it.
• Right to restriction: Request that we restrict processing of your data in certain circumstances.
• Right to data portability: Request transfer of your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, contact us at hello@369rituals.com. We will respond within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information we collect about you, the right to request deletion, and the right to opt out of the sale of your personal information. We do not sell your personal information. To exercise your California privacy rights, contact us at hello@369rituals.com.

11. Children's Privacy

The App is not directed to children under the age of 13 (or under 16 in the UK/EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at hello@369rituals.com and we will delete it promptly.

12. Tracking and Advertising

We do not use advertising trackers, third-party advertising networks, or cross-app tracking. We do not use the Identifier for Advertisers (IDFA). Apple's App Tracking Transparency framework is respected and no tracking occurs without explicit permission.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the effective date at the top of this page and, where appropriate, by an in-app notice. Your continued use of the App after changes are posted constitutes your acceptance of the revised policy.

14. Contact Us

For any questions about this Privacy Policy or to exercise your data rights, please contact:
Matthew Davis trading as 369 Rituals
England, United Kingdom
Email: hello@369rituals.com