Skip to main content

Privacy Policy

Last updated:

1. Introduction

Carcosa R&D AB (“we”, “our”, “us”) operates RiteLoop, a ritual and habit tracking application. RiteLoop consists of:

  • The RiteLoop app: The web application where you create rites, track daily rites, and log completions
  • Our backend: Stores and syncs your data in real time
  • Our website: riteloop.org, with product information and legal pages

This Privacy Policy explains how we collect, use, and protect your personal data when you use these services.

2. Data We Collect

Account Information (from Google OAuth)

When you sign in with Google, we receive and store:

  • Email address (required for authentication)
  • First and last name
  • Profile picture URL
  • Google ID (used to link your account)

We do not receive or store your Google password.

Content You Create

  • Rites: Name, alias, description, schedules (weekdays, times, repeat rules), tags, and active status
  • Daily Rites: Generated daily instances of your rites with date, time, and completion status (done, skipped, etc.)
  • Completion Logs: Start time, end time, and duration when you log rite completions

Client-Side Storage (localStorage)

The web app stores data in your browser’s local storage for:

  • Authentication: JWT token and basic user info (keeps you logged in across sessions)
  • Filter Preferences: Selected tags and “include skipped” toggle for the Daily Rites view
  • Developer Settings: Optional debug flags (only when explicitly enabled)

See our Cookie Policy for details.

Technical Data

  • Device type and browser information
  • IP address (for security and abuse prevention)
  • Session data (websockets connection for real-time sync)

3. How We Use Your Data

We use your data to:

  • Provide and maintain the RiteLoop service
  • Authenticate your identity via Google OAuth and JWT
  • Sync your rites, daily rites, and logs in real time across devices
  • Improve the service based on usage patterns
  • Send essential service communications

We do not:

  • Sell your personal data
  • Share your data with third parties for marketing
  • Use your ritual data for advertising

4. Data Storage and Security

  • Database: PostgreSQL hosted on neon.tech in the EU
  • Backend: Google Cloud Run
  • Frontend: Firebase Hosting

We use industry-standard encryption for data in transit (HTTPS, TLS) and at rest.

5. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (including your account via the service API)
  • Export your data
  • Withdraw consent

To exercise these rights, contact us at privacy@riteloop.org.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your data within 30 days.

7. Cookies and Local Storage

We use local storage (not cookies) for authentication and preferences in the web app. During Google sign-in, temporary correlation cookies are used server-side for the OAuth redirect flow only. We do not use tracking cookies or third-party analytics in the application.

We use Google Analytics 4 (GA4) on our website (riteloop.org) with consent mode. See our Cookie Policy for details.

8. Changes to This Policy

We may update this policy. We will notify you of significant changes via email or in-app notification.

9. Contact

For privacy inquiries: privacy@riteloop.org

Carcosa R&D AB Sweden