Table of Contents
βΉοΈ 1. About Ryzo
Ryzo ("we", "us", "our") is an AI-powered personal performance and mental wellness application developed by an independent developer. The app is available on Google Play (Android) and the Apple App Store (iOS).
Ryzo helps users track mood, energy, sleep, workouts, nutrition, habits, and goals β and provides AI-generated coaching, weekly performance scores, and insights to support personal growth.
Developer Contact: privacy@getryzo.app
π¨ 2. Medical Disclaimer
β οΈ IMPORTANT β Please Read Before Using
Ryzo is a self-improvement, habit-tracking, and motivational coaching tool. It is NOT a medical device, clinical mental health service, therapy platform, or substitute for professional psychological or psychiatric care.
- The AI coach provides motivational guidance, coaching prompts, and educational content only.
- It does not diagnose conditions, prescribe treatments, or replace licensed therapy.
- Mood, energy, and stress scores are self-reported by the user β not clinical measurements.
- The Weekly Performance Scoreβ’ is an engagement metric, not a medical or psychological assessment.
- If you are experiencing a mental health crisis, please contact a licensed professional or emergency services.
Ryzo complies with Google Play's Health & Wellness category guidelines and does not make clinical claims.
π 3. Data We Collect
3.1 Account Data (Required)
| Data Type | Purpose | Required? |
|---|---|---|
| Email address | Account creation, login, password reset | Yes |
| Display name | Personalised greeting & performance score card | Optional |
| Password (bcrypt hashed) | Authentication β never stored in plain text | Yes |
| Google Account (if Sign-In used) | OAuth authentication only β we receive email & name | Optional |
3.2 Wellness & Performance Data (User-Entered)
π All wellness data is self-reported and entered voluntarily. Ryzo does not collect clinical measurements, medical records, or data from health wearables. This data is not used for medical diagnosis or treatment.
| Data Type | Examples | Purpose |
|---|---|---|
| Daily check-in (mood, energy, stress) | 1β5 self-reported scales | Progress tracking, AI coaching, Weekly Scoreβ’ |
| Sleep hours & quality | User-entered hours per night | Performance score, AI insights |
| Water intake | Number of glasses per day | Health tracking |
| Workout logs | Session type, exercises, sets, reps, weight (kg) | Fitness tracking, PRs, weekly stats |
| Nutrition logs | Meals, calories, macros (protein/carbs/fat) | Nutrition tracking |
| Journal entries | Free-text personal reflections | Personal journaling, AI analysis (opt-in) |
| Micro-journal entries | Quick mood + text snapshots | Pattern tracking |
| Habits & Goals | Habit names, completion dates, goal milestones | Habit tracking, gamification |
| Mindset assessment scores | 6-question self-assessment | Personalised AI recommendations |
| AI chat messages | Text conversations with the AI coach | AI response generation & history |
| Life Timeline events | User-created personal milestones | Personal growth tracking |
| Weekly Performance Scoreβ’ | Computed score (0β100) from check-ins, mood, sleep, workouts, streak | Progress visualisation, shareable card |
| Gamification data | XP, level, streak, badges, daily challenges | Engagement & motivation |
3.3 Technical Data (Automatic)
| Data Type | Purpose |
|---|---|
| Device type & OS version | Bug fixing & compatibility |
| App version | Feature rollout, OTA update management |
| Push notification token | Sending scheduled reminders (opt-in) |
| Session timestamps | Security & rate limiting |
| IP address (transient) | API security, fraud prevention |
π΅ We do NOT collect:
Precise GPS location Β· Camera or microphone data Β· Contacts or call logs Β· Biometric data Β· Payment card details Β· Social media credentials Β· Screen content outside the app
βοΈ 4. How We Use Your Data
- Provide the service: authentication, AI coaching, progress charts, performance scores.
- Personalisation: tailor AI prompts based on your mood history, assessment scores, and goals.
- Weekly Performance Scoreβ’: compute your weekly score from check-ins, mood, sleep, workouts, and streak. Used for in-app display and optional social sharing (text-based β no image of personal data).
- Push notifications: send scheduled check-in reminders and streak alerts (opt-in only).
- Safety & security: detect abuse, enforce rate limits, prevent fraud.
- Service improvement: aggregated, anonymised analytics to improve features.
- Subscription management: verify active plan, enforce usage tiers.
- Transactional emails only: password reset, billing confirmation, streak milestone notifications (opt-in). No unsolicited marketing.
Legal basis (GDPR Art. 6): performance of contract (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)), and explicit consent for sensitive wellness data (Art. 9(2)(a)).
π 5. Third-Party Services
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Supabase (EU β Frankfurt) |
Database & authentication | Email, hashed password, all wellness data | supabase.com/privacy |
| OpenAI (USA β Data Processor) |
AI coaching response generation | Chat text only β no email, no name, no user ID. Transfer via SCCs (GDPR Art. 46) | openai.com/privacy |
| Google Sign-In (OAuth β coming soon) |
Optional authentication method (planned feature β not yet active) | Will collect email & display name only (OAuth token) β no data collected currently | policies.google.com |
| Vercel (Edge Network) |
API hosting / serverless backend | Server-side request logs (IP, timestamps) | vercel.com/legal |
| Google Play Billing | Subscription payments (Android) | Purchase token, subscription status | policies.google.com |
| Apple App Store (planned) |
Subscription payments (iOS) | Purchase receipt | apple.com/legal/privacy |
| RevenueCat (USA β IAP SDK) |
In-app purchase & subscription management (Android & iOS) | Purchase token, subscription status, app user ID (anonymous) β no personal data shared | revenuecat.com/privacy |
| Expo / EAS | App build & OTA update delivery | No personal user data β build/update metadata only | expo.dev/privacy |
πͺπΊ OpenAI Data Processor Compliance:
OpenAI acts as our data processor (GDPR Art. 28). Chat messages contain no personal identifiers. Cross-border transfer is lawful under Standard Contractual Clauses. API data is not used to train OpenAI models.
π€ 6. Data Sharing
We never sell your personal data to any third party.
- Service providers listed above, under strict data-processing agreements.
- Shareable Performance Score: when you tap "Share Weekly Score", only a text-based summary (score, grade, week label, app link) is shared β no account data, email, or personal identifiers.
- Legal obligations: if required by law, court order, or to protect user safety.
- Business transfers: if acquired, users will be notified 30 days in advance with option to delete.
π 7. Data Storage & Security
- Primary database: Supabase in EU (Frankfurt, Germany) β GDPR-compliant region.
- Local storage: Non-sensitive app data (habits, daily logs, gamification) stored locally on device via AsyncStorage β never leaves the device unless synced.
- Encryption in transit: TLS 1.2+ for all API communications.
- Encryption at rest: AES-256 on Supabase. Device storage encrypted by Android/iOS OS-level encryption.
- Passwords: hashed via bcrypt β never stored in plain text.
- Access control: Row-Level Security (RLS) β users access only their own data.
- API security: JWT authentication, rate limiting, input validation on all endpoints.
- Payment data: processed entirely by Google Play / Apple β never stored on our servers.
β οΈ No system is 100% secure. In the event of a breach, we will notify affected users within 72 hours per GDPR Art. 33.
π 8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data (email, name) | Until account deletion |
| Wellness & performance data | Until account deletion |
| AI chat logs | 90 days (then anonymised) |
| Push notification tokens | Until revoked or account deleted |
| Server / access logs | 30 days |
| Billing records | 7 years (legal requirement) |
| Anonymised analytics | Indefinitely (no personal data) |
βοΈ 9. Your Rights (GDPR)
As a user in the European Economic Area, you have the following rights:
ποΈ
Access
Request a copy of all data we hold about you.
βοΈ
Rectification
Correct inaccurate or incomplete data.
ποΈ
Erasure
Request deletion of your account and all data.
βΈοΈ
Restriction
Limit how we process your data.
π¦
Portability
Receive your data in JSON/CSV format.
π«
Object
Object to processing based on legitimate interests.
β©οΈ
Withdraw Consent
Revoke consent at any time.
π£
Lodge Complaint
Contact your national Data Protection Authority.
To exercise any right: privacy@getryzo.app β we respond within 30 days.
πΆ 10. Children's Privacy
Ryzo is intended for users aged 13 and older.
- We do not knowingly collect data from children under 13.
- Users aged 13β17 require parental or guardian consent.
- If we discover a child under 13 has an account, we will delete it immediately.
- Report: privacy@getryzo.app
π³ 11. Subscriptions & Billing
| Plan | Features | Price |
|---|---|---|
| Free | 3 AI conversations/day, daily check-in, 7-day history, basic habits & goals | β¬0 |
| Premium Monthly | Unlimited AI coaching, full 30-day history, Weekly Performance Scoreβ’, advanced analytics, AI Trainer, AI Nutritionist, priority support | β¬9.99/month |
| Premium Annual | All Premium features β best value | β¬89/year (~β¬7.42/month Β· save ~26%) |
- Billed via Google Play Billing (Android) or Apple In-App Purchase (iOS).
- Auto-renews unless cancelled 24+ hours before renewal date.
- Cancel anytime via Google Play β Subscriptions or iOS Settings β Subscriptions.
- Refunds handled by Google/Apple per their policies.
- We receive only a subscription token β never your card details.
ποΈ 12. Account Deletion
You can delete your account and all data at any time:
- In-app: Settings β Account β Delete Account
- By email: privacy@getryzo.app
Upon deletion we permanently erase: email, name, all wellness data, chat logs, performance scores, habits, journal entries, and assessment history. Anonymised aggregated stats may be retained. Billing records retained 7 years (legal requirement).
π Direct deletion link (accessible without the app, as required by Google Play):
https://getryzo.app/delete-account
Works even after uninstalling. Requests processed within 30 days.
https://getryzo.app/delete-account
Works even after uninstalling. Requests processed within 30 days.
π 13. Policy Changes
When we update this policy:
- The "Effective Date" at the top will be updated.
- Material changes: in-app notification or email at least 14 days before taking effect.
- Continued use after the effective date = acceptance of the updated policy.
Version history: v1.0 (Feb 24, 2026) β initial release. v1.1 (Mar 4, 2026) β added Google Sign-In (planned), Weekly Performance Scoreβ’, local AsyncStorage data, Expo/EAS, nutrition & workout tracking details. v1.2 (Mar 5, 2026) β added RevenueCat, annual subscription plan, clarified Google Sign-In as coming soon, updated third-party table.
π¬ 14. Contact Us
| Channel | Details |
|---|---|
| Privacy & GDPR | privacy@getryzo.app |
| General support | support@getryzo.app |
| Response time | 30 days for GDPR requests Β· 2 business days for support |