Effective Date: October 6, 2025

This Privacy Policy describes how Electric Tooth LLC ("we," "us," or "our") collects, uses, and shares information when you use our Ritmo iOS mobile application and associated server infrastructure.

1. Information We Collect

Account Information

When you create a Ritmo account, we collect:

• Username and email address for account creation and authentication
• Display name, bio, and location (optional profile information)
• Profile and banner images you upload
• Apple Sign-In data including Apple ID and associated email (if using Apple authentication)

Music and Content Data

• Audio files and music you upload to our platform
• Playlists you create and save
• Music library and saved releases/songs
• Posts, comments, and messages you create
• Music listening history and interaction patterns
• Queue and playback preferences

Social Features Data

• Follower/following relationships
• Direct messages and conversations
• Tips ("cheers") you send or receive
• Subscription relationships between users
• Likes and engagement on posts and music
• Reports and moderation actions you submit

Financial Information

• Stripe payment data for processing tips and subscriptions
• Apple App Store subscription receipts for in-app purchases
• Bank account information for creator payouts (via Stripe Connect)
• Revenue and payout history

Device and Usage Information

• Device identifiers and iOS version
• IP address and general location information
• App usage patterns and feature interactions
• Performance data and crash reports
• Push notification tokens for app notifications

Communication Data

• Real-time messaging via WebSocket connections
• Email communications for password resets and notifications
• Push notifications sent to your device

2. How We Use Your Information

Core App Functionality

• Authenticate your account and maintain login sessions
• Store and stream your uploaded music content
• Enable social features like following, messaging, and tipping
• Process subscription payments and creator payouts
• Provide personalized music recommendations and playlists

Communication and Notifications

• Send push notifications for new messages, tips, and social interactions
• Deliver account-related emails (password resets, security alerts)
• Enable real-time messaging and live streaming features

Financial Services

• Process payments for tips ("cheers") and user subscriptions
• Handle creator revenue distribution and bank payouts
• Validate Apple App Store subscription receipts
• Maintain financial transaction records for accounting

Platform Safety and Security

• Moderate content and enforce community guidelines
• Process user reports and blocking functionality
• Detect and prevent fraudulent activity
• Maintain audit logs for security purposes

3. Information Sharing and Third-Party Services

Service Providers We Use

• Amazon Web Services (AWS) - Cloud infrastructure, file storage (S3), and database hosting (DynamoDB)
• Stripe - Payment processing, subscription management, and creator payouts
• Apple App Store - In-app purchase validation and subscription management
• Amazon SES - Email delivery for account notifications

When We Share Information

• User-generated content is shared publicly within the app (music, posts, profiles)
• Financial data is shared with Stripe for payment processing and payouts
• Subscription receipts are validated with Apple's servers
• Legal compliance when required by law enforcement or court orders
• Business transfers in case of merger, acquisition, or sale of assets

What We Don't Share

• We never sell your personal information to advertisers or data brokers
• We don't share private messages or personal data with other users without permission
• We don't use your music content for training AI models or other commercial purposes

4. Data Security and Storage

Technical Safeguards

• Encryption in transit using HTTPS/TLS for all API communications
• Secure authentication using JWT tokens and Apple Sign-In
• Password encryption using bcrypt hashing
• Rate limiting to prevent abuse and unauthorized access
• CORS protection and security headers on all endpoints

Data Storage

• Primary servers hosted on AWS infrastructure in secure data centers
• Music files and images stored in encrypted AWS S3 buckets
• Database backups maintained for disaster recovery
• Development environment uses LocalStack for testing (no production data)

5. Your Rights and Controls

Account Management

• Access and update your profile information and settings
• Download your data by contacting us at info@ritmo-app.com
• Delete your account and associated content (subject to legal retention requirements)
• Control notifications through iOS settings and in-app preferences

Privacy Controls

• Disable direct messaging to prevent unwanted contact
• Block other users to limit their interactions with your content
• Report inappropriate content for moderation review
• Control subscription settings and creator payout preferences

Communication Preferences

• Opt out of promotional emails (account security emails are required)
• Manage push notification settings through iOS system preferences
• Control who can message you through app privacy settings

6. Data Retention

Active Accounts

• We retain your data while your account is active and as needed to provide services
• Music content and user-generated content remain until you delete them
• Financial records are kept for 7 years for tax and accounting purposes
• Message history is retained for the duration of your account

Deleted Accounts

• Most personal data is deleted within 30 days of account deletion
• Financial records may be retained longer for legal compliance
• Aggregate analytics data (non-personally identifiable) may be retained indefinitely
• Some content may remain in backups for up to 90 days

7. Apple App Store and iOS Integration

App Store Subscriptions

• Subscriptions are processed through Apple's App Store
• We validate receipts with Apple to confirm subscription status
• Subscription management occurs through your Apple ID settings
• We comply with Apple's App Store Review Guidelines

iOS Permissions

• Microphone access for audio recording and music upload
• Photos access for profile images and content sharing
• Notifications for real-time updates and messaging
• Network access for streaming and app functionality

8. User-Generated Content and Community Guidelines

Content Moderation

• We provide tools to filter objectionable material from being posted
• Users can report offensive content with timely response to concerns
• Block abusive users from interacting with your content
• Community guidelines are enforced through automated and manual review

Content Policies

• We prohibit harassment, hate speech, and inappropriate content
• Music uploads must comply with copyright and intellectual property laws
• Users are responsible for content they create and share
• Violations may result in content removal or account suspension

9. International Users and Data Transfers

• Our servers are primarily located in the United States
• International users' data may be transferred to and processed in the US
• We implement appropriate safeguards for international data transfers
• Users in the EU have additional rights under GDPR

10. Children's Privacy (COPPA Compliance)

• Ritmo is not intended for children under 13 years of age
• We do not knowingly collect personal information from children under 13
• If we discover we have collected data from a child under 13, we will delete it promptly
• Parents can contact us to request deletion of their child's information

11. California Privacy Rights (CCPA)

California residents have additional rights:

• Right to know what personal information we collect and how it's used
• Right to delete personal information (subject to legal exceptions)
• Right to opt-out of sale of personal information (we don't sell your data)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at info@ritmo-app.com.

12. Changes to This Privacy Policy

• We may update this policy to reflect changes in our practices or legal requirements
• Material changes will be communicated via email or in-app notification
• Continued use of the app after changes constitutes acceptance of the updated policy
• Previous versions of this policy are available upon request