Privacy Policy
RhythmicFlow ("we", "the app") is a breathing and meditation app developed by Satyam Technologies. This policy explains what data the app collects, why, and what choices you have.
TL;DR
- Everything is local by default. Your rhythms, practice history, uploaded backgrounds, and reminder settings live in your phone's private app storage and never leave the device unless you explicitly sign in.
- No analytics. No advertising. No third-party trackers.
- Account data (if you choose to create an account): username, email, password hash, optional phone number, and optional profile picture, sent only to our own backend and only to enable preset sync and mobile-OTP login.
- You can delete all your data from Settings → Danger Zone at any time.
1. What we collect
1.1 Data that stays on your device
The following data is created, stored, and used only on your device. We never see it, transmit it, or back it up remotely:
- Your custom breathing rhythms (name, inhale/hold/exhale/hold durations, animation style, color overrides, appearance settings).
- Your practice-session history (start time, end time, duration, cycles completed, rhythm name).
- Uploaded background images, background music, breathing sounds, and hold sounds.
- App preferences (dark/light theme choice, preset visibility, theme color overrides, reminder schedules, hidden preset list).
- Playback state for the lock-screen notification.
1.2 Data sent to our servers (only when you choose to sign in)
If you tap Register or Log in, the app sends the following to our own backend (api.rhythmicflow.app):
- Username
- Email address
- Password, hashed on-device with bcrypt before transmission.
- Mobile phone number (optional, used only if you enable mobile-OTP login).
- Profile picture (optional).
- Social sign-in identifiers (Google, Facebook, or X) if you sign in with one of those providers — stored only to match you to your account on subsequent sign-ins.
- Preset edits you publish (only if you are an admin user editing a built-in preset via the admin UI).
This data lives in our database and is used solely to:
- Authenticate you on subsequent logins.
- Send password-reset codes to your email.
- Send OTP codes to your mobile number via ClickSend's SMS gateway.
- Sync admin-authored preset edits to every other user on their next login.
We do not sell this data, share it with advertisers, or use it for any purpose other than what is listed above.
1.3 Data we never collect
- Location data
- Contacts
- Microphone recordings
- Camera photos (beyond the one you explicitly pick as a background image, which stays on your device)
- Calendar or SMS contents
- Advertising identifiers (IDFA / GAID)
- Device identifiers
2. Third parties
RhythmicFlow uses the following third-party services. Each only receives the minimum data necessary to do its job:
| Service | What it sees | Why |
|---|---|---|
| Google Play Billing | Purchase receipts for Premium subscriptions | Process purchases; restore entitlements |
| ClickSend SMS | Your mobile number and a generated OTP code | Deliver mobile-OTP login codes |
| Google, Facebook, X (if you use social sign-in) | The identifier and profile info returned by the provider (name, email where available, profile picture URL) | Authenticate you via your chosen provider |
| Our own backend | Everything listed in §1.2 | Authenticate and sync preset edits |
No other third parties receive data from the app. The app does not include Google Analytics, Firebase Analytics, Crashlytics, AppsFlyer, Adjust, Meta SDK, Amplitude, Mixpanel, or any similar SDK.
3. Your choices
- Use the app without an account. Every breathing feature works offline without signing in. Sign-up is optional.
- Delete everything. Settings → Danger Zone → "Delete all custom data" erases every custom rhythm, practice log, and upload on the device.
- Reset settings only. Settings → Danger Zone → "Reset all custom settings" restores theme and preference defaults without touching your data.
- Delete your account. Email support@rhythmicflow.app with your username; we delete the server-side record within 7 days and reply when done.
4. Children
RhythmicFlow is suitable for users of any age, but we do not knowingly collect data from children under 13. If you are under 13, ask a parent or guardian before creating an account.
5. Security
- Passwords are hashed on the device before being sent to the backend.
- All backend communication uses TLS 1.2 or higher.
- The backend database is encrypted at rest.
6. Changes to this policy
We'll update the "Last updated" date at the top of this document whenever the policy changes. Material changes (e.g. adding a new third-party SDK) will be highlighted in the app's release notes.
7. Contact
- Email: support@rhythmicflow.app
- Mail: Satyam Technologies, Patna, India