Privacy Policy

At Rituala, Inc. ("Rituala," "we," "us," or "our"), we are committed to transparency about how we collect, use, and share your information. This Privacy Policy explains our practices and your rights.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using our Service:

• Account Information: Name, email address, password, and profile details.
• Hair and Health Information: Hair type, texture, porosity, scalp conditions, hair goals, hair history (treatments, coloring, damage), lifestyle factors (diet, exercise, stress levels), and any health conditions you choose to share that may affect your hair.
• Photos and Images: Photos of your hair, scalp, and progress photos you upload for AI analysis.
• Payment Information: Credit card numbers, billing address, and transaction details (processed securely by our payment processor).
• Communications: Messages, feedback, support requests, and survey responses.
• User Content: Reviews, ratings, comments, and other content you post.

1.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Device Information: Device type, operating system, browser type, unique device identifiers, and mobile network information.
• Usage Information: Pages viewed, features used, time spent on pages, click patterns, search queries, and navigation paths.
• Location Information: General location derived from IP address, and precise location if you grant permission.
• Log Data: IP address, access times, referring URLs, and error logs.

1.3 Information from Third Parties

We may receive information from:

• Social media platforms when you connect your account.
• Authentication providers (e.g., Google, Apple) when you sign in.
• Analytics and advertising partners.
• Data brokers and public databases.

2. How We Use Your Information

We use your information for the following purposes:

2.1 Providing Our Services

• To create and manage your account.
• To generate personalized hair care recommendations using AI analysis.
• To provide product recommendations tailored to your needs.
• To track your hair care progress and adjust recommendations.
• To process payments and manage subscriptions.
• To provide customer support.

2.2 Improving Our Services

• To train and improve our AI models and algorithms.
• To analyze usage patterns and optimize user experience.
• To develop new features and services.
• To conduct research and analytics.

2.3 Marketing and Communications

• To send you promotional emails about our services and products.
• To send you personalized product recommendations from our partners.
• To display targeted advertisements.
• To conduct surveys and gather feedback.
• To notify you about changes to our services.

2.4 Legal and Safety Purposes

• To comply with legal obligations.
• To enforce our Terms of Service.
• To protect against fraud and abuse.
• To protect the safety of our users and the public.

3. How We Share Your Information

3.1 Service Providers

We share data with third-party service providers who help us operate our business, including:

• Cloud hosting and storage providers
• Payment processors
• Email and communication services
• Analytics and monitoring tools
• Customer support platforms
• AI and machine learning service providers

3.2 Business Partners and Data Sales

We may share, sell, or license data to third parties for commercial purposes:

• Aggregated and Anonymized Data: We may sell or share aggregated, de-identified data that cannot reasonably identify you to hair care brands, product manufacturers, research institutions, marketing agencies, and other third parties.
• Partner Promotions: With your consent, we may share your information with partners to provide you with relevant offers and promotions.
• Research Partners: We may share data with academic and commercial research partners for hair care and trichology research.

3.3 Advertising Partners

We work with advertising networks and partners who may collect information about your activities on our Service and other websites to provide targeted advertising. This may include:

• Retargeting and remarketing campaigns
• Lookalike audience targeting
• Cross-platform advertising

3.4 Legal Requirements

We may disclose your information when required by law or in response to:

• Legal process (subpoenas, court orders)
• Government requests
• To protect our rights, privacy, safety, or property
• In connection with investigations of illegal activity

3.5 Business Transfers

If Rituala is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction.

4. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to collect information and improve your experience:

• Essential Cookies: Required for the Service to function properly.
• Analytics Cookies: Help us understand how users interact with our Service.
• Advertising Cookies: Used to deliver relevant ads and measure campaign effectiveness.
• Preference Cookies: Remember your settings and preferences.

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect functionality.

5. Your Rights and Choices

5.1 General Rights (All Users)

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Opt-Out of Marketing: Unsubscribe from promotional emails using the link in each email or through account settings.
• Account Deletion: Delete your account through account settings or by contacting us.

5.2 European Economic Area (GDPR Rights)

If you are in the EEA, UK, or Switzerland, you have additional rights under GDPR:

• Right to Object: Object to processing based on legitimate interests.
• Right to Restrict: Request restriction of processing in certain circumstances.
• Right to Portability: Receive your data in a structured, machine-readable format.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: File a complaint with your local supervisory authority.

Legal Basis for Processing: We process your data based on: (a) your consent, (b) performance of a contract, (c) our legitimate interests, or (d) legal obligations.

5.3 California Residents (CCPA/CPRA Rights)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
• Right to Delete: Request deletion of your personal information.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: Opt out of the sale or sharing of your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
• Right to Limit Sensitive Information: Limit use and disclosure of sensitive personal information.

5.4 How to Exercise Your Rights

To exercise any of your privacy rights, you may:

• Email us at support@tryrituala.com
• Use the privacy settings in your account
• Submit a request through our website

We will verify your identity before processing your request and respond within the timeframes required by applicable law (typically 30-45 days).

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication measures
• Employee training on data protection
• Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Improve our services and conduct research

When you delete your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law or for legitimate business purposes.

8. International Data Transfers

Rituala is based in the United States. If you are accessing our Service from outside the US, your information will be transferred to and processed in the United States and other countries where our service providers operate.

For transfers from the EEA, UK, or Switzerland, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Your explicit consent for specific transfers

9. Children's Privacy

Our Service is available to users of all ages. However, we take special precautions for children:

• Children Under 13: We require verifiable parental consent before collecting personal information from children under 13, in compliance with COPPA (Children's Online Privacy Protection Act).
• Children 13-17: Minors between 13 and 17 may use our Service with parental awareness and supervision.

Parents and guardians may review, delete, or refuse further collection of their child's information by contacting us at support@tryrituala.com.

10. Third-Party Links and Services

Our Service may contain links to third-party websites and services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending an email notification
• Displaying a prominent notice in our Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. Additional Disclosures

13.1 Categories of Personal Information Collected (CCPA)

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (name, email, IP address, device identifiers)
• Personal information under California Civil Code 1798.80 (name, address, payment information)
• Protected classification characteristics (age, gender)
• Commercial information (purchase history, subscription status)
• Biometric information (hair photos for analysis)
• Internet activity (browsing history, interactions with our Service)
• Geolocation data
• Sensory data (photos)
• Professional information (if provided)
• Inferences drawn from the above to create user profiles
• Sensitive personal information (health information related to hair/scalp conditions)

13.2 Sources of Personal Information

• Directly from you
• Automatically through your use of our Service
• Third-party sources (social media, authentication providers, data brokers)

13.3 Business Purposes for Collection

• Providing and improving our services
• Processing transactions
• Marketing and advertising
• Research and development
• Security and fraud prevention
• Legal compliance

By using Rituala, you acknowledge that you have read, understood, and agree to this Privacy Policy and our data practices as described herein.