Privacy Policy
RhythmicFlow ("we", "the app") is a breathing and meditation app developed by Satyam Technologies Private Limited. This policy explains what data the app collects, why, and what choices you have.
TL;DR
- Everything is local by default. Your rhythms, practice history, uploaded backgrounds, and reminder settings live in your phone's private app storage. We never receive them. The only copies that ever leave the app are your device's own Google backup (Android Auto Backup) and any backup file you choose to export from Settings — both stay in your own Google account or storage, which we can't see.
- No analytics. No advertising. No third-party trackers.
- Account data (if you choose to create an account): username, email, password hash, optional phone number, and optional profile picture, sent only to our own backend and only to enable preset sync and mobile-OTP login.
- You can delete your data at any time — remove individual sessions, rhythms, and uploads in the app, or clear the app's storage to wipe everything. See the account & data deletion page.
1. What we collect
1.1 Data that stays on your device
The following data is created, stored, and used only on your device. We never see it or transmit it to our servers. (Android's own Auto Backup may copy it to your personal Google account, and Premium members can export a backup file themselves — see §3 — but neither is ever visible to us.)
- Your custom breathing rhythms (name, inhale/hold/exhale/hold durations, animation style, color overrides, appearance settings).
- Your practice-session history (start time, end time, duration, cycles completed, rhythm name).
- Uploaded background images, background music, breathing sounds, and hold sounds.
- App preferences (dark/light theme choice, preset visibility, reminder schedules, hidden preset list).
- Playback state for the lock-screen notification.
1.2 Data sent to our servers (only when you choose to sign in)
If you tap Register or Log in, the app sends the following to our own backend (api.rhythmicflow.app):
- Username
- Email address
- Password, hashed on-device with bcrypt before transmission.
- Mobile phone number (optional, used only if you enable mobile-OTP login).
- Profile picture (optional).
- Social sign-in identifiers (Google, Facebook, or X) if you sign in with one of those providers — stored only to match you to your account on subsequent sign-ins.
- Preset edits you publish (only if you are an admin user editing a built-in preset via the admin UI).
This data lives in our database and is used solely to:
- Authenticate you on subsequent logins.
- Send password-reset codes to your email.
- Send OTP codes to your mobile number via ClickSend's SMS gateway.
- Sync admin-authored preset edits to every other user on their next login.
We do not sell this data, share it with advertisers, or use it for any purpose other than what is listed above.
1.3 Data we never collect
- Location data
- Contacts
- Microphone recordings
- Camera photos (beyond the one you explicitly pick as a background image, which stays on your device)
- Calendar or SMS contents
- Advertising identifiers (IDFA / GAID)
- Device identifiers
2. Third parties
RhythmicFlow uses the following third-party services. Each only receives the minimum data necessary to do its job:
| Service | What it sees | Why |
|---|---|---|
| Google Play Billing | Purchase receipts for Premium subscriptions | Process purchases; restore entitlements |
| ClickSend SMS | Your mobile number and a generated OTP code | Deliver mobile-OTP login codes |
| Google, Facebook, X (if you use social sign-in) | The identifier and profile info returned by the provider (name, email where available, profile picture URL) | Authenticate you via your chosen provider |
| Our own backend | Everything listed in §1.2 | Authenticate and sync preset edits |
No other third parties receive data from the app. The app does not include Google Analytics, Firebase Analytics, Crashlytics, AppsFlyer, Adjust, Meta SDK, Amplitude, Mixpanel, or any similar SDK.
3. Your choices
- Use the app without an account. Every breathing feature works offline without signing in. Sign-up is optional.
- Export your own backup (Premium/admin). Settings → Backup & restore → “Back up my data” writes a
.zipyou save wherever you like (including your own Google Drive). It stays in your storage — we never receive it. - Delete your on-device data. Remove individual practice sessions from the Activity tab, custom rhythms from Home, and uploads from the media pickers — or clear the app's storage (Settings → Apps → RhythmicFlow → Storage → Clear storage) or uninstall to wipe everything at once.
- Delete your account. Email support@rhythmicflow.app with your username; we delete the server-side record within 7 days and reply when done. Full steps on the account & data deletion page.
4. Children
RhythmicFlow is suitable for users of any age, but we do not knowingly collect data from children under 13. If you are under 13, ask a parent or guardian before creating an account.
5. Security
- Passwords are hashed on the device before being sent to the backend.
- All backend communication uses TLS 1.2 or higher.
- The backend database is encrypted at rest.
6. Changes to this policy
We'll update the "Last updated" date at the top of this document whenever the policy changes. Material changes (e.g. adding a new third-party SDK) will be highlighted in the app's release notes.
7. Contact
- Email: support@rhythmicflow.app
- Mail: Satyam Technologies Private Limited, Patna, India