Privacy Policy

Rhythm Journal · Built by Melaku Digital Inc. (Ontario, Canada) · Last updated: June 29, 2026

Your privacy is the foundation of Rhythm Journal — not an afterthought. This policy explains, plainly, how the app handles your information.

We collect nothing

Rhythm Journal collects no personal information. There are no user accounts, no registration, and no way for us to identify you. We have no servers of our own and zero visibility into your journal entries, moods, voice recordings, drawings, photos, to-do items, or shopping lists.

Where your data lives

Everything you create stays exclusively on your device — stored with Apple's SwiftData framework and protected by iOS file-protection encryption — and, only if you choose to enable it, in your own personal iCloud account. We have no servers and are physically incapable of storing or reading your data.

iCloud sync

If you enable sync, iOS encrypts your data before it leaves your device and stores it in your personal iCloud account. Rhythm Journal acts only as a courier — we cannot see what is transmitted, and your Apple ID credentials are never shared with us.

Voice recording & transcription

When you record audio, it is transcribed into text using Apple's on-device Speech framework. Audio is processed in memory (RAM) on your device, is never written to disk by the app, and is never transmitted to us or to anyone else. You are responsible for obtaining any consent required by your local laws before recording other people.

Optional AI features

On-device AI: On supported devices (iOS 26 and later with Apple Intelligence), AI features such as reflections, summaries, and suggestions run entirely on your device. Nothing leaves your phone.

Bring Your Own AI (off by default): You may optionally enable a third-party AI provider (such as OpenAI, Google Gemini, or Anthropic Claude) by entering your own API key. If you do, the text you submit for an AI feature is sent directly from your device to the provider you chose, under your own account, and is handled according to that provider's privacy policy — we encourage you to read it before enabling this. Rhythm Journal has no server in between, never receives your content, and never receives your key (your key is stored only in your device's Keychain). This feature is disabled by default; while it is off, no entry data is sent anywhere.

Receipt scanning & financial data

When you scan a receipt, the photo and the information read from it (store name, date, total, and line items) are processed entirely on your device using Apple's Vision framework — an on-device text-recognition engine with no network component. Receipt images and the parsed data are stored only on your device, and in your personal iCloud if sync is enabled, and are never transmitted to us or anyone else. Receipt information is treated as private financial data: if you enable the app lock, opening the receipt list requires Face ID / Touch ID. Camera and photo-library access are used only to add receipt images.

No third-party tracking

Rhythm Journal contains no third-party SDKs, analytics tools, advertising networks, or crash-reporting services. The only network endpoints the app can ever reach are (a) your own iCloud account and (b) the optional AI provider you choose to enable. There are no others.

Device permissions

The app may request: Microphone (to record audio for transcription, processed on-device); Speech Recognition (for on-device transcription); Photo Library (to add photos to entries); Camera (to photograph receipts for the spending tracker, processed on-device only); and Face ID / Touch ID (to lock the app and individual private entries). You can revoke any permission at any time in iOS Settings.

Children's privacy

Rhythm Journal is not directed at children under 14, and we do not knowingly collect information from children under 14. Quebec's Law 25 requires parental consent before collecting personal information from a minor under 14; because we collect no information at all, this does not arise. If you enable Bring Your Own AI, you are responsible for ensuring any content you send to a third-party provider complies with that provider's own age and eligibility requirements.

Your rights (Canada — PIPEDA & Quebec Law 25)

Under Canadian privacy law, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Law 25, you have the right to access, correct, and delete your personal information. Because we hold no personal information about you on any server, there is nothing for us to retrieve, correct, or delete on our end — you control all of your data directly on your device. If you contact us with a privacy inquiry, we will acknowledge it within 10 business days and respond within 30 days.

Deleting your data

To delete all data, uninstall the app. If iCloud sync is enabled, also remove the data from Settings → [Your Name] → iCloud → Manage Storage → Rhythm Journal.

Changes to this policy

If we make material changes to this policy, we will notify you through an in-app prompt or an app update. Continued use after an update constitutes acceptance of the revised policy.

Contact

Questions about this privacy policy? Email info@melakudigitalinc.com.