Back

Privacy Policy

Last updated: June 7, 2026

RITU is DPDP-compliant. The DPDP Act 2023 is India's law to protect your personal data. This page explains, in plain English, what we collect, why, how long we keep it, and how you can ask us to delete or change it. You are always in control.

1. Data we collect

  • Account: name, email, profile photo (optional).
  • Cycle & health: period dates, symptoms, mood, energy, sleep, steps, meals, notes you log.
  • Preferences: diet, location, struggles, goals.
  • Maya conversations: the messages you send to Maya and her replies.
  • Device data: basic crash and error logs to keep the app running.

2. Why we collect it

  • To personalise predictions, insights and Maya AI guidance for your cycle.
  • To sync your data securely across your devices.
  • To improve the app and fix bugs.

3. How long we keep it (Retention)

  • While your account is active, we keep your data so the app works.
  • If you delete your account, your personal data is removed within 30 days from our active systems and backups.
  • Anonymised, non-identifying analytics may be kept longer to improve the product.

4. Third parties we share with

We never sell your data. We use these processors strictly to run RITU:

  • Supabase — secure cloud database & storage (data hosted in encrypted form).
  • Razorpay — payment processing for Premium subscriptions.
  • Lovable AI / Anthropic / Google — AI models that power Maya (messages are sent securely; not used to train public models).
  • Google OAuth — if you choose to sign in with Google.

5. Your rights under DPDP

  • Access — see all data we hold about you, from Profile → Data & Privacy → My Data.
  • Download — export your data as a PDF from the same screen.
  • Correct — edit your profile, cycle and logs in-app any time.
  • Withdraw consent — toggle any non-essential consent off in Profile → Data & Privacy → Manage Consent.
  • Delete — permanently delete your account and all data from Profile → Delete account.
  • Grievance — contact our Grievance Officer (below) — we respond within 30 days.

6. Children's data

RITU is for users 18 years and older only. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, please email us so we can remove it.

7. Storage & security

Data is stored on encrypted servers with row-level security so only you can read your records. Transport is protected with HTTPS. Passwords are hashed and never stored in plain text.

8. Data breach response

If we ever detect a personal-data breach that may affect you, we will notify the Data Protection Board of India and affected users within 72 hours, with a description of the breach, the data involved and the steps we are taking.

9. Grievance Officer

Vikram Bhusnar
Grievance Officer, RITU Health
Email: contact@getritiu.in
Response time: within 30 days

10. Changes

We will notify you in-app about material changes to this policy. The current policy version is 2026-06-07.

11. Contact

For any privacy request, write to contact@getritiu.in.