Privacy Policy

What we collect and what we don't.

Last updated: February 20, 2026

The short version

Rhythm keeps your data on your device by default. If you enable sync, you can use E2EE so we can't read it even then. We don't run ads, don't sell your data, and you can export everything anytime.

1. Local-first by default

All your data stays on your device unless you choose to sync with a household. There's no "cloud" storing your baby's feeds, sleep patterns, or health notes by default.

The app works offline, loads instantly (no server round-trips), and there's no central database to breach.

2. Sync and encryption

If you choose to sync with a partner or caregiver, your data is transmitted to our servers to coordinate between devices. You have two options:

  • With E2EE enabled: Your data is encrypted on your device before it leaves. We cannot read it. This is the most private option.
  • Without E2EE: Your data is encrypted in transit (TLS) and at rest on our servers, but we could technically access it. We don't look at it, but we want you to understand the difference.

Household members join via invite link. Works on iOS, Android, and desktop browsers.

3. What we collect

Account information

When you create an account, we collect your email address. We use it for login, password resets, and household invites. We don't send marketing emails.

Technical logs

We log technical errors and performance metrics to keep the app running. These logs contain no personal information and are automatically deleted after 14 days.

Cookies

We use functional cookies for authentication (keeping you logged in). We don't use tracking cookies, analytics cookies, or third-party advertising cookies.

4. What we don't collect

Rhythm doesn't run ads. We don't sell your data. We don't use your data to train AI models.

5. Third-party services

We use a small number of third-party services to operate Rhythm:

  • Stripe processes payments. Your payment details go directly to Stripe. We never see or store your full card number.
  • Cloudflare provides DNS and CDN services. They may process your IP address and request metadata to route traffic and protect against attacks.

We don't use any analytics services, ad networks, or data brokers.

6. Free exports and your rights

You can download your entire history in JSON format at any time, without a subscription.

You also have the right to:

  • Access all personal data we hold about you
  • Delete your account and all associated data
  • Export your data in a portable format (JSON)

To exercise any of these rights, use the export and account deletion features in your account settings, or email support@rhythm.baby.

Questions?

If you have questions about how we handle data, email support@rhythm.baby.

Find your Rhythm