Privacy Policy for Riji

Zeyu Li,
legalriji

Last updated: 2026-05-30

Riji ("the app", "we", "us") is a personal habit and task tracker. This policy explains what data the app collects, why, where it goes, and how you can have it deleted.

At a glance. Riji collects only what's needed to sign you in and let your data follow you across devices: your email, name (if you share it), an account identifier, and the tasks you create. Everything is linked to your account and used purely for app functionality — no advertising, no analytics, no profiling, no sharing with anyone outside our hosting and crash-reporting providers. You can permanently delete your account and all linked data from inside the app at any time.

What we collect

We collect the minimum needed to sign you in and let your data follow you across devices.

DataSourceWhy
Email addressApple Sign In / Google Sign InIdentifying your account
Display name (if you share it)Apple Sign In / Google Sign InShowing your name in the app
Account identifier (UUID)Created by our auth providerLinking your data to your account
Tasks, goals, completions, reminders, milestones, streak historyCreated by you in the appProviding the core functionality of the app

We do not collect:

  • Your contacts, photos, microphone audio, camera, location, calendar, or any data from other apps on your device.
  • Advertising identifiers. There is no advertising in the app.
  • Behavioral analytics. There is no third-party SDK tracking how you use the app. (See "Crash and error reporting" below for the limited diagnostic data we do collect.)

Who has access

  • You, on any device where you are signed in.
  • Supabase Inc., our authentication and database provider, stores the data on their infrastructure. They process it only to provide hosting services to us. Their privacy policy: https://supabase.com/privacy
  • Apple or Google receive sign-in requests from your device when you tap their respective sign-in buttons. We never receive your password from them — only an identity token that confirms you signed in successfully. Their handling of sign-in is governed by their own privacy policies.
  • Sentry receives crash reports and unexpected application errors when the app encounters them. See "Crash and error reporting" below for the exact data sent and excluded.

We do not sell, rent, or share your data with any other party. We do not use your data for advertising, profiling, or training machine learning models.

Where the data lives

  • Data you create while signed in is stored on Supabase servers (region: us-west-2) and mirrored locally on your device for offline use.
  • Data you create while signed out ("guest mode") stays on your device only. It is never uploaded.

Crash and error reporting

To keep the app stable, we use Sentry (sentry.io) to receive crash reports and a small set of unexpected application errors. We have configured Sentry conservatively:

  • We send: crash stack traces, your device model, your OS version, and the version of Riji you are running.
  • We do not send: your account identifier, your email address, your display name, or the contents of your tasks. We do not send a record of which screens you visited or which buttons you tapped.

Sentry processes these reports on their US infrastructure and deletes them after 30 days. We do not use Sentry data for advertising, profiling, or analytics, and we do not share it with anyone else. Sentry's own privacy policy is at sentry.io/privacy.

How long we keep it

We keep your account and the data linked to it for as long as your account exists. When you delete your account (see below), all account-linked data is permanently removed from Supabase within 30 days. Database backups roll off on a 7-day cycle, so a copy of your data may exist in backups for up to a week after deletion before it is overwritten.

Deleting your account and data

You can delete your account and all data linked to it from within the app:

  1. Open Settings in the app.
  2. Tap Delete Account.
  3. Confirm the deletion.

This action is permanent. It signs you out, removes your account from our authentication provider, and deletes all rows linked to your account from our database. Guest-mode data on the device remains until you uninstall the app.

If you cannot access the app and want your account deleted, email us (see Contact below) from the address tied to your account and we will process the request within 30 days.

Your rights

Depending on where you live (e.g. the EEA, UK, California), you may have legal rights over your personal data, including:

  • The right to access the data we hold about you.
  • The right to correct inaccurate data.
  • The right to have your data deleted.
  • The right to receive a copy of your data in a portable format.

You can exercise the first three rights directly through the in-app delete and edit flows. For data export, email us and we'll send you a JSON copy of your tasks, goals, and completions within 30 days.

Children

The app is not directed at children under 16 (or under the applicable digital-consent age in their jurisdiction) and we do not knowingly collect data from them. If you believe a child has signed up, email us and we will delete the account.

Changes to this policy

When this policy changes, we update the date at the top and post the new version at the same URL. Significant changes will be surfaced inside the app on the next launch.

Contact

Questions, deletion requests, or data export requests:

purillmit@gmail.com