Privacy Policy.

We collect three buckets of information.

Things you give us

• Your email address (so we can talk to you about your account).
• Your username and display name.
• The posts, comments, and replies you write.
• The topics you follow and the people you save or block.
• Any feedback or support messages you send us.

Things we observe automatically

• The pages you visit on Rhyme and the order you visit them in.
• Approximate location (derived from IP address — country / region only).
• Device and browser type, screen size, and language.
• Crash and performance information from the application.

Things we don’t collect

• Precise location.
• Your contact list, calendar, or microphone.
• Identifiers built specifically for cross-site advertising.

We use what we collect for the following purposes only:

• To run Rhyme — show you the topics you follow, the posts you save, the people you talk to.
• To keep the service safe — detect spam, abuse, fraud, and unauthorised access.
• To improve the service — understand which features are useful, where the experience breaks, and how to make it less of either.
• To talk to you about your account: invite emails, security alerts, and important policy changes.
• To comply with the law when we’re required to.

We do not use your data to build advertising profiles, to train large generative models on your private content, or to share with data brokers. Ever.

We share data with three categories of third parties, and only as much as is necessary:

• Service providers who run our infrastructure for us — hosting, email delivery, error monitoring. They’re bound by contract to use your data only to provide their service to us.
• Law enforcement, when we’re served with a valid legal process and have to comply, or when we believe in good faith that disclosure is necessary to prevent imminent harm.
• A successor company, if Rhyme is ever acquired or merged. Any acquirer would be bound by the version of this policy in effect when the data was collected; if material changes are required, we’ll tell you in advance and give you a chance to delete your account.

We do not sell your personal information. We do not share it with advertisers. We do not let third parties read or analyse your private posts or messages.

Rhyme uses cookies for two purposes only: keeping you signed in, and remembering simple preferences (theme, layout choices). We do not use cookies for advertising or for cross-site tracking.

We use a small amount of first-party analytics to understand aggregate usage of the service. This data is not linked to your account where it can be avoided, and is never sold or shared.

You can delete cookies from your browser at any time. If you do, you’ll need to sign in again.

We keep most of your data for as long as your account is active. When you delete your account:

• Your profile, posts, and comments are deleted within 30 days.
• Backups are purged on a rolling basis, typically within 90 days.
• We keep some account metadata (e.g., the fact that an account at this email address existed and was deleted) for fraud-prevention purposes for up to 12 months.
• Records we’re legally required to keep — for example, financial records for tax purposes — are retained for the period required by law (typically 7 years).

We use industry-standard security practices to protect your data: encrypted connections (TLS), encrypted storage at rest, hashed passwords, two-factor authentication for our staff, and least-privilege access controls. We log and review every access to user data by an employee.

No system is perfectly secure. If we ever discover a breach affecting you, we’ll tell you within 72 hours of confirming it, along with what we know and what you should do.

Wherever you live, you can:

• See what we have about you. Settings → Privacy → “Download my data” produces a complete export.
• Correct information that’s wrong (most fields are editable in Settings; for anything else, write to us).
• Delete your account, which removes your content and personal data within 30 days.
• Object to specific uses of your data and ask us to restrict processing.
• Take it elsewhere — your export is in a portable format.

If you live in the EU, the UK, or a US state with comprehensive privacy law (California, Colorado, Connecticut, Utah, Virginia, and a growing list of others), the rights above are protected by your local law and we honour them on the same timelines for everyone.

Rhyme’s servers are in the United States. If you’re using Rhyme from outside the US, your data is transferred to and processed there. Where required, we use Standard Contractual Clauses or equivalent legal mechanisms to protect that transfer.

Rhyme isn’t for people under 16. We don’t knowingly collect personal information from children under 16, and we don’t target or advertise to them. If you’re a parent or guardian and you believe your child has signed up, please write to us and we’ll delete the account.

We’ll update this policy when our practices change or when laws require it. The “Last updated” date at the top tells you when. For material changes — anything that meaningfully affects what we collect or how we use it — we’ll notify you in the app or by email at least 14 days before the change takes effect.

Privacy questions: privacy@rhyme.com.
Data deletion / export requests: privacy@rhyme.com.
For everything else: hello@rhyme.com.

If you’re in the EU/EEA, our data protection contact is also reachable at privacy@rhyme.com. You also have the right to complain to your local data-protection authority.