Privacy Policy

Last updated: 4 May 2026 · Effective: 4 May 2026

This Privacy Policy describes how the RiteOnTime mobile application (the “app”) and the website riteontime.app (together, the “service”) collect, use, and protect your personal data, and the rights you have under the EU General Data Protection Regulation (“GDPR”) and other applicable privacy laws.

1. Who we are

The data controller for this service is the operator of RiteOnTime, an individual developer based in the European Union. You can reach the controller at any time by emailing [email protected].

2. Scope of this policy

This policy covers the RiteOnTime app on iOS and Android, the RiteOnTime website, and the backend services we operate to deliver them (collectively, the “service”). RiteOnTime lets users set reminders, trigger alarms, and exchange messages in expiring threads. It does not cover third-party services that you may reach through links from our site or app — those are governed by their own privacy policies.

3. Data we collect

We collect only what is necessary to operate RiteOnTime:

Phone number — required for sign-in. Verified by SMS one-time code through Firebase.
Display name — what other users see when you send a reminder.
Profile photo (optional) — uploaded to Firebase if you choose to set one.
Language preference — used to localize the app.
Hashed contact identifiers — when you grant contacts access, the app derives one-way hashes from the phone numbers in your address book on your device, then sends those hashes to our Firebase backend so we can tell you which of your contacts already use RiteOnTime. The plain phone numbers of your contacts are not transmitted to our servers.
Reminder and chat content — the alarms you schedule and the messages and replies you exchange in threads.
Push notification tokens — Firebase tokens used solely to deliver push alerts to your device.
Service logs — Firebase records standard server logs (such as IP address and timestamps) for security, abuse prevention, and operational purposes.

What we do not collect: we do not place advertising trackers, we do not run analytics SDKs (no Google Analytics, no Facebook SDK, no AppsFlyer), and we do not sell or rent your personal data to anyone.

4. Why we use this data

To authenticate you and protect your account.
To match you with friends who already use RiteOnTime, so you can send them reminders.
To deliver scheduled reminders, replies, and notifications to the right device.
To enforce per-contact permissions you set.
To prevent abuse, fraud, and unauthorized access (via Firebase and our security rules).
To respond to support requests you send us.

5. Legal bases (GDPR Art. 6)

Performance of a contract — to provide the core service: authentication, reminder delivery, message exchange.
Consent — for contacts access and push notifications. You can revoke either at any time in your device settings.
Legitimate interests — for security, abuse prevention, and basic operational logging, balanced against your rights.

6. Sharing with other users

RiteOnTime is a communication app, so by design some data is visible to the people you communicate with:

Your display name and profile photo are shown to recipients of reminders or members of groups you join.
Reminder content and replies are shared with the participants of that thread.
Other users may discover that you are on RiteOnTime if your phone number matches one in their address book — unless you have blocked them through the per-contact permissions setting.

You can block any contact from sending you reminders at any time. Blocking is enforced server-side.

7. Third-party processors

We use Google Firebase (operated by Google LLC and its affiliates) as our infrastructure provider. Firebase delivers the authentication, data storage, file storage, push messaging, server-side logic, abuse protection, and website hosting that power the service.

Firebase processes data on our behalf as a data processor under Google’s privacy and security commitments. SMS verification codes are delivered by mobile carriers selected by Firebase.

8. International transfers

Firebase may process data in regions outside the European Economic Area, including the United States. Where this happens, transfers are governed by the European Commission’s Standard Contractual Clauses and Google’s supplementary safeguards.

9. Retention

Account data is retained while your account is active.
Hashed contact identifiers are refreshed each time you sync contacts; stale hashes are cleared.
If you delete your account, your profile, threads you authored, and stored photos are deleted within 30 days, except where retention is required by law (for example, for tax or legal-defense purposes).
Firebase server logs follow Google’s standard retention windows.

10. Children

RiteOnTime is not directed at children under the age of 13 (or 16 in the European Union, where local law sets that threshold). We do not knowingly collect personal data from children below the applicable age. If you believe a child has provided personal data to us, please email [email protected] and we will delete it.

11. Your rights

Under GDPR you have the right to:

Access the personal data we hold about you.
Have inaccurate data rectified.
Request erasure of your data (“right to be forgotten”).
Restrict or object to processing.
Receive your data in a portable format.
Withdraw consent at any time, where processing is based on consent.
Lodge a complaint with the supervisory authority in your country.

To exercise any of these rights, email [email protected]. We respond within 30 days.

12. Account deletion

You can delete your account from within the app under Settings → Account → Delete account. If you cannot access the app, send a deletion request to [email protected] from the phone number associated with your account, and we will process it within 30 days.

13. Security

Sign-in is protected by phone-number verification via SMS. Backend calls are protected by Firebase using device-integrity checks. Access to stored data is enforced by per-document security rules. Data in transit is protected by TLS.

No system is perfectly secure. If you discover a vulnerability, please report it to [email protected].

14. Cookies and website tracking

The RiteOnTime website does not set advertising cookies and does not run analytics or tracking scripts. Firebase records standard access logs (IP, user-agent, requested URL) for operational purposes, which are retained per Google’s defaults for that product.

15. Changes to this policy

If we make material changes, we will update the “Last updated” date at the top of this page and notify active users in the app before the changes take effect.

16. Contact

Questions, requests, or complaints? Email [email protected].