← Back to Rika

Rika — Privacy Policy

Effective Date: March 20, 2026 Last Updated: March 20, 2026

The Short Version

Rika is a personal AI that learns about you to help you stay on track. To do that, we need access to some of your data. Here's what matters:

  • We collect what you tell Rika, your health data, calendar, and device info
  • We use it to run the app — your briefing, chat, insights, and notifications
  • We don't sell your data. Ever.
  • We don't share your data with advertisers
  • Your health data is never used for ads or sold to anyone
  • You can delete your account and data at any time
  • We use third-party AI (Anthropic Claude) to power Rika's responses — your messages are sent to their API for processing

    • If you want the full details, keep reading.

    1. Who We Are

    Rika is built and operated by Rika AI, Inc. ("Company," "we," "us," or "our"), based in Los Angeles, California.

    Contact: support@rika247.com

    2. What Data We Collect

    Data You Provide Directly

  • Account information: Email address, name, password
  • Messages: Everything you type to Rika in chat
  • Focus areas and preferences: What you tell us matters to you during onboarding and in settings
  • Routine cards and checklists: Cards you create, items you check off, entries you log
  • Food logs: Meals you describe or photograph for nutrition tracking
  • Goals, people, and insights: Information Rika learns about you through conversation
  • Feedback: Anything you send us through support channels

    • Data From Your Device (With Your Permission)

  • Apple HealthKit: Sleep analysis (duration, stages, scores), step count, active calories, workouts, resting heart rate, nutrition data. We read from HealthKit — we never write to it.
  • Calendar (EventKit): Event titles, times, locations, and calendar names. Used to show your schedule and help Rika prep you for meetings.
  • Location: Approximate or precise location when you grant permission. Used for contextual nudges (weather, nearby recommendations) and geocoding.
  • Notifications: Device token for push notifications. Used to send briefings, reminders, and proactive nudges.

    • Data Collected Automatically

  • Device information: App version, build number, OS version, device model, locale
  • Usage analytics: Screen views, feature usage, session duration, tap events
  • Error and performance data: Crash reports, API response times

    • 3. How We Use Your Data

    | Purpose | Data Used | |---------|-----------| | Generate your daily briefing | Health data, calendar, routine cards, goals | | Power Rika's chat responses | Your messages, conversation history, context | | Provide health and activity insights | HealthKit data (sleep, steps, workouts, HR) | | Nutrition tracking and estimates | Food logs, nutrition profile, HealthKit nutrition | | Send proactive notifications | Calendar, health data, goals, routine status | | Update your Live Activity | Steps, sleep, calendar, nudge text | | Create and manage routine cards | Your inputs, focus areas, preferences | | Improve the service | Usage analytics, aggregated conversation patterns | | Prevent abuse and ensure security | Account activity, rate limiting data | | Communicate with you | Email address (for account-related messages only) |

    4. AI Processing

    Rika uses third-party AI models to generate responses:

  • Anthropic (Claude): Your messages are sent to Anthropic's API for processing. Anthropic processes this data to generate Rika's responses and returns them to us.
  • What's sent: Your message, relevant conversation history, and contextual data (health summary, calendar events, goals) needed to generate a useful response.
  • What's not sent: Your raw HealthKit data streams, full calendar database, or account credentials.

    • Anthropic's data handling is governed by their own privacy policy and data processing terms. Under our agreement with Anthropic, your data sent through their API is not used to train their models.

    5. Health Data — Special Protections

    We take health data seriously. Here's exactly how we handle it:

  • Access: We only access HealthKit data you explicitly grant permission for. You can revoke access anytime in iOS Settings.
  • Read only: Rika reads from HealthKit. We never write data to your HealthKit store.
  • Purpose: Health data is used solely to generate your briefing cards, sleep insights, activity tracking, and contextual responses.
  • No advertising: Health data is never used for advertising, marketing, or user profiling for ad targeting.
  • No selling: Health data is never sold to any third party. Period.
  • No sharing: Health data is not shared with third parties except as strictly necessary to provide the core service (processing through our AI infrastructure to generate your insights).
  • Apple compliance: Our handling of HealthKit data complies with Apple's HealthKit guidelines and App Store Review Guidelines.
  • Encryption: Health data is encrypted in transit (TLS 1.2+) and at rest.
  • Deletion: Health data is deleted when you delete your account, within 30 days.

    • 6. Data Sharing

    We share data with:

  • AI service providers (Anthropic): To process your messages and generate responses. Subject to data processing agreements.
  • Infrastructure providers: Cloud hosting (Railway), database hosting, push notification delivery (Apple APNs). These providers process data on our behalf under strict agreements.
  • Apple: Payment processing for subscriptions is handled entirely by Apple through the App Store. We don't receive or store your payment details.

    • We do NOT share data with:

  • Advertisers or ad networks
  • Data brokers
  • Social media platforms
  • Any third party for their own marketing purposes

    • We may disclose data if:

  • Required by law, subpoena, or legal process
  • Necessary to protect the safety of our users or the public
  • Required to protect our legal rights
  • In connection with a merger, acquisition, or sale of assets (you would be notified)

    • 7. Data Storage and Security

  • Where: Your data is stored on servers in the United States.
  • Encryption: All data is encrypted in transit (TLS) and at rest.
  • Access controls: Access to user data is restricted to authorized personnel who need it to operate the service.
  • Authentication: Your account is protected by encrypted credentials. We use JWT tokens for session management.
  • Monitoring: We monitor for unauthorized access and security incidents.

    • No system is 100% secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security.

    8. Data Retention

    | Data Type | Retention Period | |-----------|-----------------| | Account information | Until you delete your account | | Chat messages | Until you delete your account | | Health data summaries | Until you delete your account | | Routine cards and entries | Until you delete your account | | Food logs | Until you delete your account | | Usage analytics | 90 days (rolling) | | Push notification logs | 30 days | | Server logs | 30 days |

    When you delete your account:

  • Personal data is deleted within 30 days
  • Backups containing your data are purged within 90 days
  • Aggregated, anonymized data that cannot identify you may be retained
  • Data required for legal compliance may be retained as required by law

    • 9. Your Rights and Choices

    You can:

  • Access your data: Request a copy of your personal data by emailing support@rika247.com.
  • Delete your data: Delete your account through the app (Settings > Delete Account) or by emailing us. Deletion is processed within 30 days.
  • Revoke permissions: Revoke HealthKit, calendar, location, or notification access anytime through iOS Settings.
  • Opt out of analytics: Contact us to opt out of usage analytics collection.
  • Opt out of conversation improvement: Contact us if you don't want your conversations used to improve the service.
  • Export your data: Request a data export by emailing support@rika247.com. We will provide your data in a portable format within 30 days.

    • California Residents (CCPA)

    If you're a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect and how it's used
  • Right to delete your personal information
  • Right to opt out of the sale of personal information (we don't sell your data, but the right still applies)
  • Right to non-discrimination for exercising your privacy rights

    • To exercise these rights, email support@rika247.com or use the in-app account deletion feature.

    European Residents (GDPR)

    If you're in the European Economic Area, you have additional rights:

  • Right to access, rectify, and erase your personal data
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

    • Our legal basis for processing is: consent (for health data and optional features), contract performance (for providing the service), and legitimate interest (for security and service improvement).

    10. Children's Privacy

    Rika is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, contact us at support@rika247.com.

    11. Cookies and Tracking

    Rika is a native iOS app — we don't use browser cookies. We do use:

  • Analytics events: In-app usage tracking (screen views, feature usage, session data) to understand how people use Rika and improve the service.
  • Device identifiers: We use anonymized device information for analytics. We do not use IDFA or other advertising identifiers.

    • We do not participate in cross-app tracking. We respect Apple's App Tracking Transparency framework.

    12. Third-Party Links

    Rika may occasionally reference external resources or links. We are not responsible for the privacy practices of third-party websites or services. Review their privacy policies before providing them with your data.

    13. Changes to This Policy

    We may update this Privacy Policy from time to time. When we make material changes:

  • We will notify you by email or in-app notification
  • The "Last Updated" date at the top will be revised
  • Continued use of Rika after the effective date constitutes acceptance

    • If you disagree with the changes, you should stop using Rika and delete your account.

    14. Contact Us

    Questions, concerns, or requests about your privacy?

    Email: support@rika247.com Company: Rika AI, Inc. Location: Los Angeles, California

    We aim to respond to all privacy-related requests within 30 days.

    *This Privacy Policy was last reviewed and updated on March 20, 2026.*