Privacy Policy

Ritsu is a learning platform provided by [TBD — Legal name pending], an individual operating independently (not a company). When this Policy says “we”, “us”, “Ritsu”, or “the Service”, it means that individual and the systems operated by them to deliver the Service to you.

This Policy applies to:

• The website and application at ritsu.ai and its subdomains
• Account registration, authentication, and user dashboards
• All features of the Service including AI-generated content, source uploads, session sharing, and subscription management
• Communications we send you (transactional emails, notices)

This Policy does not apply to:

• Payment processing by Lemon Squeezy Inc., our Merchant of Record (see Lemon Squeezy’s Privacy Policy)
• Third-party websites linked from Ritsu
• Offline interactions unrelated to Ritsu

For the full agreement between you and Ritsu, also see the Terms of Service.

We collect only what the Service needs to work. We group it by category below.

2.1 Account Data

When you sign up, we collect:

• Email address
• Name or display name (if provided)
• A cryptographic hash of your password (we never store your plain password); hashing is handled by Supabase Auth using bcrypt
• OAuth identifiers if you sign in with Google, GitHub, or similar (scope limited to email + name)
• Account creation timestamp
• The IP address at the time of registration (for fraud prevention)

2.2 Profile Data

When you complete onboarding or edit your profile, we collect:

• Subjects you are studying
• Learning goals and experience level
• Preferred language of the interface
• Time zone (for scheduling and reminders)
• Persona or tutor-style preferences (if you select any)
• Answers to optional onboarding questions

2.3 Learning Content

This is the content you bring into Ritsu to study:

• Documents you upload: PDF, DOCX, Markdown, plain text, PowerPoint, images (PNG/JPEG/WebP), and Jupyter notebooks (up to 20 MB per file)
• YouTube URLs you provide, along with the transcript we retrieve from them
• Prompts, questions, and messages you send to Ritsu’s AI features
• AI-generated outputs (study aids, summaries, quizzes, flashcards) produced in response to your input
• Notes you create or save
• Session records, chat history, and study plans
• Tags, labels, or organization metadata you apply
• Content you choose to share publicly via our session-sharing feature

2.4 Usage Data

As you use the Service, we collect:

• Credit transactions (consumption, monthly resets, one-time pack purchases)
• Feature usage counts and timestamps (which commands you invoked, how often)
• Action logs (what you did and when, for debugging and support)
• Time spent in sessions
• Completion events for learning milestones you reach

2.5 Payment Data (collected by Lemon Squeezy, not Ritsu)

We do not receive or store your full payment card details. When you subscribe or buy a credit pack:

• Lemon Squeezy collects your card information, billing address, and tax identifiers as our Merchant of Record
• Lemon Squeezy transmits to Ritsu only: your subscription status, plan tier, customer ID, subscription start/end dates, and renewal events
• For specifics on Lemon Squeezy’s handling of your payment data, see their Privacy Policy

2.6 Device and Connection Data

When you use Ritsu, our servers automatically log:

• IP address
• Browser type and version
• Operating system
• Viewport size and device type (mobile vs desktop)
• Referring URL (how you arrived at Ritsu)
• Timestamps of requests

These logs are retained for 30 days (see Section 10), used for security and debugging, and not tied to a marketing profile.

2.7 Cookies

We use a small number of cookies:

• Strictly necessary (session authentication): required to keep you logged in. Provided by Supabase Auth.
• Preferences: remember interface settings like theme or language.

We do not currently use third-party analytics or advertising cookies. If this changes (for example, when we deploy PostHog for product analytics), we will update this Policy and implement a consent banner in jurisdictions that require it.

2.8 Analytics Data

Currently: none. Ritsu does not run third-party analytics or behavior-tracking pixels at launch.

In the future: we plan to deploy PostHog (a privacy-friendly product analytics tool) to help us improve the Service. When that happens, we will collect anonymized event data (page views, feature clicks, session duration), configure PostHog to avoid collecting PII, update this Policy, and give you a clear opt-out.

2.9 What we do NOT collect

• Health or medical records (unless you upload them as study material; see Section 14)
• Biometric data (no face, fingerprint, or voice recognition)
• Precise geolocation (we derive only coarse country/region from your IP)
• Government IDs or passports
• Social Security numbers, tax IDs (Lemon Squeezy handles tax identifiers for billing)

We use the categories above for the purposes listed here, and no others:

• Provide the Service (host, display, search, sync your content) — Account, Profile, Learning Content, Usage, Device
• Generate AI responses (send prompts to Gemini/OpenRouter) — Learning Content (prompts + relevant context)
• Process subscriptions and grant paid-tier access — Payment Data received from Lemon Squeezy
• Send transactional emails (receipts, security alerts, updates to this Policy) — Account Data
• Secure the Service against fraud, abuse, and unauthorized access — Account, Device, Usage
• Respond to your support requests — Account, Usage, any context you share in the request
• Comply with legal obligations (tax records, subpoenas, DMCA) — Whatever the law requires
• Improve the Service using aggregated, de-identified data — Usage, Device (never raw Learning Content)

If you are in the European Economic Area, United Kingdom, or Switzerland, we process your personal data under one of the following legal bases from GDPR Article 6:

• Contract (Art. 6(1)(b)): to provide the Service you requested when you signed up. Covers Account, Profile, Learning Content, Usage, and Payment data necessary to deliver the Service.
• Consent (Art. 6(1)(a)): for optional processing you actively agree to, such as future analytics (PostHog) or marketing emails (we do not send these yet). You can withdraw consent at any time.
• Legitimate interests (Art. 6(1)(f)): for security monitoring, fraud prevention, and improving the Service using aggregated, de-identified data. We have weighed our interests against yours and believe you would reasonably expect this processing. You can object under Section 11.
• Legal obligation (Art. 6(1)(c)): for tax record retention, responding to lawful government requests, and responding to valid DMCA notices.

Special categories of personal data (health, biometric, political, religious, etc.) are not processed by Ritsu unless you voluntarily upload them as part of your Learning Content, in which case processing is based on your explicit consent (Art. 9(2)(a)).

We share personal data only with the categories below, and only for the purposes listed.

5.1 Sub-processors

We use third-party service providers (“sub-processors”) that need limited access to personal data to operate the Service. They are contractually required to protect your data, use it only for our instructions, and maintain security standards consistent with this Policy. See Section 6 for the named list.

5.2 Legal authorities

We may share personal data if required by valid legal process (subpoena, court order, government request) in a jurisdiction that applies to us. We will challenge overbroad or unlawful requests where we have a basis to do so, and where not prohibited by law, we will notify you of requests affecting your data.

5.3 In the event of a business transfer

If Ritsu is acquired by, merged with, or sold to another entity, or if the operation is transferred to a legal entity (for example, if the operator incorporates later), your personal data may be transferred as part of that transaction. You will receive notice and, where applicable, the choice to delete your account before the transfer takes effect.

5.4 With your consent

We may share personal data for any other purpose if you explicitly consent.

5.5 We do NOT share for:

These are the third parties we currently use to operate Ritsu. We keep this list current. For significant additions, we will update this Policy and give notice where required.

• Supabase Inc. — Database (Postgres), authentication, Row-Level Security. Region: US East (EU available on request for paid plans). Transfer: Standard Contractual Clauses (SCCs) for EU→US.
• Cloudflare R2 (Cloudflare, Inc.) — Storage of uploaded files. Region: global edge (primary: US). Transfer: SCCs.
• Lemon Squeezy Inc. — Payment processing as Merchant of Record. Region: United States (Delaware). Transfer: SCCs; also an independent controller for payment data (see their Policy).
• Google LLC (Gemini API) — AI inference (primary). Region: United States. Transfer: SCCs; see Section 7 for AI-specific retention.
• OpenRouter Inc. — AI inference (fallback). Region: United States. Transfer: SCCs.
• Vercel Inc. — Application hosting, edge delivery. Region: United States. Transfer: SCCs.
• Resend — Transactional email (receipts, security alerts). Region: United States. Transfer: SCCs — deployed when we turn email on.
• PostHog, Inc. — Product analytics (not yet deployed). Region: United States or EU, configurable. Transfer: SCCs — we will configure EU region for EU users when deployed.

When we add or change a sub-processor, we update this list within 30 days. For material additions affecting how your data is processed, we give notice through in-app banner or email.

Ritsu’s AI features are the core of the Service, so we want to be especially clear about how AI processing works.

7.1 What happens when you use AI features

When you ask Ritsu to generate study aids, summaries, quizzes, or answer questions:

1. We prepare a prompt that includes your input and relevant context from your Learning Content (for example, portions of a document you asked us to summarize).
2. We send the prompt to our AI sub-processor: Google Gemini API (primary), or OpenRouter (if Gemini is unavailable or fails).
3. The AI sub-processor processes the prompt and returns a response.
4. We return the response to you and store it as part of your session history.

7.2 Retention at AI sub-processors

• Google Gemini API: per Google’s Gemini API Terms, prompts and responses from the paid API tier are not used to improve Google’s models and are retained only for a short operational window (up to 24 hours for abuse detection) before deletion. We use the paid tier exclusively.
• OpenRouter: retention depends on the upstream model. Where OpenRouter and the underlying model provider offer a no-logging or zero-retention option, we configure Ritsu to use it.

7.3 We do not train AI on your content

7.4 AI output quality

AI outputs may be inaccurate or hallucinated. Ritsu disclaims warranties about AI output quality in the Terms of Service §11. Do not rely on AI outputs for medical, legal, financial, or other professional decisions.

7.5 Art. 22 (automated decision-making, EEA/UK users)

Ritsu does not use automated processing to make decisions with legal or similarly significant effects about you. AI-generated study aids are not used to determine your access, pricing, or eligibility for any service, benefit, or credential.

Ritsu is operated by an individual who may be located in or travel through multiple jurisdictions, and most of our sub-processors are in the United States. Your data will therefore be transferred across borders, including to the United States.

We use Standard Contractual Clauses (SCCs) approved by the European Commission (and the equivalent UK IDTA) with each US-based sub-processor as the primary transfer mechanism. We also apply the supplementary measures described in Section 12 (encryption in transit and at rest, access controls) to protect data during transfer.

If Supabase (our database provider) offers EU hosting on a plan tier we adopt, we will host EU-resident users’ data in the EU and update this Policy accordingly.

Ritsu uses cookies for authentication and user preferences only. See Section 2.7 for categories.

We honor the Global Privacy Control (GPC) signal. If your browser sends GPC, we treat it as an opt-out of any future optional analytics or cross-context sharing (both of which we currently do not do).

When we deploy product analytics (PostHog), we will show a consent banner in jurisdictions where required and give you granular controls.

We keep personal data only as long as we have a legitimate need to. The schedule below sets out our periods.

• Active account data (Account, Profile, Learning Content) — retained while your account is open.
• Learning Content after account deletion — soft-deleted for 30 days, then hard-deleted (irrecoverable).
• Billing records (subscription history, invoices) — 7 years after account closure (tax law).
• Server logs (IP, request metadata) — 30 days.
• Database backups — 90 days rolling; older backups are permanently destroyed.
• Inactive account — flagged at 12 months of inactivity, email notice sent; account and data deleted at 24 months if no reactivation.
• AI prompts at Google Gemini — ≤ 24 hours (operational window), then deleted by Google.
• AI prompts at OpenRouter — configured for non-retention where available; otherwise per upstream model’s policy.
• Session auth cookies — session + up to 30 days.
• Support email threads — 2 years after resolution.

After the retention period, data is deleted from primary storage. Residual copies may persist briefly in system backups during their natural expiration window (see the 90-day backup line above).

You have rights over your personal data. Which specific rights you have depends on where you live, but Ritsu applies the broader set globally where practical.

11.1 Rights under GDPR (EEA, UK, Switzerland)

• Access: get a copy of the personal data we hold about you
• Rectification: correct inaccurate data
• Erasure (“right to be forgotten”): ask us to delete your data (subject to legal retention requirements like tax records)
• Portability: receive your data in a machine-readable format (JSON)
• Restriction: ask us to pause processing while we investigate a dispute
• Objection: object to processing based on legitimate interests
• Withdrawal of consent: for any processing based on consent, you may withdraw at any time
• Complaint: lodge a complaint with your local supervisory authority

11.2 Rights under California CCPA/CPRA

California residents additionally have:

• The right to know what categories of personal information we collect, use, and share
• The right to delete personal information (with exceptions for legal retention)
• The right to correct inaccurate information
• The right to opt out of sale or sharing (we do not sell or share; honoring GPC and any “Do Not Sell or Share” link)
• The right to limit use of sensitive personal information (we do not collect sensitive PI)
• The right to non-discrimination for exercising privacy rights

11.3 Rights under other US state laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, and similar)

Residents of states with comparable privacy laws have rights analogous to those above, including access, correction, deletion, portability, opt-out of targeted advertising or sale (not applicable to Ritsu), and appeal if we deny a request.

11.4 How to exercise your rights

11.5 Authorized agents

You may designate an authorized agent to exercise rights on your behalf (e.g., CCPA §1798.135(c)). We will verify the agent’s authority, usually by requesting written authorization from you.

11.6 Self-serve dashboard (roadmap)

Transparent disclosure: at launch, Ritsu does not have a one-click “Download my data” or “Delete my account” dashboard built into the app. We handle these requests manually via email. A self-serve privacy dashboard is planned for P1 after launch.

11.7 Data Privacy Framework (DPF)

Ritsu is not currently certified under the EU-US Data Privacy Framework or the UK/Swiss Extensions. We rely on Standard Contractual Clauses for EU→US transfers (see Section 8).

We apply commercially reasonable administrative, technical, and physical safeguards. For the full public-facing description, see the Security Policy. In summary:

• Encryption at rest: AES-256 for database (Supabase) and file storage (Cloudflare R2).
• Encryption in transit: TLS 1.2+ with HSTS preload.
• Row-Level Security (RLS): all user tables in Supabase enforce RLS. A user cannot query another user’s data even if our application code has a bug — the database layer refuses.
• Password hashing: bcrypt (via Supabase Auth).
• Access control: production access limited to the operator. Service role keys are scoped to server-side contexts and never exposed to the browser.
• Webhook integrity: HMAC signature verification on incoming webhooks (Lemon Squeezy).
• Dependency security: automated scanning (Dependabot or equivalent) for known vulnerabilities.
• No SOC 2 or ISO 27001 certification yet: we implement industry-standard practices but are not currently third-party audited. Planned when enterprise customer demand justifies the investment.

12.1 Breach notification

If a personal data breach affects you, we will notify you within 72 hours of discovery where feasible, per GDPR Art. 33 and US state-law requirements. The notice will describe what happened, what data was affected, what we are doing about it, and what you should do.

12.2 Responsible disclosure

If you discover a security vulnerability, please report it to security@ritsu.ai. We do not currently run a paid bug bounty program but we acknowledge responsible disclosures in good faith.

Ritsu is not directed to children under 13. We apply the following rules globally and adjust based on local law:

• Under 13: we do not knowingly collect personal data from children under 13 in the United States without verifiable parental consent (COPPA). If we learn we have collected data from a child under 13 without such consent, we delete it.
• 13 to 15 in the EEA, UK, and other GDPR-K jurisdictions: parental or guardian consent is required before we process personal data (GDPR Art. 8). Age of digital consent varies by EU member state (13-16); we apply the stricter threshold where in doubt.
• 16+ globally (or 13+ with parental consent): you may use Ritsu as an individual.

AI training on minors’ data: consistent with US FTC’s April 2025 updates to the COPPA Rule, Ritsu does not use any minor’s data for AI training, and we do not authorize our AI sub-processors to do so. This commitment applies to all users, but is especially important for minors.

Parents or guardians who believe a child under the applicable age has provided personal data to Ritsu without consent should contact privacy@ritsu.ai. We will delete the data promptly.

You control what you upload or input into Ritsu. For your safety:

• Do not upload content that identifies you or others in ways you don’t intend to share (medical records, financial statements, government-issued IDs, tax documents) unless you have a specific study reason.
• Do not paste passwords, API keys, or other secrets into the chat.
• Be thoughtful with public shares: if you use Ritsu’s session-sharing feature, anyone with the link can see the shared content. Do not share anything you would not post on a public forum.

Ritsu’s security is commercially reasonable but not perfect. You are in the best position to decide what belongs in a study tool versus what belongs somewhere more guarded.

Ritsu may link to or embed content from third-party services (for example, YouTube videos you import for transcription). We are not responsible for the privacy practices of those third parties. Review their policies before providing them with your data.

We generally collect data from you directly. In limited cases we may receive data from:

• Your authentication provider if you sign in with Google or GitHub (email and basic profile only, scoped to what you authorize)
• Lemon Squeezy, regarding your subscription status (see Section 2.5)

We do not purchase personal data from data brokers.

We may update this Policy to reflect changes in the Service, our sub-processors, or applicable law. When we make changes:

• We update the “Last Updated” date at the top
• We notify you by email for changes that materially affect how we process your data
• We post an in-app banner for at least 14 days before material changes take effect
• We publish a summary of significant changes in the Legal Hub

If you disagree with a change, you may delete your account before the change takes effect. Continued use after the effective date indicates your acceptance.

If you have questions about this Policy, want to exercise your rights, or have a concern:

• Privacy: privacy@ritsu.ai
• Data Protection Officer / EU representative: privacy@ritsu.ai (we do not yet have a designated DPO; privacy@ritsu.ai is the contact until we do)
• Security / vulnerability reports: security@ritsu.ai
• General / legal: legal@ritsu.ai

Legal notice address: [TBD — Contact address pending]

You also have the right to lodge a complaint with a supervisory authority in your country (for EEA/UK residents) or your State Attorney General (for US residents).

Thank you for trusting Ritsu with your study. We take that trust seriously.