Introduction
Unitas Technology LLC ("we," "us," or "our") operates the Rambles mobile application and related services (collectively, the "Service"). Rambles is a voice-first journaling and reflection companion.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and handling your personal data responsibly and transparently.
Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
1. Information We Collect
We collect information to provide and improve our Service. The types of information we collect include:
1.1 Information You Provide Directly
Account Information
- Email address (used for authentication)
- Authentication credentials (managed through Firebase Authentication or Sign in with Apple/Google)
- Account preferences and settings
Journal Content
- Voice recordings (processed for transcription, not stored long-term)
- Transcribed text from your voice sessions
- Timeline entries and session data
- Program states and configurations you create
- Routine settings and schedules
- Custom vocabulary and pronunciation directives you provide to improve transcription accuracy
Feedback and Support Data
- Bug reports and feature requests you submit
- Screenshots you optionally include with feedback (annotated by you)
- Device information submitted with feedback for troubleshooting
1.2 Information Collected Automatically
Usage Data
- App interactions and feature usage
- Session timestamps and duration
- Error logs and crash reports
- App version and build number
Device Information
- Device type and model
- Operating system and version
- Unique device identifiers
- IP address
1.3 Voice and Audio Data
Rambles is a voice-first journaling application. Understanding how we handle voice data is essential:
Voice Processing
- When you record a journal entry, your voice audio is streamed in real-time to our servers
- Audio is immediately processed for transcription using third-party AI services
- We do not store raw audio recordings after transcription is complete
- Only the transcribed text is retained as part of your journal entries
2. How We Use Your Information
2.1 Service Provision and Improvement
- Process your voice recordings into text transcriptions
- Store and sync your journal entries across devices
- Provide personalized program tracking and visualization features
- Enable AI-powered tagging, insights, and Q&A functionality within sessions
- Apply your custom vocabulary and correction rules to improve transcription accuracy
- Respond to your feedback and support requests
2.2 Service Operations
- Authenticate your identity and maintain account security
- Monitor and analyze usage patterns to improve the Service
- Diagnose technical issues and debug errors
- Enforce our Terms of Service
2.3 AI Processing
We use large language models (LLMs) to process your session content for:
- Automatic tagging and categorization
- Updating your program states based on journal content
- Answering questions you ask during sessions (Q&A feature)
Your data is not used to train AI models.
3. Data Sharing and Disclosure
We do not sell your personal information. We share information only in the following circumstances:
3.1 Service Providers
We work with third-party service providers who perform services on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Firebase (Google) | Authentication, feedback storage | Account credentials, feedback data, device info |
| OpenAI | Voice transcription, AI processing | Voice audio (real-time), session text |
| Google Cloud Platform | Infrastructure hosting | All service data (encrypted) |
| Stytch | OAuth authentication for integrations | Authentication tokens, user identifiers |
3.2 Third-Party AI Integrations (MCP)
Rambles supports optional integration with external AI assistants (such as ChatGPT and Claude) through the Model Context Protocol (MCP). If you choose to connect your Rambles account:
- You explicitly authorize the connection through an OAuth consent flow
- The external AI service can access your Rambles data (programs, states, sessions, routines) to answer your questions and provide assistance
- Access is read-only by default; write operations require explicit scope authorization
- You can revoke access at any time through the connected service or by contacting us
Important: When using third-party AI integrations, your data is also subject to that service's privacy policy. We encourage you to review the privacy policies of any external AI services you connect.
3.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government requests).
3.4 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice within the Service before your information is transferred and becomes subject to a different privacy policy.
4. Third-Party AI Services
4.1 Voice Transcription and AI Processing
We use OpenAI's services for voice transcription and AI-powered features. When processing your data:
- Your voice audio is transmitted securely to OpenAI for real-time transcription
- Session content may be processed by OpenAI's language models for tagging, state updates, and Q&A features
- Data Retention by OpenAI: According to OpenAI's data usage policies, API inputs and outputs are not used to train their models and are retained for a limited period for abuse monitoring before deletion
- We do not provide your data to any AI service for the purpose of model training
4.2 Your Control Over AI Features
You have control over AI processing within Rambles:
- You choose when to record and what content to share
- You can delete your entire account at any time
- Q&A features are triggered only when you explicitly invoke them
5. Data Storage and Security
5.1 Where We Store Your Data
Your data is stored on servers located in the United States, operated by Google Cloud Platform (Cloud Run, Cloud SQL, Firebase). If you are located outside the United States, your data will be transferred to and processed in the United States.
5.2 Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including:
Technical Safeguards
- Encryption in transit using TLS 1.2 or higher
- Encryption at rest for stored data
- Secure authentication through Firebase Auth
- Regular security assessments and monitoring
Important: While we take security seriously, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.
6. Data Retention
6.1 Retention Periods
We retain your data for as long as necessary to provide the Service and fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Journal sessions and content | Until you delete them or your account |
| Program states and history | Until you delete them or your account |
| Voice audio | Not retained (processed in real-time only) |
| Feedback submissions | Until resolved or as needed for product improvement |
6.2 Account Deletion
When you delete your account:
- Your journal entries, programs, states, and routines are permanently deleted
- Some data may be retained in backups for a limited period (up to 30 days) before permanent deletion
- We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution)
7. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal data:
7.1 All Users
- Access: View your journal entries, programs, and states within the app
- Correction: Edit or update your journal content and settings
- Deletion: Delete programs, states, or your entire account
- Data Export: Request a copy of your data by contacting us
7.2 European Economic Area (EEA) Residents — GDPR Rights
If you are in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):
- Right to Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restriction: Request that we limit how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing of your data for certain purposes
- Right to Withdraw Consent: Withdraw consent where processing is based on consent
To exercise these rights, contact us at privacy@rambles.bot.
7.3 California Residents — CCPA/CPRA Rights
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know: Request what personal information we collect, use, disclose, and sell
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out: Opt out of the sale or sharing of personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
Note: We do not sell your personal information.
To exercise these rights, contact us at privacy@rambles.bot or use the in-app account deletion feature.
8. Children's Privacy
The Service is not intended for children under the age of 13 (or 16 in some jurisdictions). We do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@rambles.bot. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.
9. International Data Transfers
If you are accessing the Service from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States, where our servers are located.
For EEA residents, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and service provider compliance with applicable data protection laws.
By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described in this policy.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last Updated" date at the top of this policy
- We will notify you through the app or via email
- Significant changes will be highlighted prominently
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated policy.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@rambles.bot
For GDPR-related inquiries or to exercise your data rights, email the address above.
Response Time: We aim to respond to all privacy-related inquiries within 30 days.
12. Additional Information for App Stores
12.1 Data Safety (Google Play)
In accordance with Google Play requirements, this app:
- Collects: Email address, voice recordings (for transcription), usage data, device identifiers
- Shares: Data with service providers (Firebase, OpenAI, Google Cloud) for service operation
- Does not sell: Personal information
- Provides: Account deletion option
- Uses encryption: In transit and at rest
12.2 App Privacy (Apple App Store)
In accordance with Apple App Store requirements:
Data Used to Track You: None
Data Linked to You: Contact Info (email address), User Content (journal entries, voice recordings for transcription), Identifiers (user ID)
Data Not Linked to You: Usage Data, Diagnostics