Last Updated: May 31, 2024
Rythm Inc. respects your privacy and is committed to protecting your personal data. This Privacy Notice (this "Notice") provides you with information about how we collect, use, and disclose personal data, as well as information about your privacy rights and choices.
References to "Rythm," "us," "we," or "our" in this Notice refer to Rythm Inc., and references to "you" and "your" refer to you as a visitor to and user of our Services (as defined below) and/or as the party whose personal data we may collect and use in accordance with this Notice.
Your use of the Services, and all communications between you and us, are subject to this Notice. YOU SHOULD READ THIS NOTICE COMPLETELY AND CAREFULLY BEFORE USING THE SERVICES AND/OR PROVIDING US WITH ANY INFORMATION, PARTICULARLY PERSONAL DATA. By using our Services in any way, including browsing, creating an account, expressing an interest in our Services, and/or using any interactive tools, or by otherwise providing us with any personal data, you acknowledge that you have read, understood, and agreed to be bound by this Notice.
Because of changes in technology and practices, this Notice may change from time to time. We will post any changes we make to this Notice on this page, and we will provide you notice of such changes if and when required by applicable law. Any changes will be effective when the updated Notice is posted.
It is your responsibility to check this Notice for updates. You will be able to determine when the Notice was last updated by referring to the "Last Updated" date at the top. By using the Services and/or providing us with any personal data after we post any changes to this Notice, you agree to accept those changes, whether or not you have taken the time to review them.
This Notice covers personal data we may collect and use in the following circumstances:
This Notice is a master privacy notice provided to all visitors to and users of the Services. Our operations are global, but please note that privacy laws governing both this Notice and our legal obligations regarding the collection, use, and processing of personal data vary across jurisdictions. Accordingly, not all provisions of this Notice apply to all persons. However, nothing in this Notice is intended to limit in any way your statutory or other legal rights.
Additional Privacy Notices
We may provide you with supplemental or additional privacy notices on specific occasions when we collect or process personal data about you. On those occasions, it is important that you read this Notice together with all such other notices, so that you can be fully aware of how and why we are using your personal data. This Notice supplements all other and additional privacy notices, and is not intended to override any of them (and vice versa).
A Note About Children
Our Services are not targeted to, and we have no interest in collecting information from, children under the age of 13. We do not knowingly gather any personal data from children. If you are a parent or legal guardian who believes that your child has provided us with any personal data, please contact us at support@rythm.fm.
Personal data (also referred to as "personal information") means any information about an individual that can be used to identify that individual. Personal data does not include anonymous or anonymized information that cannot be used to identify a specific person.
The Categories of Personal Data We Collect and Use
Rythm may collect, use, store, and transfer different categories of personal data, as follows:
Additional Uses of Personal Data
In addition, we may use any of the personal data we collect for the following purposes:
We will only use your personal data for the purposes disclosed in this Notice or in any supplemental notice provided to you at or prior to our collection of that personal data, or for any reasonably compatible purpose, and subject to limitations and requirements of applicable law. If we need to use your personal data for any unrelated purpose, we will notify you and, if required by law to do so, will obtain your consent.
Payment Information
When you subscribe to our premium or other paid plans, you will do so through the platform you use to do so (Discord, Apple Pay, Google Play, etc.), accordingly, we do not directly or indirectly receive or store any payment data.
Sensitive Data
We do not collect or use information that is or may be considered "sensitive data" as defined in applicable privacy laws, such as details about your financial accounts, your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, or information about criminal convictions and offenses. To the extent we do obtain any so-called sensitive data, we do not use that data for purposes of profiling or inferring characteristics about the person with respect to whom it was collected.
Aggregated Data
We also collect, use, and disclose "Aggregated Data," such as statistical or demographic information. Aggregated Data may be derived from personal data, but it is not considered personal data because it does not directly or indirectly reveal your identity. However, if we ever do combine or connect Aggregated Data with other personal data such that it could directly or indirectly identify you, we will treat the combined data as personal data in accordance with this Notice.
We use different methods to collect personal data from and about you, including as follows:
We may disclose personal data as described below:
When we disclose personal data to third party service providers and contractors, we enter into agreements with those third parties that describe the purposes for which the personal data may be used and that require the third parties to keep the personal data secure and confidential.
We may also disclose data as necessary to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. And, if we engage in a corporate transaction as described above, we will disclose data with the applicable counterparty in connection with that transaction.
We may share Aggregated Data as follows:
We will not disclose your personal data other than as described in this Notice without providing you notice and, if required by law, obtaining your consent. We do not sell personal data to third parties.
When you use the Services, we may store some information on your computer in the form of a "cookie" or similar file. "Cookies" are small data text files that are either used for the duration of a session ("session cookies") or saved on a user's hard drive ("persistent cookies"). Session cookies identify users logging onto the Services and are used for authenticating user accounts and maintaining logged in status, these cookies are deleted from the user's server soon after the session ends and are not collected or saved. Persistent cookies will be saved on your server, will recognize you when you return to the Services, and are used to store profile information and user preferences.
Cookies used on Services are generally divided into the following categories:
We use cookies to enable site features and provide a more personalized site experience, for analytics purposes and to understand how users navigate and use our site, to identify and fix errors, and to enable and support security features, prevent fraud, and protect our site.
Most web browsers automatically accept cookies, but you can usually change your browser's settings to prevent that or to notify you when a cookie is being placed on your browser. Because each browser is different, you should look at your browser's "Help" menu to learn how to modify these settings. If you do disable cookies this may make your experiences with our Services less efficient.
When corresponding with you via HTML-capable email, we may use "format sensing" technology, which allows pixel tags to let us know whether you received or opened our email. We may also use unique hyperlinks in emails we send to you, which we use to see whether emails have been opened and responded to.
Currently, certain browsers, including Firefox, Google Chrome, Safari, and Internet Edge, offer a "do not track" (DNT) option. This option, using a technology known as a DNT header, sends a signal to websites visited by a user about the user's DNT preference, if any, set on the browser. If you activate DNT, we cannot currently commit to responding to your browser's DNT signals, because no common industry standard for DNT has been adopted by industry groups, technology companies, or regulators.
We will only retain your personal data for as long as necessary to fulfill the purpose(s) for which it was collected, including to satisfy any legal, accounting, or reporting requirements. We have established retention periods for the personal data we collect.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered, or used, disclosed, or accessed in an unauthorized way. We have put in place industry-standard encryption protocols to safeguard personal data in transit and at rest. We also employ comprehensive identity and access management processes, which include multi-factor authentication to verify users' identities and limit access to data based on pre-defined roles and responsibilities.
We have put in place advanced firewalls and intrusion detection systems to protect our infrastructure to prevent unauthorized access to our systems, and monitor potential security threats on a continuous basis. We also have implemented procedures to address any suspected or actual personal data breach, and will comply with applicable laws relating to notification of and response to any personal data breaches or other security incidents.
Unfortunately, the transmission of information via the internet is not always completely secure despite our reasonable efforts. While we will reasonably protect your personal data, we do not guarantee the security of your data transmitted over the internet; any such transmission, including via our Services, is at your own risk.
Our Services may include links to other websites. We do not control the privacy practices of any third parties, and if you submit personal data to any of those sites, their collection and use of your information is governed by their privacy policies, which differ from ours. We encourage you to carefully read the privacy notice of any website you visit.
Our Services may offer social network and similar sharing features, such as Discord, Facebook, X (Twitter), YouTube, Instagram, and similar buttons, which let you share information related to the Services through your preferred social media platforms. If you permit a connection between our Services and your social network page(s), we (and the social network) may be able to identify you, and associate the information we (and they) receive with information we (and they) already have about you. In addition, depending on how you use those features and your settings with the social network provider(s), the information you share to your social network pages will be available to others, including your friends and/or the public. For more information about how your information may be shared through those social networks once it is provided to them, you should review the privacy policies of those social networks.
Depending on the jurisdiction in which you live, you have the rights described below regarding our collection and use of your personal data. These rights are subject to certain limitations and exceptions under applicable law.
Providing Personal Data is Your Choice. You can browse our Services without providing us with any personal data, other than browsing data (which we will not attempt to link with other personal data). However, if you choose to use our Services to engage with us, such as by creating an account, becoming a subscriber, or by otherwise interacting with us, you will be required to provide us with the personal data necessary to facilitate that interaction or transaction. If you do not want to provide us with personal data, you may not be able to use many features of our Services.
You Have the Right to Opt Out of Certain Communications. You can ask us to stop sending you marketing and other promotional materials at any time by following the opt-out links in the applicable messages, or by contacting us at any time at support@rythm.fm. Please note that when you opt out of marketing messages, we may still need to contact you regarding your account, your experience with our Services, as required by law, or regarding legal matters. However, we will not send you marketing communications after you have opted out of receiving them.
You Have the Right to Access Your Personal Data and the Right to Data Portability. You have the right to confirm whether we are processing your personal data and, if so, to access information about the specific items of personal data we have collected about you. If you request a copy of your personal data, you have the right to receive it in a portable and, to the extent technically feasible, readily-usable format that allows you to transmit the data to another party without undue difficulty.
You Have the Right to Correct Your Personal Data. If you believe any personal data we have about you is incorrect, you can contact us at any time at support@rythm.fm to request that we make the appropriate edits to correct that data. In addition, if you have an account on our Services, you may be able to update certain of your account details directly through the Services.
You Have the Right to Request Deletion of Your Personal Data. As noted above, we have standard retention practices with respect to the personal data we collect. If you would like to request any earlier deletion of your personal data, you may contact us at support@rythm.fm with this request. Please note that we may not be able to completely remove personal data in certain circumstances. This will be true if the data is not in a searchable format, or if it is retained in backup systems or in cached or archived pages. We also may not be able to delete personal data to the extent it is necessary to conduct active and ongoing business with you, if we are required by law to retain it, or keeping the data it is necessary to comply with our legal obligations, resolve disputes, prevent fraud or future abuse, or otherwise enforce our rights.
You Have the Right to Non-Discrimination. We will not discriminate against you for exercising your privacy rights.
Limitations. Each of the rights set forth above may be subject to certain limitations as set forth in applicable law. Your rights may depend on your state of residence, as different states have adopted privacy laws that provide for specific rights and remedies applicable solely to residents of such states.
Exercising Your Rights. To exercise any of the above rights, or if you have any questions regarding our practices regarding personal data, please contact us at support@rythm.fm. Please note that we may be required to request information from you to verify your identity in connection with any such request, as a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. If you make any request to exercise your rights, we will respond within the time period required by law (or if no time period is required, within a reasonable period of time). If we are unable to comply with your request, we will inform you of this. If you do not agree with any action we have taken following a request to exercise your rights, or otherwise object to our handing of your personal data, you may have the right to appeal or to raise your objection with your state's regulatory authority. We would, however, appreciate the opportunity to address your concerns directly before you approach a regulatory authority, so please contact us in the first instance, at support@rythm.fm.
For purposes of the CPRA, you have the following rights with respect to your personal information. Please note that your rights are subject to limitations and exceptions set forth in the CPRA:
To exercise any of the rights described above, you must submit a verifiable consumer request to us. You can do so by emailing us at support@rythm.fm.
Only you, or a person registered with the California Secretary of State that you expressly authorize to act on your behalf, can make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
We cannot respond to your request or provide you with information if we cannot identify you or confirm your authority to make the request, so any request will require you to provide sufficient information to allow us to reasonably verify your identity and/or the identity and authorization of your agent (if applicable). We will only use any personal information provided in a verifiable consumer request to verify the requesting party's identity or authority to make the request. The information requested to verify your identity, or the identity and authorization of your agent, is dependent on your relationship with Rythm and the type of information available to us.
We will respond to any verifiable consumer request in the manner and within the timeframes required by the CPRA. If your request is denied, you may have the right to appeal the denial in accordance with the instructions provided to you when the denial is made.
In addition:
If you are in the European Union (EU) or the United Kingdom (UK), under the EU's General Data Protection Regulation (and the UK equivalent, collectively referred to as the GDPR), you have the right to block us from using, or to limit the way we can use, your personal data, as well as the right to object to our use of your personal data, including when we use it for our legitimate business interests. These rights are in addition to the Right to Access Your Personal Data, Right to Correct Your Personal Data, Right to Request Deletion of Your Personal Data, and Right to Data Portability (all disclosed above). Please note that we have disclosed our legal bases for processing your personal data above in this Notice.
If you are not satisfied with how we have responded to any request you make regarding the above rights, you may be able to raise your complaint with the Data Protection Authority in your jurisdiction.
For purposes of the GDPR, the Data Controller of the information you provide is Rythm Inc., 440 N Barranca Ave, Covina, CA, 91723.
If you are from the EU or are located in the European Economic Area (EEA) or in the UK, we are required to give you information about the transfer of your information outside the EEA/UK. If this applies to you, whenever you voluntarily give us your personal data, you should understand that your information will be sent by you to the United States, a jurisdiction that does not provide the same framework for the protection of personal data as the EEA/UK. By sending us your personal data, you are expressly consenting to the transfer by you of information from your location within the EEA/UK to our servers in the United States.
In addition, if we send any of your personal data to servers located within the EEA/UK, if we then transfer your personal data from those servers to areas located outside of the EEA/UK, we will adopt adequate measures as required by the GDPR (for example, the adoption of standard contractual clauses between us and the recipient).