Privacy Choices

1. Data Controller

2. Export Local Data

The export includes the local profile, meal history, saved entries, energy check-ins, access state, pattern-insight cache, and local premium entitlement cache stored by the app.

3. Delete Local Data

This removes the local profile, meal history, saved entries, energy check-ins, pattern-insight cache, access state, and entitlement cache from the device, and resets the local analytics installation identifier for future anonymous diagnostics events. It does not cancel an Apple subscription, delete Apple billing records, remove app data from your device backups, remove previously received aggregate anonymous diagnostics, or remove support messages you sent outside the app.

4. Account Deletion

Riveryn does not require an account. Because Riveryn does not create an account record, there is no separate in-app account record to delete. If account creation or automatic guest accounts are introduced, Riveryn will provide an easy in-app account deletion flow and update this page.

5. Cancel or Manage Subscriptions

Subscriptions are managed by Apple, not by deleting local Riveryn data. Use https://apps.apple.com/account/subscriptions or iOS Settings > Apple ID > Subscriptions.

6. Camera, Photo, and Microphone Permissions

You can change camera, photo-library, and microphone permissions in iOS Settings > Riveryn. If Apple speech recognition fallback is used, iOS may also show a speech-recognition permission. If you revoke access, Riveryn will not be able to take/import meal photos or record voice notes until permission is restored. You can still type meal details and corrections.

In the current production path, voice notes are recorded temporarily on the device and sent through the Riveryn backend to ElevenLabs for speech-to-text transcription. The returned transcript becomes editable text. If backend transcription is unavailable, Riveryn may fall back to Apple speech recognition where supported. Meal text or transcripts are sent for meal analysis or correction only when you choose to submit them.

7. Anonymous Usage Diagnostics

Riveryn may send coarse product interaction events to a privacy-forward analytics provider when Anonymous usage diagnostics is enabled. These events help identify onboarding, meal-check, correction, save, saved-entry, energy check-in, paywall, purchase, restore, export, delete, and error bottlenecks.

Riveryn does not send meal photos, voice audio, typed or dictated meal text, transcripts, correction text, meal names, detailed nutrients, energy check-in labels or notes, body measurements, HealthKit-derived values, contact info, exact location, IDFA, ad attribution identifiers, or cross-app tracking data to analytics. You can turn this off in Riveryn at Settings > Data and privacy > Anonymous usage diagnostics.

Separately, website App Store button clicks on riveryn.com may send a first-party landing CTA event to the Riveryn backend with UTM source, campaign, and content values, CTA surface, App Store destination, and page path. This pre-install website event is used for aggregate launch attribution and is designed without cookies, persistent browser IDs, third-party pixels, ad identifiers, account data, contact data, meal data, referrer, or user-agent fields in the analytics event.

8. Do Not Sell or Share

Riveryn does not sell personal information and does not share personal information for cross-context behavioral advertising. Riveryn does not use meal photos, typed or dictated notes, nutrition entries, profile inputs, or sensitive wellness data for targeted advertising.

If Riveryn later introduces advertising, tracking, analytics that qualify as sharing, or another sale/share activity under applicable law, the app and website will be updated before that processing begins.

9. Sensitive Data Use

Riveryn uses nutrition, body, profile, meal-photo, meal-note, voice-note, and subjective energy information only to provide the product features you request, such as meal estimates, speech transcription, corrections, daily progress, saved entries, energy-pattern insights, export, deletion, support, and security. Riveryn does not use sensitive data to infer unrelated characteristics or for advertising.

10. Privacy Rights Requests

Depending on where you live, you may request access, correction, deletion, portability, restriction, objection, consent withdrawal, information about sharing, or an appeal of a denied request. These rights may be limited by local law, identity verification, security, fraud prevention, legal claims, App Store records controlled by Apple, or data that exists only locally on your device.

Email requests to support@platecue.com. Use the subject line "Riveryn Privacy Request" and describe the right you want to exercise. We may need information to verify that the request belongs to you.

11. Response Timing

Riveryn aims to respond to privacy requests within 30 days where GDPR or UK GDPR applies, and within the period required by applicable US state, Canadian, Australian, or other privacy law. If more time is needed, Riveryn will provide an update where required by law.

12. Authorized Agents and Appeals

If applicable law lets you use an authorized agent, the agent may contact support@platecue.com with proof of authority and enough information to verify the request. If a privacy request is denied and your law provides an appeal right, reply to the denial email with "Privacy Appeal" in the subject line.

13. App Store Privacy Label Alignment

Riveryn is local-first, does not use ad tracking, does not use HealthKit or the Motion and Fitness API, does not require an account, processes meal photos and notes for requested estimates or corrections, processes short user-initiated voice audio for transcription through ElevenLabs in the current production path, forwards only limited plan context and completed-check-in history for requested app functionality, provides local data export and deletion, and uses anonymous Product Interaction and Device ID disclosures for coarse usage diagnostics when configured. The current App Store privacy posture discloses Health and Fitness for app functionality because Riveryn handles nutrition estimates, meal totals, self-reported activity context, daily targets, and optional energy check-ins; Photos or Videos and Other User Content for requested meal analysis and correction; Audio Data for voice transcription; Purchases or Purchase History for StoreKit subscription access; and Product Interaction plus Device ID for anonymous diagnostics. If accounts, sync, crash reporting, HealthKit, Motion and Fitness API data, ad tracking, or retained server storage are introduced, this page and App Store privacy answers will be updated.