Rhythm TOS & Privacy Policy

Terms of Service

Effective 22 June 2025

These Terms of Service ("Terms") constitute a legally binding agreement between you ("User," "you") and Rhythm ("Rhythm," "we," "us"). By accessing or using Rhythm you accept and agree to be bound by these Terms. If you do not agree, you must not use the Service.

1. Service Description

Rhythm is an AI‑powered scheduling assistant that integrates with Google Calendar to place user‑defined tasks into available time blocks. The Service is offered on a freemium basis: a no‑cost plan with core functionality and an optional paid Pro subscription. Subscription payments are processed by Stripe or Polar on our behalf.

2. Eligibility

You must be at least 13 years of age to use the Service. If you are under the age of 18, you represent that you have obtained consent from a parent or legal guardian.

3. Google Calendar Access and Permissions

To operate, Rhythm uses Google OAuth to request the following permissions:

Permission	Purpose
Read calendars	Identify existing events in order to avoid scheduling conflicts
Create / edit events	Write or update tasks on your behalf
Create a dedicated “Rhythm” calendar	Segregate Rhythm‑generated events from your personal calendars
View calendar list	Allow you to choose which calendars Rhythm should reference

Revoking these permissions through your Google account will disable key features of the Service.

4. Subscription Plans, Billing and Cancellation

Charges apply only if you subscribe to the Pro plan.

Subscriptions are billed in advance on a monthly or annual basis (as selected) and automatically renew until cancelled.

You may cancel at any time via the customer portal supplied by Stripe/Polar. The subscription will remain active until the end of the current billing period and will not renew. We do not provide partial or prorated refunds.

5. Beta Disclaimer

The Service is currently offered as an open beta. Features may change, and occasional defects or interruptions may occur. You should maintain independent copies of important calendar data.

6. Acceptable Use

You agree not to:

violate any applicable law;

interfere with or disrupt the Service, its servers or networks;

attempt to gain unauthorised access to any portion of the Service;

reverse engineer, decompile or disassemble the Service; or

use the Service to transmit malicious code or infringing content.

7. Intellectual Property

The Service, including underlying software, design and branding, is owned by Rhythm and protected by intellectual‑property laws. You retain ownership of the text tasks and other content you submit but grant Rhythm a worldwide, non‑exclusive licence to process such content solely for the purpose of providing and improving the Service.

8. Warranty Disclaimer; Limitation of Liability

The Service is provided “as is” and “as available.” To the fullest extent permitted by law, Rhythm disclaims all warranties, express or implied, including merchantability, fitness for a particular purpose and non‑infringement. In no event will Rhythm be liable for indirect, incidental, special or consequential damages, or for aggregate liability exceeding £50 GBP or the total fees paid by you to Rhythm in the 12 months preceding the claim, whichever is greater.

9. Termination

You may cease using the Service at any time. We may suspend or terminate your access if you breach these Terms or if required by law. Upon termination the licence granted to you under these Terms will cease immediately.

10. Governing Law and Jurisdiction

These Terms and any dispute arising from them are governed by the laws of England and Wales. Courts located in England and Wales shall have exclusive jurisdiction, subject to any mandatory consumer‑protection law giving you the right to bring proceedings in your place of residence.

11. Amendments

We may modify these Terms from time to time. We will post the revised version and provide at least 7 days’ notice before changes become effective. Continued use of the Service after the effective date constitutes acceptance of the revised Terms.

12. Contact

For questions regarding these Terms, contact george@slz.lol.

Privacy Policy

Effective 22 June 2025

This Privacy Policy explains how Rhythm collects, uses, stores and protects personal data when you use the Service.

1. Data Controller

Contact: george@slz.lol.

2. Personal Data We Process

Category	Examples	Purpose & Legal Basis
Account Information	Email address, Google OAuth tokens	Contract performance: create and secure your account
Calendar Data	Event titles, times, descriptions; tasks you input	Contract performance: scheduling functionality
Payment Data	Billing address, payment method details (handled by Stripe or Polar)	Contract performance: subscription billing
Usage Analytics	Aggregated, pseudonymised event data collected via PostHog	Legitimate interest: product improvement
Support Communications	Emails or messages you send us	Legitimate interest: customer support

We do not process images, files or publicly shared user content.

3. Cookies and Similar Technologies

Rhythm uses essential cookies for authentication and security, and a first‑party analytics cookie set by our self‑hosted PostHog instance. No advertising or cross‑site tracking cookies are employed.

4. Data Sharing and Sub‑Processors

Personal data is shared only with trusted service providers who act as processors on our behalf:

Google – calendar integration

Stripe / Polar – payment processing

PostHog – EU‑hosted analytics

Firebase / Firestore (EU region) – hosting and database

Each provider is bound by contract to process data solely in accordance with our instructions and to maintain appropriate safeguards.

5. International Transfers

Primary storage occurs within EU data centres. Where our providers transfer data outside the UK/EU, those transfers rely on Standard Contractual Clauses, the UK Addendum, or the EU–US/UK–US Data Privacy Framework, as applicable.

6. Data Retention

Personal data is retained for the duration of your account.

Upon account deletion or Google OAuth revocation, associated data is erased from active systems and backups within 30 days.

Stripe retains limited transaction records for the period required under tax and accounting law.

7. Data Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is limited to authorised personnel under least‑privilege principles. We conduct periodic reviews of access logs and automated monitoring.

8. Your Rights

Subject to UK GDPR/EU GDPR, you have the right to access, rectify, erase, restrict or object to processing, and to data portability. To exercise these rights, contact george@slz.lol. You also have the right to lodge a complaint with the UK Information Commissioner’s Office or your local supervisory authority.

9. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect personal data from children under this age.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised version and provide at least 7 days’ notice before substantive changes take effect.