LifeRibbon Privacy Policy

Last Updated: May 18, 2026

Effective Date: June 1, 2026

Introduction

LifeRibbon ("we," "our," "us," or the "App") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services.

Core Principle: Raw user content (stories, recordings, photos, videos, text) is sacred. We do not sell, trade, or rent your personal information. We collect only what is necessary to provide and improve the App, and we give you control over your data.

1. Information We Collect

1.1 Information You Provide Directly

Account Creation:

• Full name
• Email address
• Password (hashed and securely stored)
• Avatar/profile image (optional)

Story Content:

• Text responses to prompts
• Audio recordings (questions, stories, reflections)
• Video recordings (questions, stories, reflections)
• Photos and videos you choose to import from your device or cloud storage
• Metadata: recording dates, durations, timestamps

Family & Project Information:

• Project title and description
• Storyteller name and relationship information
• Intended audience (family members, friends, etc.)
• Family contacts you add (names, emails, phone numbers, relationships)
• Project members and their roles/permissions

Follow-Up Questions:

• Your responses to AI-generated follow-up questions (processed by our AI systems)

1.2 Information Collected Automatically

Device & App Information:

• Device type, model, and operating system when provided by the platform or service logs
• App version when provided by the platform or service logs
• Permissions granted by you for camera, microphone, photo library, or file access

LifeRibbon does not currently use a third-party analytics SDK, advertising SDK, or crash-reporting SDK in the mobile app. If we add analytics or crash reporting later, we will update this policy and the App Store / Google Play privacy disclosures before release.

Server & Security Logs:

• IP address and request metadata generated by our service providers
• Login timestamps and authentication events
• Data access patterns for security audits

2. How We Use Your Information

2.1 Primary Uses

Providing the App:

• Creating and managing your account and projects
• Storing and retrieving your stories, media, and responses
• Enabling story review, editing, and organization
• Processing your recordings and transcribing audio/video content

Transcription Service (OpenAI):

• Your audio and video recordings may be sent to OpenAI's transcription API to generate text transcriptions
• Transcripts are stored in your project; raw recordings are preserved separately and are not overwritten by transcripts or AI metadata
• OpenAI processes this data according to its Data Processing Agreement with us

AI Follow-Up Questions:

• AI processes your story content to generate contextual follow-up questions
• Your original story is never modified or replaced by AI output
• Follow-up suggestions are optional and created for storytelling enhancement

Family & Collaboration:

• Sharing your project with family members and designated contributors
• Managing permissions and access levels for family members
• Sending and tracking family invitations

2.2 Secondary Uses

Improving the App:

• Reviewing support requests, error reports you send us, and operational service logs
• Identifying bugs, performance issues, and areas for improvement
• Testing new features and optimizations before release

Legal Compliance & Safety:

• Complying with legal obligations (court orders, regulatory requirements)
• Preventing fraud, abuse, and unauthorized access
• Protecting the security and integrity of the App and user data
• Responding to valid legal requests from authorities

2.3 What We Do NOT Do

• No Selling Personal Data: We never sell, trade, or rent your personal information or story content
• No Ad Targeting: We do not use your data for behavioral advertising or sell your data to advertisers
• No Commercial Exploitation: We do not use your stories for marketing, promotion, or commercial purposes without explicit consent
• No Unauthorized Sharing: We do not share your content with third parties except as described in this policy

3. Data Storage & Security

3.1 Where Your Data Is Stored

Your Account & Projects:

• Stored securely in Supabase (database backend)
• Encrypted in transit using TLS/SSL
• Encrypted at rest using industry-standard encryption

Your Media Files:

• Audio, video, and photo files stored in Supabase Storage bucket
• Private bucket (not publicly accessible)
• Accessible only to you and your authorized family members
• Storage limits are controlled by the current product tier and backend configuration

Transcripts:

• Stored alongside your story responses in the database
• Treated with the same privacy and security as your original recordings

3.2 Data Security Measures

• HTTPS encryption for all data in transit
• Row-level security policies in the database
• Authentication via secure tokens (not passwords sent to servers)
• Regular security audits and vulnerability monitoring
• No unencrypted storage of passwords or sensitive credentials
• Automatic deletion of temporary cache files

3.3 Limitations

• We use industry-standard security practices, but no system is 100% secure
• We are not responsible for unauthorized access due to compromised device passwords or security keys
• If you lose device access or credentials, story recovery depends on account access and cloud storage availability

4. Sharing Your Information

4.1 Who Can Access Your Data

You:

• Full access to all your stories, media, and project information

Family Members & Project Collaborators:

• Access only to projects and stories you explicitly share with them
• Role-based permissions determine whether they can view, edit, or invite others

Our Service Providers:

• Supabase (database and storage backend)
• OpenAI (audio/video transcription and story metadata processing)
• Resend (project invitation email delivery)
• These services are bound by data processing agreements and cannot use your data for their own purposes

Legal Authorities:

• Law enforcement or government agencies with valid legal process (court order, warrant, subpoena)
• We will notify you of such requests unless legally prohibited

4.2 What We Never Share

• We never share your stories or personal information with advertisers
• We never allow third-party apps to access your content without your explicit permission
• We do not use your data to train AI models without your consent

5. Third-Party Services

5.1 OpenAI Transcription

What Is Shared:

• Audio and video recordings you choose to transcribe
• Audio/video file metadata (duration, format, language)

How It Works:

• Recordings are sent to OpenAI's transcription API
• A text transcript is generated and returned to the App
• The original recording remains preserved separately in local app storage and, when configured, private cloud storage

Privacy:

• OpenAI does not use recordings for model training without your consent
• See OpenAI's Privacy Policy: https://openai.com/privacy/

Your Control:

• Transcription is optional; you can keep recordings without transcripts
• Transcripts can be edited or deleted

5.2 No Other Third-Party Integrations

• The App does not integrate with Google Drive, Dropbox, or iCloud APIs for backup (Phase 2 limitation)
• The App does not use analytics services (Mixpanel, Firebase, Amplitude)
• The App does not use advertising networks

6. Your Rights & Data Control

6.1 Access & Portability

You have the right to:

• Access all your personal data in the App
• Request a copy of your data in a machine-readable format
• Export your stories, transcripts, and metadata

How to Request:

• Contact [email protected] with your account email and request details
• Provide identification to verify ownership of the account

6.2 Correction & Deletion

Correction:

• Edit your profile information directly in the App
• Edit story responses, transcripts, and metadata

Deletion:

• Delete individual stories or media files from the App
• Request account deletion (see Section 6.3)
• Deletion is permanent and cannot be undone

6.3 Account & Data Deletion

To Delete Your Account: 1. Open the App and go to Settings > Privacy & Account 2. Select "Delete My Account" 3. Confirm your email address 4. All personal data, stories, media, and projects are permanently deleted within 30 days

What Happens Upon Deletion:

• Your profile and account authentication are immediately deactivated
• All story content, media files, and metadata are deleted from our servers within 30 days
• You will not be able to log in or access any App features
• Deletion cannot be reversed

Exception:

• If you have authorized family members with access, they may retain copies of shared content they downloaded locally

6.4 Opting Out

Transcription:

• Decline transcription at the time of recording
• Request deletion of existing transcripts

Follow-Up Questions:

• Disable AI follow-up questions in Settings
• Delete individual suggestions from your project

Usage Analytics:

• LifeRibbon does not currently collect optional in-app analytics. Platform-level diagnostics, if any, are controlled through your device and app store settings.

7. Data Retention

7.1 How Long We Keep Your Data

Active Accounts:

• Stories, media, and projects remain stored as long as your account is active
• You control deletion of individual items at any time

Inactive Accounts:

• Accounts inactive for 2 years may be flagged for review
• We may contact you to confirm you wish to keep the account active
• Continued inactivity may result in account suspension and eventual deletion

Backups:

• Recent backups (last 30 days) may persist temporarily for disaster recovery
• After 30 days from your deletion request, all backups are purged

Legal Holds:

• If required by law, we may retain data longer than stated above
• We will notify you of legal retention requirements

7.2 Transcription Logs

• OpenAI may retain transcription logs for up to 30 days
• Raw recordings are not retained by OpenAI
• See OpenAI's Data Retention Policy: https://openai.com/privacy/

7.3 Server Logs

• Authentication and error logs are retained for 90 days
• Service access logs may be retained for security, abuse prevention, and debugging according to processor retention windows

8. Children's Privacy

The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it immediately and notify the parent/guardian.

For Parents: If your child has created an account, you can request deletion by contacting [email protected] with proof of parental authority.

9. Regional Privacy Rights

9.1 European Users (GDPR)

If you are located in the European Union, you have additional rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure (Right to Be Forgotten): Request deletion of your data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Opt out of certain data processing
• Right to Lodge a Complaint: Contact your local data protection authority

Data Processing Basis:

• We process your data based on your consent (creating an account)
• We process data as necessary to fulfill our service agreement with you
• We process data for legitimate business interests (security, fraud prevention)

Data Protection Officer:

• Contact: [email protected]

EU Representative:

• Contact: [email protected]

9.2 California Users (CCPA)

If you are located in California, you have rights under the California Consumer Privacy Act:

• Right to Know: Request what data we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of data selling (we do not sell data)
• Right to Non-Discrimination: We do not discriminate against you for exercising your rights
• Right to Correct: Request correction of inaccurate data

To exercise your rights, contact: [email protected]

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be effective 30 days after posting to the App or our website. Your continued use of the App constitutes acceptance of the updated policy.

We will notify you of material changes via:

• In-app notification
• Email to your registered email address
• Update to the "Last Updated" date at the top of this policy

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: [email protected]

Mailing Address: RUPTON LLC [Physical Address] [City, State, ZIP]

Phone: [Phone Number]

Response Time: We will respond to all privacy inquiries within 30 days.

For EU Users:

• Data Protection Officer: [email protected]
• EU Representative: [email protected]

For California Users:

• CCPA Requests: [email protected]

12. Summary: Your Privacy at a Glance

| Question | Answer | |----------|--------| | Do you sell my data? | No. Never. | | Can I delete my account? | Yes, anytime in Settings. | | Who can see my stories? | Only you and people you authorize. | | How is my data encrypted? | TLS in transit, encryption at rest in database. | | How long is my data kept? | As long as your account is active. | | Can I download my data? | Yes, request export via Settings. | | What about transcripts? | OpenAI transcribes; we keep transcripts; raw recordings stay with you. | | What about child safety? | We don't collect data from children under 13. | | How do I contact you about privacy? | Email: [email protected] |

© 2026 RUPTON LLC. All Rights Reserved.