What we collect and why

When you sign up for early access on the Ritmiq marketing site, we collect your name and email address. No cookies are set, no analytics scripts are loaded, and no tracking pixels fire.

When you install Ritmiq into your Slack workspace, we collect:

Slack profile data: display name, email address, title, and avatar URL — used to identify participants and personalize survey delivery.
Slack workspace metadata: workspace name and ID — used to scope data and route messages.
Slack bot and user tokens: used to send and receive messages on behalf of the Ritmiq app.
Survey responses and conversation messages: the content you and your team provide during surveys.

How we use it

We use the data we collect to:

Deliver surveys via Slack DMs and collect responses.
Generate AI-powered follow-up questions, summaries, and reports.
Authenticate you and enforce access control within your workspace.
Improve the reliability and performance of the service.

AI processing is performed by third-party model providers (see "Third-party services" below). All providers are configured with zero data retention and have training on customer data disabled.

What we don't do

We don't sell, rent, or share your data with advertisers or data brokers.
We don't run third-party analytics, ad networks, or tracking pixels.
We don't use your data to train AI models.
We don't read your Slack messages outside of Ritmiq survey conversations.

Cookies

Ritmiq sets a single cookie:

ritmiq-session — an HTTP-only, secure, same-site session cookie used for authentication. It contains a signed JWT and expires when you close your browser or after 30 days of inactivity.

That's it. No analytics cookies, no advertising cookies, no third-party cookies.

Data security

We take reasonable measures to protect your data:

All traffic between your browser, Slack, and our servers is encrypted in transit via TLS/HTTPS.
Slack tokens are encrypted at rest using AES-256-GCM.
Database access is enforced with PostgreSQL row-level security (RLS) policies, so each workspace can only access its own data.
Application secrets are stored in encrypted secret management, not in source code.

Data retention and deletion

We retain your data for as long as your account is active. We do not currently offer automated self-service data deletion. To request deletion of your workspace data, email hello@ritmiq.ai and we will process your request within 30 days.

Third-party services

Ritmiq integrates with the following third-party services:

Slack: for survey delivery and authentication. Subject to Slack's Privacy Policy.
AI model providers (Anthropic/Claude, OpenAI, Google Gemini, and open-source model hosts): for generating follow-up questions and survey reports. All providers are configured with zero data retention (ZDR) agreements — your data is not stored or used for model training.
Cloud hosting: our infrastructure runs on major cloud providers with SOC 2-compliant data centers.

Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify affected users via email or in-app notice. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact

Questions or concerns about this policy? Email us at hello@ritmiq.ai.

This policy is adapted from Basecamp's open-source policies, used under CC BY 4.0.

Privacy Policy

TLDR