Privacy Policy

Last updated 2 May 2026 · Effective 2 May 2026

Rift Engineering publishes mobile apps (primarily iOS, with some apps on Android), web applications and progressive web apps, and the backend services that support them. This policy explains what personal information those apps and services may collect, how it is used, who it may be shared with, and the choices and rights available to you. It is written to apply globally and is intended to comply with applicable privacy laws including the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), the EU and UK General Data Protection Regulations (GDPR / UK GDPR), the Swiss Federal Act on Data Protection (FADP), the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), and other US state privacy laws (including those of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and similar regimes), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), Brazil's LGPD, and other applicable data protection laws.

Who we are

Rift Engineering (ABN 85 613 964 115) ("we", "us", "our") is based in Victoria, Australia. We are the data controller (or, where applicable, the "business" under US state privacy laws) for personal information collected through the apps and services we publish, except where an app's in-app disclosures or App Store privacy label state otherwise.

For privacy questions, requests, or complaints, contact us at privacy@riftengineering.com.au.

Scope

This policy applies to all applications published by Rift Engineering — including mobile apps on the Apple App Store, Google Play, and any other distribution platforms; web applications and progressive web apps; and the related backend services and our website. Individual apps may have additional, app-specific disclosures shown on their App Store / Google Play listing, in the app itself, or on a dedicated app privacy page on our website; where those differ from this policy, the app-specific disclosures apply for that app.

What we collect

Depending on which app you use and which features you enable, we and our service providers may collect or process the following categories of information. We intentionally describe these broadly because not every app collects every category, and some categories are collected only by third-party SDKs (such as Google AdMob) embedded in our apps.

Account information

If an app supports sign-in, we may receive your account identifier (for example, your Sign in with Apple identifier, Google account ID, or an account created via email magic-link or password sign-in), the email address the provider or you share with us (which may be a private relay address you can revoke), and the display name you choose to share. We do not receive your account password.

Content you create

Content you create or upload within an app — such as records, notes, text, photos, videos, voice notes, files, drawings, and other material you add. Where an app supports sharing or collaboration, this content is visible to you and to people you have explicitly granted access to.

Device, technical, and usage information

We and our service providers may collect device and usage information, including: device model, operating system and version, language and region settings, time zone, screen size, app version and build, app session start/stop times, app interactions and feature usage, crash logs and stack traces, performance metrics, referrer information, network type (Wi-Fi/cellular), carrier name, and IP address (which may be used to derive coarse / approximate geographic location at country, region, or city level).

Identifiers

We and our advertising and analytics partners may use identifiers including: Apple's Identifier for Advertisers (IDFA), Google's Advertising ID (GAID / AAID), Apple's Identifier for Vendors (IDFV), Android ID, app-instance identifiers, user account identifiers, hashed identifiers, and similar device or app identifiers. On iOS, the IDFA is only available where you have granted permission via Apple's App Tracking Transparency (ATT) prompt; if you do not grant permission, a non-tracking identifier or no identifier is used in its place. On Android, you can reset or delete your Advertising ID, or opt out of personalised ads, via your device settings.

Location data

Some apps may request access to your device's precise or approximate location to provide location-aware features (such as pinning content to a place, detecting arrival at a configured location, or showing nearby content). Where granted, location may be collected in the foreground only or, if you explicitly enable it, in the background. Advertising and analytics partners may also infer approximate location from your IP address. You can revoke or change location permissions at any time in your device's privacy settings.

Camera, photos, microphone, contacts, calendar, and other device data

Where a feature requires it, an app may request access to your camera, photo library, microphone, contacts, calendar, motion and fitness data, Bluetooth, local network, notifications, files, or other device features. We access these only for the feature you have enabled, and only when you initiate the relevant action. You can revoke any of these permissions at any time in your device settings.

Purchase and subscription information

If you make an in-app purchase or subscribe, the transaction is handled by Apple, Google, or another platform billing provider. We do not receive your full payment card details. We may receive a transaction identifier, a subscription status, the product purchased, the country of purchase, and information needed to validate receipts and provide refunds or customer support.

Communications and support

If you contact us by email or through in-app support, we collect the contents of your message, your contact details, and any other information you choose to share, so that we can respond and keep a record.

Forwarded or inbound messages (where supported)

Some apps allow you to forward emails or messages — for example by forwarding to a per-user address provided by the app, or by linking a messaging account such as WhatsApp or SMS — so the app can act on the contents (extract a task, schedule an event, save a record). Where this happens, we receive the message body, subject or thread title, sender and recipient details, headers or message metadata, and any attachments included. This content is processed and stored on your behalf and is treated as content you have created. The app's own privacy details describe which forwarding or messaging integrations it supports.

Advertising and analytics data

Some of our apps display advertisements served by Google AdMob and/or other advertising networks, and may use analytics SDKs (such as Google Analytics for Firebase, Firebase Crashlytics, or similar). To deliver, measure, and improve ads and app performance, these third parties may collect or receive:

• device and advertising identifiers (IDFA, GAID, IDFV, app-instance ID, hashed identifiers);
• IP address and coarse / approximate location derived from it;
• device and OS information, language, and time zone;
• ad impressions, ad views, ad clicks, ad interactions, and ad-related diagnostics (such as fraud and invalid-traffic signals);
• app and SDK identifiers, app version, and information about the ad placement;
• general usage data (sessions, screens or events, in-app actions);
• signals indicating whether ads should be personalised or non-personalised, including signals from your platform tracking permissions and from any consent prompt we display.

Where required by law (for example, in the EEA, the UK, Switzerland, and certain US states), we will request your consent (or, where applicable, present an opt-out) before allowing personalised advertising and certain analytics. Where consent is not granted, ads may still be shown on a non-personalised / contextual basis, which still involves limited data processing (such as IP address and coarse location) for ad delivery, frequency capping, fraud prevention, and aggregated reporting.

How we use your information

• To provide, operate, maintain, and improve our apps and their features.
• To store your content and, where applicable, sync it across your devices.
• To enable collaborative or sharing features you have opted into.
• To send notifications, reminders, and service-related communications you have configured.
• To process in-app purchases and subscriptions and provide related support.
• To diagnose crashes and bugs, monitor performance, and improve stability and security.
• To display advertisements (including, where permitted, personalised advertisements) and to measure their performance and prevent fraud, invalid traffic, and abuse.
• To understand how features are used, in aggregate, so we can improve them.
• To respond to your support requests and other communications.
• To comply with legal obligations, enforce our terms, and protect our rights, our users, and the public.

Legal bases (EEA / UK / Switzerland)

Where the GDPR, UK GDPR, or Swiss FADP applies, we rely on the following legal bases to process your personal data:

• Performance of a contract — to provide the app and the features you request.
• Legitimate interests — to operate, secure, and improve our apps, prevent fraud and abuse, serve non-personalised advertising, and respond to support requests, where these interests are not overridden by your rights.
• Consent — for personalised advertising, certain analytics, push notifications, access to device sensors (camera, microphone, location, contacts, etc.), and any other processing for which consent is required. You can withdraw consent at any time without affecting prior processing.
• Legal obligation — where we are required to process data to comply with applicable law.

Advertising, tracking, and your choices

Some of our apps display third-party advertising, primarily through Google AdMob. Google's privacy practices for advertising services are described at policies.google.com/privacy, and a list of Google's advertising partners and how they may collect and use data is available at policies.google.com/technologies/partner-sites. You can manage your Google ad personalisation settings at adssettings.google.com.

You can also limit ad personalisation and tracking as follows:

• iOS — decline the App Tracking Transparency prompt, or change permissions in Settings → Privacy & Security → Tracking; enable "Limit Ad Tracking" / disable "Personalised Ads" in Settings → Privacy & Security → Apple Advertising.
• Android — open Settings → Privacy → Ads (or Google → Ads) to reset or delete your Advertising ID and to opt out of ad personalisation.
• EEA / UK / Switzerland — use the consent prompt we display on first launch (and any in-app option to revisit it) to grant or withdraw consent for personalised ads and analytics.
• Industry opt-outs — optout.aboutads.info (DAA), networkadvertising.org/choices (NAI), and youronlinechoices.eu (EDAA).

If you opt out of personalised advertising, you will still see ads, but they will be less relevant to you and based on contextual signals rather than your interests or behaviour over time.

AI and machine-learning processing

Some apps route content you provide — text, voice, images, attached files, or other inputs — through third-party AI and machine-learning service providers in order to perform a feature you have requested (for example, transcribing a voice note, extracting a task from a forwarded email, generating a reply, or classifying content). Where this happens, the relevant content is sent to the provider over a secure connection, processed under the provider's API terms, and the result is returned to the app. The app's own privacy details describe which AI providers it uses.

We select AI providers whose API terms prohibit using your content to train their models on paid usage tiers, and we operate on those tiers wherever we route user content. Where required by law (for example, in the EEA, the UK, Switzerland, or certain US states), we will request your consent — or present an opt-out — before using AI features that send sensitive personal information to a third-party model. You can usually disable AI-driven features in the app's settings, in which case the app will fall back to manual entry where applicable.

Sharing of information

We do not sell your personal information for money. However, certain data sharing for advertising and analytics purposes may be considered a "sale" or "sharing for cross-context behavioural advertising" under the CCPA/CPRA and similar US state laws (see "US state privacy rights" below). We share or disclose information in the following circumstances:

• Service providers / processors who operate infrastructure or features on our behalf (see "Service providers" below) under contractual confidentiality and security obligations.
• Advertising and analytics partners, including Google AdMob, Google Analytics for Firebase, Firebase Crashlytics, and any equivalent partners listed in an app's App Store / Google Play privacy details.
• Other users only where you have explicitly chosen to share or collaborate.
• Legal, safety, and protective disclosures — where required by law, court order, or regulator, or where we reasonably believe disclosure is necessary to protect rights, safety, or to prevent fraud or abuse.
• Business transfers — in connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honour this policy or notify you of any material change.
• With your consent — for any other purpose disclosed at the time.

How we store and protect your data

Your data is stored on infrastructure operated by our service providers and secured using industry-standard practices, including encryption in transit (TLS) and, where applicable, encryption at rest. Access to user data is restricted on a need-to-know basis. No system is perfectly secure, and we cannot guarantee absolute security; however, we work to protect your information using appropriate technical and organisational measures.

Service providers

Our apps rely on trusted infrastructure, advertising, analytics, and platform providers to operate. These providers process data on our behalf or as independent controllers under their own published privacy commitments. The categories of providers we may use include:

• Apple — App Store distribution, Sign in with Apple, push notifications, in-app purchases, TestFlight beta distribution, App Store analytics. Apple Privacy Policy.
• Google — Google Play distribution, Google AdMob (advertising), Firebase / Google Analytics for Firebase (analytics), Firebase Crashlytics (crash reporting), Firebase Cloud Messaging (push), Google Cloud (hosting). Google Privacy Policy.
• Application hosting and edge platforms — used to host web applications and serve them globally over a CDN.
• Database, storage, and authentication platforms — used to store user accounts, app data, files, and to handle sign-in.
• AI and machine-learning service providers — used by some apps to perform AI-driven features such as transcription, image and document understanding, text generation, classification, and agent reasoning. We use providers whose API terms prohibit training on user content on paid tiers.
• Messaging and communications providers — used by some apps to send and receive emails, SMS, WhatsApp messages, push notifications, and other transactional communications on your behalf.
• Customer support tools — used to receive and respond to your messages.

Specific providers used by a given app are listed in that app's App Store or Google Play privacy details. We do not authorise any provider to use your personal information for any purpose other than providing services to us, except where they act as independent controllers (such as Google for advertising and analytics) and disclose that processing in their own policies.

International transfers

We are based in Australia. Your information may be processed and stored in Australia, the United States, the European Economic Area, the United Kingdom, and any other country where we or our service providers operate. Where personal data is transferred from the EEA, UK, or Switzerland to a country that has not been recognised as providing an adequate level of protection, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent mechanisms, together with any supplementary measures required by law. By using our apps, you understand that your information may be transferred to and processed in these locations.

Your rights and choices

Subject to applicable law, you may have the following rights regarding your personal information. Where a right is granted by your local law, we will honour it. Where the same right is described differently across jurisdictions, the broadest applicable interpretation applies to you.

• Access — request confirmation of whether we hold personal information about you and a copy of it.
• Correction / rectification — request correction of inaccurate or incomplete information.
• Deletion / erasure — request deletion of your account and personal information, subject to legal retention obligations.
• Portability — receive certain information in a structured, commonly used, machine-readable format.
• Restriction / objection — restrict or object to certain processing, including direct marketing and processing based on legitimate interests.
• Withdraw consent — withdraw consent at any time where processing is based on consent (for example, for personalised advertising or device permissions), without affecting prior processing.
• Opt out of sale / sharing / targeted advertising / profiling — exercise the rights described under "US state privacy rights" below.
• Non-discrimination — we will not discriminate against you for exercising any of these rights.
• Lodge a complaint — with your local data protection authority (see below).

To exercise any of these rights, email privacy@riftengineering.com.au from the address associated with your account, or use any in-app account management option that is available. We may need to verify your identity before actioning a request. Where local law allows, you may use an authorised agent.

EEA, UK, and Swiss residents

If you are in the European Economic Area, the United Kingdom, or Switzerland, you can lodge a complaint with your local supervisory authority. A list of EEA authorities is available at edpb.europa.eu; in the UK, contact the Information Commissioner's Office (ico.org.uk); in Switzerland, the Federal Data Protection and Information Commissioner (edoeb.admin.ch). We currently do not have a designated EU/UK representative; if one is required for your region, contact us and we will engage one or designate appropriate alternative arrangements.

US state privacy rights

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Indiana, Tennessee, New Hampshire, New Jersey, or any other US state with a comprehensive consumer privacy law, you have the rights described above (subject to your state's specific requirements), including the right to:

• know what categories of personal information we collect, the sources, the purposes, and the categories of third parties we share it with;
• request a copy of, correct, or delete your personal information;
• opt out of the "sale" or "sharing" of personal information and of "targeted advertising" / "cross-context behavioural advertising";
• opt out of certain profiling that produces legal or similarly significant effects;
• limit the use of "sensitive personal information" (such as precise geolocation), where applicable;
• appeal a denial of a privacy request, where required by your state's law.

Some sharing of identifiers and online activity with advertising partners (including Google AdMob) for personalised advertising may constitute a "sale" or "sharing" under these laws. To opt out, you can: (a) decline the App Tracking Transparency prompt on iOS; (b) reset or delete your Advertising ID and opt out of ad personalisation on Android; (c) decline personalised advertising in any in-app consent prompt; or (d) email privacy@riftengineering.com.au with the request "Do Not Sell or Share My Personal Information". We honour Global Privacy Control (GPC) signals where they are received and technically feasible. We do not knowingly sell or share personal information of consumers under the age of 16 without consent.

Categories of personal information we may collect, share, or "sell"/"share" for CCPA/CPRA purposes include identifiers, internet/network activity, geolocation (which may be precise where you have granted location access, or coarse where derived from IP), commercial information (such as purchase history), audio / visual information (where you upload media), inferences drawn from the above, and, where you provide it, content of communications. We do not knowingly collect biometric information, government IDs, financial account numbers, or other categories of "sensitive personal information" beyond what is described in this policy.

Australian residents

We handle personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles. If you believe we have mishandled your personal information, you can complain to us at privacy@riftengineering.com.au and, if unsatisfied with our response, to the Office of the Australian Information Commissioner (oaic.gov.au).

Data retention

We retain personal information for as long as needed to provide the apps and for the purposes described in this policy, including to comply with legal, accounting, or reporting obligations, resolve disputes, and enforce our agreements. When you delete your account, we delete your personal information and content from our active systems within 30 days, except where we are required to retain it by law (for example, for tax, audit, or legal proceedings) or where it is held in encrypted backups, in which case it may persist for up to 90 days before being permanently removed. Advertising and analytics partners retain data they collect according to their own retention policies.

Children's privacy

Our apps are not directed at, and we do not knowingly collect personal information from, children under the age of 13 (or the equivalent minimum age in your jurisdiction, such as 16 in parts of the EEA). We do not enable Google AdMob's "child-directed" treatment by default unless an app is specifically designed for children, in which case the app's listing and in-app disclosures will state so and additional protections (such as Google's tagging for child-directed treatment / users under the age of consent) will be applied. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

Do Not Track

Our apps do not currently respond to browser "Do Not Track" signals (which are generally not applicable to mobile apps). Where we receive a Global Privacy Control signal in a context where it applies, we treat it as a request to opt out of "sale" / "sharing" under applicable US state laws.

Third-party links and services

Our apps and ads may contain links to third-party websites, services, or content that we do not control. This policy does not apply to those third parties, and we are not responsible for their content or practices. Please review their privacy policies before providing them with personal information.

Changes to this policy

We may update this policy from time to time. Material changes will be announced in the app, on our website, or by email to the address associated with your account. Continued use of our apps after a change indicates acceptance of the updated policy. The "Last updated" date at the top of this page always reflects the most recent revision.

Contact

Questions, requests, and complaints about this policy or your data should be sent to: