Privacy Policy

Effective Date: April 29, 2026

Thank you for using the Rings app (the "Application"). This Privacy Policy applies to the Application for mobile devices created by Yuan Yao (the "Service Provider") as a freemium service. This service is intended for use "AS IS".

1. Health Data Accessed via Health Connect

The Application is a fitness companion that uses Google's Health Connect as its source and store of health data. With your explicit permission, the Application reads health and fitness data that you (or other apps and devices you have connected) have recorded in Health Connect, and displays it to you in the form of activity rings, summaries, and history. The Application also lets you log workouts manually; when you do, it writes those entries to Health Connect on your behalf so they are available to you and to any other apps you have authorized.

Health Connect is the system of record, not the Application. Your health data lives in Health Connect, which is part of the Android operating system and is controlled by you. The Application does not maintain its own separate copy of your health history. If you uninstall the Application, the Application loses all access to your data, but the data itself remains in Health Connect under your control — you can continue to access it through Health Connect or any other authorized app, or delete it from Health Connect at any time.

Health data types read from Health Connect. Subject to the permissions you grant in Health Connect, the Application reads the following data types:

• Steps — daily step count
• Exercise sessions — workout type, duration, and start/end time
• Sleep — sleep sessions and stages
• Speed — speed samples recorded during activity
• Heart rate — heart rate samples recorded during activity
• Heart rate variability — HRV samples recorded during activity or rest
• Distance — distance traveled during activity
• Floors climbed — elevation gain expressed as floors
• Total calories burned — total calories including basal metabolism
• Active calories burned — calories burned through physical activity

Background read access. The Application also requests Health Connect's read health data in background permission. This permission is used solely so that on-device features such as home-screen widgets, daily summaries, and goal-achievement reminders can reflect your latest activity even when the Application is not open in the foreground. Background access is used only for the same display purposes described above; the Application still does not transmit any data off your device, regardless of whether the read happens in the foreground or in the background. You can revoke background access independently at Settings → Apps → Health Connect → App permissions → Rings.

Health data types written to Health Connect. When you manually log a workout in the Application, the Application writes the following data to Health Connect, using only the values you have entered or that follow directly from the workout you logged:

• Exercise session — workout type, start time, end time, and duration that you specify
• Total calories burned — if provided by you or estimated for the session you logged
• Active calories burned — if provided by you or estimated for the session you logged

The Application only writes data that you have explicitly entered or confirmed for the purpose of logging your own training. The Application does not silently fabricate, infer, or write any data without a clear action by you.

The exact set of read and write permissions in effect at any given time is the set you have granted in Health Connect. You may grant or deny each permission individually, and you may revoke any of them at any time.

Purpose of access. Health Connect data is read solely to display your activity progress (rings, daily and historical summaries, and workout details) inside the Application on your device. Health Connect data is written solely to record the workouts you have asked the Application to log. Health Connect data is not used for advertising, profiling, training machine-learning models, or any purpose other than the in-app fitness tracking features you have requested.

No off-device collection, transmission, sharing, or sale. The Application does not collect, copy, transmit, upload, sell, share, or back up your Health Connect data to any external server, cloud service, analytics provider, advertising network, or other third party. All processing of Health Connect data happens locally on your device. None of the third-party service providers listed in Section 3 receive any health data.

Retention. Health Connect data is read on demand to render the current view. The Application may keep a short-lived local cache on your device so the user interface remains responsive; this cache contains only what the Application has just displayed and is removed when you uninstall the Application or revoke Health Connect permissions. The Application does not retain any health data outside of this on-device cache. Workouts you write through the Application are stored in Health Connect, where they are governed by Health Connect's own retention controls and remain under your control.

Your control over access and data. You may revoke any of the Application's Health Connect read or write permissions at any time via Settings → Apps → Health Connect → App permissions → Rings, or by uninstalling the Application. Revoking a permission immediately stops the Application from reading or writing the corresponding data type. You may also delete any individual record, or all data, directly from Health Connect — including workouts the Application previously wrote on your behalf.

Compliance. The Application's use of data received from, and written to, Health Connect adheres to the Health Connect by Android Permissions policy, including the Limited Use requirements. Health Connect data is not transferred to third parties, not used for advertising, not sold, and not used to determine creditworthiness or for lending purposes.

2. Other Permissions Used by the Application

In addition to Health Connect, the Application may request the following device permissions, each used solely for the stated purpose:

• Notifications — to deliver activity reminders and goal-achievement alerts that you have enabled.
• Internet — to fetch app configuration, deliver crash diagnostics, and process in-app purchases via the providers listed in Section 3. Health Connect data is never sent over the network.
• Billing — to enable Google Play in-app purchases for premium features. Purchases are handled by Google Play; the Application does not receive your payment card details.
• Advertising ID (AD_ID) — the Application accesses the device Advertising ID solely so that Google Analytics for Firebase can collect aggregated, non-personalized analytics about how the Application is used. The Advertising ID is not linked to your Health Connect data, is not used to serve advertisements inside the Application, and is not shared with advertising networks. You can reset or delete your Advertising ID at any time from your device's Settings → Privacy → Ads.

The Application does not request access to your precise location, contacts, microphone, camera, or SMS.

3. Non-Health Information Collected by the Application

Separate from Health Connect data, the Application collects limited non-health information to operate, secure, and improve the service. This information may include:

• App usage events (screens visited, time and date of visit, session length), in aggregated and anonymized form.
• Crash diagnostics and error logs.
• Device operating system version and app version.
• Anonymous identifiers used by the in-app purchase provider to associate your purchases with your installation of the Application.

The Application does not gather precise information about the location of your mobile device.

No health data is included in this telemetry. The Application is engineered so that data read from, or written to, Health Connect is never forwarded to any of the analytics, crash reporting, or in-app purchase providers listed below.

The non-health information described above is processed by the following third-party service providers:

• Google Play Services
• Google Analytics for Firebase
• Firebase Crashlytics
• RevenueCat

4. Disclosure of Information

The Service Provider may disclose User Provided and Automatically Collected Information:

• As required by law, such as to comply with a subpoena, or similar legal process.
• When they believe in good faith that disclosure is necessary to protect their rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
• With their trusted service providers who work on their behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this Privacy Policy.

5. Opt-Out Rights

You can stop the Application from accessing Health Connect at any time by revoking its read and/or write permissions in Settings → Apps → Health Connect → App permissions → Rings, or by uninstalling the Application using the standard uninstall process available on your mobile device or through the mobile application marketplace. Uninstalling the Application removes the Application's access to your data; your records in Health Connect are not affected by uninstall and remain under your control through Health Connect itself.

6. Data Retention Policy

The Service Provider will retain User Provided data for as long as you use the Application and for a reasonable time thereafter. If you'd like them to delete User Provided Data that you have provided via the Application, please contact them at info@rice-studio.com, and they will respond in a reasonable time.

7. Children

The Service Provider does not use the Application to knowingly solicit data from or market to children under the age of 13.

The Application does not address anyone under the age of 13. The Service Provider does not knowingly collect personally identifiable information from children under 13 years of age. In the case the Service Provider discovers that a child under 13 has provided personal information, the Service Provider will immediately delete this from their servers. If you are a parent or guardian and you are aware that your child has provided personal information, please contact the Service Provider at info@rice-studio.com so they can take necessary actions.

8. Security

The Service Provider is concerned about safeguarding the confidentiality of your information. The Service Provider provides physical, electronic, and procedural safeguards to protect the information they process and maintain.

9. Changes

This Privacy Policy may be updated from time to time for any reason. The Service Provider will notify you of any changes to the Privacy Policy by updating this page with the new Privacy Policy. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.

This privacy policy is effective as of April 29, 2026.

10. Your Consent

By using the Application, you are consenting to the processing of your information as set forth in this Privacy Policy, now and as amended by us.

11. Contact Us

If you have any questions regarding privacy while using the Application, or have questions about the practices, please contact the Service Provider via email at info@rice-studio.com.