Privacy Policy

Welcome to Rilev ("we," "us," or "our"). We believe that true mental clarity requires total honesty, and total honesty requires absolute privacy.

Rilev is a self-awareness and personal development platform built on an anonymous account system. We do not require your name or email address to use the core Service. Your account is identified by a unique, non-identifying account credential (for example, a private-key–based identifier).

This Privacy Policy explains what data we collect, how we use it, how we share it, and your choices.

A. Anonymous Account Data

We provide the Service using an anonymous account system. We do not require your name or email address to use the core Service. Your account is identified by a unique, non-identifying account credential (for example, a private-key–based identifier).

B. Assessment & Report Data

When you complete assessments, we collect your responses and generate derived outputs (for example, scale scores, subscale scores, normalized scores, and derived insights).

C. Account Recovery Data (if enabled)

If you enable account recovery, we collect and store the recovery factors you provide (for example, security question/answer or authenticator/app-based verification) in a protected form to help you regain access to your anonymous account.

D. Device & Usage Data

We collect limited technical and usage information needed to operate, secure, and improve the Service (for example, device/app version, basic event telemetry such as feature usage, and performance/crash data).

E. Cookies / Local Storage (Web)

We use cookies or local storage to support core functions (for example, session management) and to store referral or promotional code state when applicable.

Assessment Session Backup: While you are actively completing an assessment session, your in-progress answers are temporarily saved to your browser's IndexedDB storage as a resumability backup. This allows you to resume where you left off if your browser closes or the page reloads mid-session. This temporary data:

• Contains only numeric questionnaire responses (e.g., scale ID + integer answer value) — no names, emails, or directly identifying information
• Is stored only on your device and is never transmitted to our servers as raw response data
• Is automatically cleared when you complete the session, or when you explicitly exit without saving

F. Apple Health / HealthKit Data (Optional)

If you choose to connect Apple Health/HealthKit, we collect only the categories you explicitly authorize. You can turn these permissions off at any time in your device settings (iOS Settings / Apple Health). We use this data only to provide and improve the Service features you request (for example, wellness tracking and trend insights). We do not use HealthKit data for advertising, marketing, or data brokerage, and we do not sell HealthKit data.

G. IP Addresses & Infrastructure Logging

Our application code does not collect, store, or log your IP address. However, our cloud infrastructure providers — Google Cloud Platform (GCP), Firebase, and Firebase App Hosting — automatically log IP addresses as part of their standard platform operations. These logs are retained by Google according to their own data retention policies and are outside of Rilev's application-level control.

Rilev does not access these infrastructure logs to identify individual users. We do not link IP addresses to your anonymous account, assessment data, or any other user-facing information. These infrastructure logs cannot be used to re-identify you through Rilev because we have no mechanism to correlate an IP address with an anonymous account credential.

We use the data we collect to:

• Provide the Service and generate your reports and exports;
• Maintain account access and account recovery;
• Protect the security and integrity of the Service (e.g., preventing abuse and fraud);
• Improve and develop the Service, including improving report quality and developing new features.

We may create and use de-identified and/or aggregated data derived from your use of the Service (including assessment responses, scale scores, derived metrics, and—if you enable them—device/telemetry signals). We use this data to:

• Improve and quality-test our scoring, interpretation, and report generation;
• Build population benchmarks and normalization curves;
• Evaluate reliability, calibration, and drift over time;
• Develop and improve statistical models and internal analytics.

We take steps designed to ensure de-identified/aggregated data does not reasonably identify you. However, no de-identification method can guarantee zero re-identification risk in every circumstance.

We share data only as needed to operate the Service, such as with:

• Service Providers

  Hosting, database, monitoring, analytics, and customer support tools that process data on our behalf under contractual protections.

• Payment Processors

  Payments are processed by third-party processors (e.g., Stripe, Apple, or platform partners). We do not store full payment card numbers. We may receive limited transaction metadata (such as payment status, timestamp, and product purchased) to provide access and handle fraud/chargebacks. We are designed to minimize linkage between payment records and assessment content.

• Legal / Safety

  If required to comply with law, enforce our terms, or protect users and the Service.

With Clinicians (If You Choose)

If you choose to share your results with a therapist, Rilev still does not know your identity. You are moving from an anonymous environment to a confidential health environment managed by your chosen professional:

• You initiate the share manually from within your account.
• You will be asked to confirm which results to share and with whom.
• Your identity remains unknown to Rilev — the professional's knowledge of your identity is governed by their own privacy practices and healthcare laws (e.g., HIPAA, PIPEDA).
• We do not have a "backdoor" to send your data to any third party without your explicit authorization.

Active Accounts: Your account data and reports are retained for as long as your account remains active, unless you delete it or request deletion (where applicable).

De-identified/Aggregated Data: De-identified/aggregated data may be retained longer because it is used to improve the Service and does not directly identify you.

Deletion: To delete your data:

• In-App Deletion: Log in with your account credentials and use the "Delete My Data" feature. This action is immediate and irreversible.
• Via Report Code: Your results include a Report Reference Code (e.g., #8X92-LP). If you've lost access to the app but saved this code, email us at privacy@Rilev.com with the code and we will delete the associated data.

Legal & Safety Record Retention

When you delete your account, the following anonymized records are retained for legal and safety compliance:

• Consent records — proof that you agreed to terms before participating
• Assessment audit trail — verification that the assessment workflow executed correctly
• Crisis safety logs (if any were generated) — proof that safety protocols were followed when crisis indicators were detected

You may withdraw consent or request deletion of your data at any time, subject to legal and operational limitations. If you withdraw consent or delete your account, we will stop collecting and using your personal information for the withdrawn purposes, and we will inform you of any consequences (for example, inability to provide the Service or recover your account).

HealthKit Permissions

You can revoke HealthKit permissions at any time in iOS Settings / Apple Health, and the Service will stop accessing HealthKit data. Your Apple HealthKit and Google Fit data will NEVER be used for marketing, advertising, or sold to data brokers under any circumstances.

U.S. State Privacy Rights (CCPA/CPRA)

Do Not Sell or Share My Personal Information: Rilev does not sell, share, or rent your personal information to third parties for monetary or other valuable consideration. We do not use your data for cross-context behavioral advertising.

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Delete your personal information (subject to legal retention exemptions)
• Opt-out of any sale or sharing of personal information (we do not sell or share, so no opt-out is necessary)
• Non-discrimination for exercising your privacy rights

To exercise these rights, use the "Delete My Data" feature in-app or contact privacy@rilev.com.

EU/UK Residents (GDPR)

Our lawful basis for processing is contract performance (delivering your assessment). You have the right to access, rectify, erase, restrict processing, data portability, and object — all exercisable via your account credentials or by contacting privacy@rilev.com.

We employ industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Access Control: Data is accessible only through your anonymous account credential.
• Anonymous Architecture: Your identity and your health data exist in separate, link-minimized systems.
• Server Location: Data is hosted on secure cloud infrastructure.

Inside the Assessment Application, Rilev does not:

• Log your IP address — IPs are transiently hashed in memory for rate limiting and immediately discarded.
• Fingerprint your device — we do not collect screen resolution, installed fonts, canvas hashes, or any other browser fingerprinting signals.
• Run ad networks or tracking pixels — no Meta Pixel, TikTok Pixel, Google Ads tag, or similar retargeting scripts.
• Use third-party analytics — no Google Analytics, Mixpanel, Amplitude, or behavioral tracking inside the app.

• Landing Page (Public Site): We use anonymous page-view counters to understand which pages visitors see. These counters do not identify individual users, do not use cookies, and do not share data with third parties. EU/UK users will see a cookie consent banner with the option to reject all non-essential cookies.
• Assessment Application (Private App): Once you enter the assessment, all analytics are disabled. No behavioral tracking, no retargeting pixels, no third-party scripts that could associate your identity with your mental health data.

Referral & Discount Attribution

If you arrive via a referral link or use a discount code, we may use cookies or similar technologies to attribute the referral (e.g., to apply special pricing and to calculate partner commissions). This attribution does not require us to collect your name or email.

We use the following third-party services:

These services operate independently and have their own privacy practices. Our anonymous architecture ensures that even these providers cannot link your identity to your assessment data.

Rilev is intended for users 18 years of age or older. We do not knowingly collect data from anyone under 18. If you are under 18, please do not use this service. If we learn that we have inadvertently collected data from a minor, we will delete it promptly.

Rilev operates globally. If you are accessing Rilev from outside the United States, be aware that your information may be transferred to, stored, and processed in the United States (via Google Cloud infrastructure), where data protection laws may differ from those of your jurisdiction.

However, our architecture ensures that even across jurisdictions, your identity remains decoupled from your data.

We may update this privacy policy from time to time. If we make significant changes that affect your privacy rights, we will post a prominent notice on our homepage.