Our Policies

Privacy Policy

Updated and effective as of April 1, 2026

This Privacy Policy describes how Natals, Inc. ("Ritual," "we," "us," or "our") collects, uses, shares, or otherwise processes personal information that we collect through our properties that link to this Privacy Policy, including our website https://ritual.com (the "Site") and any other website, product, feature or service we offer, as well as through social media, our marketing activities, live events, and other activities described in this Privacy Policy, including data collected by Ritual offline, which we may combine with online data (collectively, the "Services").

United Kingdom users: Please see the Notice to UK users section below for additional information applicable to individuals located in the United Kingdom ("UK").

Canadian residents: Please see the Notice to Canadian residents section below for additional information applicable to individuals located in Canada.

U.S. state privacy rights: Please see the State privacy rights notice below for important information about rights available to residents of certain U.S. states, including our California Privacy Notice at Collection for California residents.

Note: for Washington, Nevada, and Connecticut residents: Consumer health data we collected about Washington, Nevada, and Connecticut residents is subject to our Consumer Health Data Policy.

By accessing, using, submitting data to, or otherwise interacting with the Service or providing information to us, you agree to the practices described in this Privacy Policy. Please also review our Terms of Service, which also applies to your use of the Service. If you do not agree to the terms of this Privacy Policy and the Terms of Service, please do not use the Service or provide personal data to us.

There may be times when you are interacting with us when we provide additional information or ask your consent for certain data processing. These additional disclosures supplement this policy and will apply to that feature or functionality.

Personal and Non-Personal information we collect
Information you provide to us directly
Information we collect from third-party sources
User Content and Submission Features
Data we collect automatically
Data about others
How we use your personal information
How we share your personal information with third parties
Third Party/Interest Based Advertising and Analytics Third Parties and Similar Third Parties
Your choices
Other third party sites and services
Security
International data transfer
General Audience Site
Changes to this Privacy Policy
How to contact us
Jurisdiction Specific Rights
U.S. State-specific privacy rights notice
California Privacy Notice at Collection
Notice to Nevada residents
Notice to UK users
Notice to Canadian residents

Personal and Non-Personal information we collect

We may collect data about users of the Services directly from you (such as when you register for an account or take a quiz), automatically when you use the Services (such as when you interact with a webpage), and sometimes from third parties (such as our service providers, business partners, and other third parties). Some of this data may be considered "personal information" or "personal data", and some of which may be considered "sensitive", under various applicable laws. We will also treat other information, including IP addresses and cookie identifiers, as "personal data" where required by applicable law and we will treat certain personal data as "sensitive data" as required by applicable law.

Note that we may de-identify or pseudonymize personal data so that it is non-personal, such as aggregating (such as combining it with data about other individuals) and/or or converting it to a code, sometimes using a function commonly known as "hash", or otherwise removing characteristics that make the data personally identifiable to you. We maintain and use de-identified data without attempting to re-identify it, except where permitted by applicable law, such as to determine whether our de-identification processes satisfy legal requirements.

We will treat de-identified or pseudonymized data as non-personal to the fullest extent allowed by applicable law. If we combine non-personal data with personal data, then we will treat the combined information as personal data under this Privacy Policy.

Information you provide to us directly

Personal information you may provide to us directly through the Services includes:

Contact data, such as your first and last name, salutation, email address, billing and mailing addresses, and phone number.
Profile data, such as the username and password that you may set to establish an online account on the Services, and any other information that you add to your account profile.
Pregnancy and other similar health-related data, such as due date and pregnancy status (whether you are trying, not trying, expecting or just had a baby). For Connecticut, Nevada, and Washington residents, please see our Consumer Health Data Policy.
Communications data, based on our exchanges with you, including when you contact us through the Services, social media, or otherwise.
Transactional data, such as information relating to or needed to complete your orders on or through the Services, including order numbers and transaction history.
Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
Payment data needed to complete transactions, including payment card information or bank account number.
Promotion data, including information you share when you enter a competition, promotion, or complete a survey. We may offer sweepstakes, contests, or other promotions (any, a "Promotion"), that may require registration. Please note that if you participate in a Promotion through the Services, we may ask you for your contact data to notify you if you win, to verify your identity, and/or to send you prizes. In some situations, we may need additional information as a part of the entry process, such as a prize selection choice. These sweepstakes and contests are voluntary. By participating in a Promotion, you are agreeing to the provisions, conditions, or official rules that govern the Promotion, which may require specific requirements of you (including, without limitation, and except where prohibited by law, allowing the sponsor(s) of the Promotion to use your name, voice, likeness, or other indicia of persona in advertising or marketing materials). If you choose to enter a Promotion, personal data may be disclosed to third parties or the public in connection with the administration of such Promotion, including, without limitation, in connection with winner selection, prize fulfillment, as required by law or permitted by the Promotion's terms or official rules (such as on a winners list).

Information we collect from third-party sources

We may combine personal information we receive from you with personal information we obtain from other sources in order to provide you with information or services you have requested, to tailor content, to offer you opportunities to purchase products or services that we believe may be of interest to you, and for other purposes. The data collected and stored by third parties is subject solely to the third party's privacy practices.

Third-party sources may include:

Public sources, such as government agencies, public records, social media platforms, and other publicly available sources.
Private sources, such as data providers, social media platforms, and data licensors who enhance the data we have about you.
Our affiliate partners, such as our affiliate network provider and publishers, influencers, and promoters who participate in our paid affiliate programs.
Marketing partners, such as joint marketing partners and event co-sponsors.
Third-party services (such as Shopify or Google) that you use to log into, or otherwise link to, your Ritual account. This data may include your username, profile picture, and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.

User Content and Submission Features

The Services may permit you to submit or post photos, audio, video, text, files, social media posts, or other content ("User Content") through interactive or other features, such as reviews, product Q&As, blog comments, gallery posts, or promotional activities ("Submission Features"). Your submission of User Content is subject to the Terms of Service for the Services which gives us the right to use your User Content, online or offline, in connection with our promotional activities. Personal information, such as your name, user name (from the Services or your social media account), or where you reside, may be publicly displayed with your User Content. Others may access it, use it, and share it. We are not responsible for how others use User Content you submit or post. In addition, in connection with certain activities, your personal information may be disclosed publicly, for example, being identified as a winner of a sweepstakes or being awarded a prize.

Data we collect automatically

We and third parties we work with (including our service providers, third party content, advertising, and analytics providers, and other business partners) may use a variety of technologies, including cookies and pixel tags, that automatically or passively collect information about you, your computer or mobile device, and your interaction over time with the Services, our communications, and other online services ("Device ID/Interaction Information"). Device ID/Interaction Information may include, but is not limited to:

Device data, such as your computer or mobile device's operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Services, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.

Cookies and similar technologies. Device ID/Interaction Information may be collected through the use of the following technologies.

Cookies, which are small text files that websites store on user devices and that allow web servers to record users' web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both "session cookies" that are deleted when a session ends, "persistent cookies" that remain longer, "first party" cookies that we place (used to recognize your computer or mobile device when it revisits our Services and to store certain information from your current session to deliver a more personalized shopping experience) and "third party" cookies that our third-party business partners and service providers place. We may use cookies and similar technologies to uniquely identify the visitor's browser, to store information or settings in the browser, to help keep your use of the Services more secure, to send SMS reminders based on your activity on our Services, including browse/cart abandonment (e.g., information and alerts based on the listings you viewed on our website), to study traffic patterns on the Services, to study the effectiveness of our customer communications, to maintain the integrity of the Services, to measure crash analytics and other maintenance related data, to manage and measure the performance of advertisements displayed on or delivered by or through the Services, and to personalize your experience through the Services, such as to recognize you when you return to the Services. Most browsers provide you with the ability to disable, decline, or clear cookies and local storage; please check your browser's settings for further information. However, if you disable cookies, you may find this affects your ability to use certain parts of the Services. For more information about cookies, please visit https://www.aboutcookies.org.
Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, or for marketing and targeted advertising purposes.
Embedded scripts. An embedded script is programming code that is designed to collect data about your interactions with the Services, such as the links you click on. The code is temporarily used by our server or a third-party service provider or business partner while you browse or interact with the Services and is deactivated or deleted when you disconnect from the Services.
Session-replay technologies, such as those provided by Amplitude, that employ software code to record users' interactions with the Services in a manner that allows us to watch and analyze visual reconstructions (DVR-like replays) of those user sessions. The replays may include users' clicks, mobile app touches, mouse movements, scrolls, and keystrokes/key touches during those sessions. These replays help us diagnose usability problems and identify areas for improvement. You can learn more about Amplitude at https://amplitude.com/privacy and you can opt-out of session recording by clicking on the "Your Privacy Choices" link in the footer of our website.
Chat technologies, such as those provided by Intercom, that employ cookies and software code to operate the chat features that you can use to communicate with us through the Service. We and such third-party providers may record, access, and use information you choose to provide through chats, information about webpages visited on our website, your IP address, your general geographic information (e.g., city, state), and any other information you provide to assist you during the chat session, to improve our products and services, and for training and marketing purposes, for the purposes described in this Privacy Policy.

Approximate Location Data. Please note that we may still be able to collect or infer your approximate location through other data we collect, such as IP address. In addition, some mobile service providers may also provide us or our third-party providers with data regarding the physical location of the device used to access the Services.

Data about others

We may offer features that help users invite their friends or contacts to use the Service, and we may collect contact details about these invitees so we can deliver their invitations. Please do not refer someone to us or share their contact details with us unless you have their permission to do so.

How we use your personal information

We may use your personal information for the following purposes:

Service delivery, which may include using your personal information to:

provide and operate the Service
establish and maintain your Ritual user profile
remember devices from which you have previously logged in
discern whether you are logged in when you visit password-protected areas of the Site
provide support for the Service, and respond to your requests, questions, and feedback
communicate with you about the Service, including by sending Service-related announcements, updates, security alerts, and support and administrative messages
Categories of personal information involved
- Any and all data types relevant in the circumstances

Security, which may include using your personal information to:

remember devices from which you have previously logged in
communicate with you about the Service, including by sending Service-related announcements, updates, security alerts, and support and administrative messages
to protect integrity of the Services; to investigate, prevent, and detect, and protect against misuse of our systems, abuse, fraud or other crime, or illegal activities or those that violate our policies; to detect and troubleshoot problems
Categories of personal information involved
- Any and all data types relevant in the circumstances

Service personalization, which may include using your personal information to understand your needs and interests:

tailor the content and advertising we display to you and others, on the Services and elsewhere, including content in communications we send to you, to tell you about new products, promotions, opportunities or other general information about Ritual or our products that we believe will be of interest to you
remember your selections and preferences as you navigate the Site
Categories of personal information involved
- Contact data
- Profile data
- Pregnancy and other similar health-related data
- Device ID/Interaction Information

Direct marketing, which may include using your personal information to send you direct marketing communications, as permitted by law (you may opt-out of our marketing communications as described in the Opt-out of marketing section below):

personalize and optimize our marketing communications according to your needs and interests, such as recommendations, promotions, and advertisements we display through the Services and elsewhere online
monitor your interaction with our communications (such as whether you opened them)
facilitate your invitations to friends who you want to invite to join the Service
Categories of personal information involved
- Contact data
- Profile data
- Communications data
- Transactional data
- Marketing data
- Device ID/Interaction Information

Targeted/Interest-based advertising, which may include using your personal information to:

share information about our users with our third-party advertising and analytics partners to facilitate interest-based advertising to those or similar users on other online platforms, as described further below.
allow our third-party advertising and analytics partners to collect information about your interaction with the Services, our communications, and other online services over time and use that information to serve online ads that they think will interest you
Categories of personal information involved
- Contact data
- Device ID/Interaction Information

SMS Marketing and Support, which may include using your personal information to:

When you opt in, send you text notifications for your order (including abandoned checkout reminders), text marketing offers, transactional texts, and requests for reviews. We use information stored in a cookie to save information about your cart for future use and determine whether it has been abandoned.
share opt-in data with our messaging partners and service providers, for the sole purpose of enabling and operating our text messaging program
enable security features of the Service, such as by sending you security codes via email or SMS
Categories of personal information involved
- Contact data
- Transactional data
- Marketing data
- Device ID/Interaction Information

Promotions and contests, which may include using your personal information to:

administer promotions and contests
communicate with you about promotions or contests in which you participate
Categories of personal information involved
- Promotion data
- Contact data
- Profile Data
- Communications data

Internal Business Purposes, including service analytics, which may include using your personal information to:

analyze your usage of the Service
analyze the effectiveness of our marketing efforts
improve the Service and our products
market research
improve the rest of our business
help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails.
Detect and troubleshoot problems
Categories of personal information involved
- Any and all data types relevant in the circumstances

Compliance with law and co-operation with authorities, which may include using your personal information to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities:

audit our internal processes for compliance with legal and regulatory and contractual requirements or our internal policies
prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft
cooperate with law enforcement authorities in investigating and prosecuting users who violate our rules or engage in behavior that is illegal or harmful to other users, including suspected fraud, or situations involving potential threats to the physical safety of any person
Categories of personal information involved
- Any and all data types relevant in the circumstances

Protection and enforcement of rights, which may include using your personal information to:

protect our, your, or others' rights, privacy, safety or property (including by making and defending legal claims)
enforce our agreements and policies that govern the Service and/or Site
prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft
Categories of personal information involved
- Any and all data types relevant in the circumstances

Data sharing in the context of corporate events, we may share certain personal information in the context of actual or prospective corporate events – including, without limitation, in the course of any due diligence process. For more information, see How we share your personal information below.

Categories of personal information involved
- Any and all data types relevant in the circumstances

To create aggregated, de-identified and/or anonymized data from your personal information by removing information that makes the data identifiable to you. Except as expressly prohibited by law, we may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Categories of personal information involved
- Any and all data types relevant in the circumstances

Further uses, in some cases, we may use your personal information for further uses, in which case we will ask for your consent.

Categories of personal information involved
- Any and all data types relevant in the circumstances

We may share your personal information in the following circumstances and as otherwise described in this Privacy Policy or at the time of collection, or otherwise with your consent.

Service providers. Third parties that provide services on our behalf or help us operate the Services or our business (such as hosting, information technology, customer support, email delivery, marketing, consumer research and website analytics).

Payment processors. Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processors, which may include Shopify Payments, Stripe, Truemed, PayPal, Amazon Pay, or another third party payment processor that may be made available and who may use your payment data in accordance with their privacy policies. Shopify Payments, Stripe, Truemed, PayPal, and Amazon Pay privacy policies may be found at https://www.shopify.com/legal/privacy/consumers (for Shopify Payments), https://stripe.com/privacy (for Stripe), https://www.truemed.com/legal/privacy (for Truemed), https://www.paypal.com/us/webapps/mpp/ua/privacy-full (for PayPal), and https://pay.amazon.com/help/201491260 (Amazon Pay).

Shopify Store and Data Processing. Our store is hosted on Shopify. Shopify provides us with the online shopping platform that allows us to sell our products and services to you. Shopify collects and processes your personal data for purposes including but not limited to providing us with enhanced services through features that incorporate data and information from customer interactions with our websites, with those of other Shopify merchants, and with Shopify, such as advanced product and store customization, analytics, and advertising services (such services are referred to as the "Shopify Enhanced Services"). Your information may be shared with Shopify and with third parties, including those located outside your country, to provide these enhanced services. For more information, see the Shopify Consumer Privacy Policy at https://www.shopify.com/legal/privacy/consumers. We use the Shopify Enhanced Services, which may use your data for analytics, product recommendations, and targeted advertising. In some jurisdictions, the use of the Shopify Enhanced Services may be considered "sharing" or "targeted advertising" under applicable privacy laws. You have the right to opt out of such uses. To exercise this right, visit Shopify's privacy portal at https://privacy.shopify.com/en.

Advertising partners. As fully described in the section below titled "Third Party/Interest Based Advertising and Analytics Third Parties and Similar Third Parties", we share (or allow third parties to collect) certain data, including about how you use the Services, to target advertising to you and others and assess the effectiveness of our advertising, and for similar purposes.

Third parties designated by you. We may share your personal information with third parties where you have instructed us or provided your consent to do so.

Business and marketing partners. Third parties with whom we co-sponsor events or promotions, with whom we jointly offer products or services, or whose products or services may be of interest to you.

Social media and other third-party services. You may be able to use the Services to interact with social media or other third-party platforms, like Instagram. When you interact with these third-party platforms through the Services, we will receive data about you from the third-party platform service and you will be choosing to share data about your interactions with Ritual with that social media service.

In addition, the third-party service may set their own cookies and collect data about your use of the Services, including your IP address or other device identifiers, and which pages you visit on the Services. These third-party platforms may be able to collect certain data on your visits to the Services regardless of whether or not you affirmatively interact with the feature and whether or not you are logged into (or have) an account with the third-party service. If you are logged out or do not have an account and visit a page with a social plug-in, your browser sends a more limited set of data. Like other sites, the third-party service will receive data about the webpage you are visiting, the date and time of your visit, and other browser-related data. They may use that data to help them improve their products or for other purposes set forth in their privacy policy. We may also receive data about you if other users of social media give us access to their profiles and you are one of their connections or "friends."

If you choose to connect to the Services through your social media account or other third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.

The data we collect is subject to this Privacy Policy. The data collected and stored by the third party remains subject to the third party's privacy practices, including, without limitation, whether the third party continues to share data with us, the types of data shared, and your choices with regard to what is visible to others on that third-party website or service. The third party may allow you to remove the application or feature, in which case we will no longer collect data about you through the application or feature, but may retain the data previously collected.

If you choose to post information to a third-party service, that information may be public.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Parties to corporate events. We may disclose personal information in the context of actual or prospective corporate events (e.g., investments in Ritual, financing of Ritual, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain personal information with prospective counterparties and their advisers (including, without limitation, during the course of any due diligence process). We may also disclose your personal information to an acquirer, successor, or assignee of Ritual as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.

Non-personal data. Except as expressly prohibited by law, we may share non-personal information, including Device ID/Interaction Information, hashed, or otherwise de-identified or pseudonymized data, and aggregated user statistics, with third parties in our discretion, including for targeted advertising purposes.

SMS/MMS/RCS Message Data. Notwithstanding anything else in this policy, Ritual does not share personal information we collect specific to our SMS/MMS/RCS text message programs (such as mobile number and record of consent) with third parties for their own direct marketing purposes without your specific consent.

Third Party/Interest Based Advertising and Analytics Third Parties and Similar Third Parties

We may use third party business partners, such as analytics companies, ad agencies, network advertisers, and others who provide us with data about the Services, users, and our advertisements, and who deliver ads to you on our behalf on the Services and elsewhere online. We and our third-party business partners collect certain data about your visits to and activity on the Site and other websites and services, including as described in "Social media and other third-party services", and may use this data to target advertising to you and others and to assess the effectiveness of our advertising. Except as prohibited by law, we may also share (or permit third parties to collect) certain data, such as Device ID/Interaction Information, aggregated or de-identified, pseudonymized or hashed data (including email addresses), with these third parties for similar purposes.

These third parties may set and access their own tracking technologies on your device (including cookies, pixels, or other technology) and may otherwise collect or have access to your personal data over time, including about your visits to the Services as well as other websites and online services, some of which may be personal information or personal data under various state laws. Companies that we share data with, including ad agencies and networks, may use the data, often in combination with their existing data, in order to present more relevant advertisements that may be of interest to you, and to help us and third parties to do the same.

Cookie Opt-Out. To disable sharing through cookies set on our site by third parties for advertising and analytics purposes, please adjust your settings by clicking the "Cookie Settings" link in our website footer.
NAI/DAA Opt-Out. Some of the companies we use may be members of the Network Advertising Initiative ("NAI") or Digital Advertising Alliance ("DAA"). The NAI provides information regarding targeted advertising and the opt-out procedures of NAI members, including opt-out mechanisms for web browsers, mobile and other connected devices, and a tool to opt out from participating NAI members using your hashed email address for interest-based advertising. You may also want to visit the DAA's website, which provides information regarding targeted advertising and offers an opt-out for DAA-participating companies. Canadian residents also may learn about interest-based advertisements from participating third parties in Canada at the Canadian DAA choice page at http://youradchoices.ca/choices/.
GPC. Global Privacy Controls (GPC) offered by some web browsers are settings that automatically inform websites of your privacy preferences with regard to third party online tracking including exercising your rights and requesting the web application to disable tracking you for certain purposes. When you choose to turn on the GPC setting in your browser, your browser sends a special signal to websites, analytics companies, ad networks, plug in providers, and/or other web services you encounter while browsing to exercise your privacy rights and stop tracking your activity for certain purposes. You can learn more about and set up GPC here.
Google Analytics. We use Google Analytics, which uses cookies and similar technologies to collect and analyze data about the use of the Services and report on activities and trends. This service may also collect data about the use of other websites, apps, and online services. You can learn about Google's practices, and opt out of them by downloading the Google Analytics opt-out browser add-on.

Please note that opting out through these mechanisms does not opt you out of being served advertising, and that you will continue to receive generic ads while online. Your opt-out choices are browser and device specific; if you disable your cookies, upgrade your browser after opting out or if you use multiple different devices, please opt-out on each device and each browser separately.

Your choices

In this section, we describe the rights and choices available to all users. Users who are located in certain U.S. states, Canada, and the United Kingdom can find additional information about their rights below.

Access or update your information. You are responsible for maintaining the accuracy of the data you submit to us. If you have registered for an account with us through the Services, you may review and update certain account information by logging into the account.

Opt-out of marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive transactional emails, for example emails related to your orders, in response to your requests, or changes to our terms or policies.

Delete your content or close your account. You can choose to delete certain content through your account. If you wish to request to close your account, please contact us.

We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable. Note, however, that data may persist internally for administrative purposes and that residual data may remain on backup media or for other reasons.

Other third party sites and services

The Service may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications, or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications, and online services you use.

Security

We employ a number of technical, organizational, and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information. You use the Services and provide us your data at your own risk.

International data transfer

We are headquartered in the United States and may use service providers that operate in other countries. By using the Services, or providing us with any data, you fully understand and unambiguously consent to this transfer to, and processing, usage, sharing, and storage of your data in the United States and other jurisdictions, for which the privacy laws may not be as comprehensive as those in the state, province, or country where you reside and/or are a citizen. As a result, this data may be subject to access requests from governments, courts, or law enforcement in the United States and other countries according to the laws in those jurisdictions.

Users in the UK should read the important information provided below about transfer of personal information outside of the UK.

General Audience Site

The Service is not intended for use by anyone younger than 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child's parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy in our discretion at any time and may apply any changes to information previously collected, as permitted by applicable law. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Services or other appropriate means as required by applicable law, such as contacting you through contact information you have provided. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Services after the effective date of any modified Privacy Policy indicates your acknowledging that the modified Privacy Policy applies to your interactions with the Service and our business. We will provide notice and obtain your consent to the new policy, which may be opt-in or opt-out consent, if required, or which may occur your continued use of the Services, to the fullest extent allowed by applicable law.

How to contact us

Email: my@ritual.com

Jurisdiction Specific Rights

Residents of certain countries and U.S. states may have the ability to exercise additional rights and choices regarding their personal data. We will take reasonable steps to accommodate your request, but may need to verify your identity before doing so. If you are a resident of a U.S. state with specific rights, including California, please see additional information below. Residents of the UK and Canada, please see additional information below.

U.S. State-specific privacy rights notice

If you are a California resident, please see our California Privacy Notice at Collection, below for additional disclosures, including information about your privacy rights and how to exercise them.

We set forth above the categories of personal data we process, the purpose for processing personal data, the categories of personal data shared, and the categories of third parties with whom personal data is shared for sales/targeted advertising. Residents of certain U.S. states may have the ability to exercise additional rights and choices regarding their personal data. We will take reasonable steps to accommodate your request but may need to verify your identity before doing so.

Currently residents of Connecticut, Maryland, Nebraska, and Texas have certain privacy rights with respect to this data, as described below. We will otherwise provide applicable privacy rights as required by law.

Exercise Your Privacy Rights

If you are a Connecticut, Maryland, Nebraska, or Texas resident and would like to exercising your right to access, correction, deletion, or submit an appeal, you may submit requests to exercise these rights online using our privacy request form, or by emailing us at privacy-requests@ritual.com.

Verifying Requests

Your privacy rights. Depending on your state of residence, you may have some or all of the following rights. We may decline or limit a request as permitted by law.

Access/Obtain Your Personal Data/Data Portability (CT, MD, NE, TX). You have the right to confirm whether we are processing your personal data and request to access such data, obtain a copy of the personal data we hold about you and, to the extent feasible and where permitted by applicable law, in a readily usable format to allow data portability. Depending on your jurisdiction, this may include the right to access either a list of specific third parties or the categories of third parties with whom we have shared or sold personal information, inferences made about you, and whether we process your personal information for profiling purposes in furtherance of decisions that produce legal or similarly significant effects.
Correction (CT, MD, NE, TX). You can ask us to correct inaccurate personal data that we hold about you.
Deletion (CT, MD, NE, TX). You can ask us to delete the your personal data.
Opt-out (CT, MD, NE, TX).
- Opt-out of sales/targeted advertising (CT, MD, NE, TX). You have the right to opt out of the sale of your personal data. We do not sell personal data to third parties for monetary compensation, however sharing of information with third party advertising vendors and similar targeted advertising practices may constitute a "sale" under applicable state laws.
  Cookie/Tracker-Based Opt Out for Sales/Targeted Advertising: We also engage in online advertising practices (and certain analytics and similar activities) that may be considered a sale and/or targeted advertising under applicable state laws. You may opt out of cookies set by third parties that may be considered sales and targeted advertising by adjusting your cookie settings using the "Your Privacy Choices" link in our website footer.
- Opt-out of profiling/automated decision making in furtherance of legal or similarly significant decisions. Ritual does not process your personal data for the purposes of profiling in furtherance of decisions that produce legal or similarly significant effects as defined under these state privacy laws.
Appeal - If you are a resident of Connecticut, Maryland, Nebraska, or Texas, and you would like to appeal our decision relating to your request, you have the right to submit an appeal and can do so using the methods to exercising your rights listed above. Please include your full name, the basis for your appeal, and any additional information to consider.
Sensitive Data. If you are a Connecticut, Nebraska, or Texas resident, we will obtain your consent to the processing of Sensitive Data (as defined by the applicable state law) we collect. You may also opt out of processing using the methods to exercise your rights listed in this section.

Verification of Identity; Authorized agents. We may need to verify your identity and confirm your residency in order to process your access, appeal, correction, deletion, or other requests. To verify your identity, we may require a declaration under penalty of perjury, or other information, where permitted by law. In addition, we may not be able to process your request if you do not provide us with sufficient detail to allow us to confirm your identity or understand and respond to it.

Authorized Agents Submitting Opt-Out Requests for Sales and Targeted Advertising (CT, MD, NE, TX Residents) – If you are an authorized agent submitting a request to opt out of sales or targeted advertising on behalf of a Connecticut, Maryland, Minnesota, Nebraska, or Texas resident, please submit the request pursuant to the above instructions. We may require documentation to authenticate the Consumer's identity and that you are authorized to submit the request on the consumer's behalf in order to be able to fulfill your request. Please keep in mind that if we cannot authenticate that you are authorized to act on the Consumer's behalf or we cannot authenticate the Consumer's identity, we may deny the request.

Non-discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you our goods or services, charge you different prices or rates, or provide you a different level or quality of goods or services if you exercise your privacy rights.

California Privacy Notice at Collection

This California Privacy Notice is updated and effective as of April 1, 2026.

Under the California Consumer Privacy Act ("CCPA"), California residents have certain rights with regard to information that could reasonably be used to identify you. This Privacy Notice is provided so that you can understand at or before the point of collection what we are collecting and why and your California rights, as required by the California Consumer Privacy Act of 2018 ("CCPA"), the California Privacy Rights Act of 2020 ("CPRA"), and any implementing regulations adopted thereunder. Terms (including defined capitalized terms) used in this California Privacy Notice at Collection have the same meanings given in the CCPA, CPRA, and the associated regulations, unless otherwise defined. For purposes of this Section, references to "personal information" includes "sensitive personal information" where applicable, unless otherwise indicated.

Exercising Your California Rights

Overview of California Privacy Rights

California Consumers have the right to request: (1) that we disclose to you what personal information we collect, use, disclose, and sell/share, including the right to request that we provide to you the specific pieces of personal information we have collected about you ("Right to Know") (2) that we delete the personal information we have collected from you ("Right to Delete"); and, (3) that we correct inaccurate personal information we hold about you ("Right to Correct"), (4) to opt out from the sharing of your personal information to a third party for cross-context behavioral advertising (i.e. targeted advertising) ("Right to Opt-Out of Sharing"), (5) to opt-out from the sale of personal information ("Right to Opt-Out of Sale"), and (6) the right to limit the use or disclosure of sensitive information, all subject to the meanings and exceptions set forth in the CCPA and CPRA. More information on each of these rights is below.

Verifying Your Requests

We will take reasonable steps to verify your identity based upon the information you provide and the type of request you are making. In your request, you must provide enough information to allow us to verify you are the person about whom we collected personal information, or their authorized representative. You must also describe your request with enough detail so that we can understand, evaluate, and respond to it. We can't respond to your request if we can't verify your identity. Making such a request does not require you to create an account with us, and we will only use the information you provide in a request to verify your identity.

When you exercise your Right to Know, Right to Delete, and/or Right to Correct Inaccurate Information, we may ask that you provide us with information, beyond your full name, in order to verify your identity and fulfill your request. If we are unable to verify that the individual submitting the request is the same individual about whom we have collected information (or someone authorized by that individual to act on their behalf), we will not be able to process the request.

Authorized Agents

If you are an authorized representative submitting a request on a user's behalf, please complete the applicable request per the instructions below. We will follow up to request a signed, written permission signed by the individual who is the subject of the request authorizing you to make the request on their behalf. The written permission must state your full legal name, the full legal name of the individual who is the subject of the request, and needs to be clear about the permission granted. Alternatively, you may submit a copy of a power of attorney under Probate Code sections 4000-4465. In either case, please also indicate in your email the nature of your request. The consumer's identity, in addition to your own, will need to be independently verified in order for us to be able to fulfill your request. We may also ask the consumer to directly confirm with us that they provided you permission to submit a request. Please keep in mind that if we do not receive adequate proof that you are authorized to act on the consumer's behalf, we may deny the request.

Right to Know, Delete, & Correct

California Consumers have the right to know what information we have collected about you (the categories and the specific pieces of information), the right to delete information, and correct information. If you are a California consumer and would like to exercise your Right to Know, Delete, and/or Correct, you may submit a request using our privacy request form, or by emailing us at privacy-requests@ritual.com.

In order to have us provide specific pieces of information, we may require a signed declaration under penalty of perjury that you are the consumer whose Personal Information is the subject of the request.

Please note that as part of the verification process, once you submit a request to delete, we may follow up and require you to confirm that you want your information deleted.

If you would like to confirm that your sensitive personal information in our records is the same as what you have provided to us, please contact us to initiate the process. For security purposes, do not include your sensitive personal information in the email.

Right to Opt-out of the "Sale" of Personal Information or "Sharing" for Cross Context Behavioral Advertising

Ritual does not sell Personal Information to third parties for monetary consideration. However, the collection of data by certain of third party analytics or advertising providers may be considered a "sale" or "sharing" for cross contextual behavioral advertising under California law. To opt-out of the sale of Personal Information or sharing for cross-context behavioral purposes by Ritual, please email us at privacy-requests@ritual.com

To disable sharing through cookies set by third parties that may be considered "sales" or "sharing" under California law, click the "Your Privacy Choices" link in the footer of our website, disable "Advertising Cookies", and click "Save My Choices" to save your preferences.

In addition, the Digital Advertising Alliance also offers tools for California consumers to send requests under the CCPA and CPRA to opt out of the sale of personal information by some or all of the participating companies https://www.privacyrights.info/.

GPC Signals

You can also turn on the Global Privacy Control (GPC) to opt out of the "sale" of your personal information for each participating browser system that you use. Learn more at the Global Privacy Control website.

Do Not Track Signals

Some browsers also offer a "Do Not Track" (DNT) signal. Because there is no consistent industry standard for how DNT signals should be interpreted, we do not respond to DNT signals. To learn more about Do Not Track, please visit https://www.allaboutdnt.com.

Users Younger than Age 18

Ritual does not have actual knowledge that we sell or share Personal Information about individuals younger than the age of 18.

Limit Use or Disclosure of Sensitive Personal Information

You can ask us to limit the processing of any Sensitive Personal Information we collect as necessary for our (1) Service delivery and operations, (2) Compliance and protection, (3) research and development, or (4) Service improvement and analytics purposes. To limit the use or disclosure of sensitive information, please email us at privacy-requests@ritual.com

Personal information that we collect, use, and disclose

The table below sets out the categories of Personal Information that we collect, how we use it, and to whom we may disclose it. The Personal Information we collect about you will depend upon how you use our Services or otherwise interact with us. Accordingly, we may not collect all of the below information about you. In addition to the below, we may also collect and/or use additional types of information, and will do so after providing notice to you and obtaining your consent to the extent such notice and consent is required by applicable law:

Statutory Category	Purposes for Collection	Disclosures to Third Parties
Identifiers (online) For example, contact data, profile data, data about others We may collect this type of information from: Consumer (you), Cookies and tracking technologies	Service delivery; Security; Service personalization; Direct marketing; Targeted/Interest-based advertising; SMS Marketing and Support; Promotions and contests; Internal Business Purposes, including Service Analytics; Compliance with law and co-operation with authorities; Protection and enforcement of rights; Data sharing in the context of corporate events; to create aggregated, de-identified, and/or anonymized data; as otherwise disclosed in this privacy policy or at the time you provide your information, or otherwise with your consent.	Business Purpose: Service providers, Payment processors, Advertising partners, Business/marketing partners, Professional advisors, Authorities, Business transferees "Sale/Share": Advertising partners, Business/marketing partners
Identifiers (other) Profile data, Device data We may collect this type of information from: Consumer (you), Cookies and tracking technologies	Service delivery; Security; Service personalization; Direct marketing; Targeted/Interest-based advertising; SMS Marketing and Support; Promotions and contests; Internal Business Purposes, including Service Analytics; Compliance with law and co-operation with authorities; Protection and enforcement of rights; Data sharing in the context of corporate events; to create aggregated, de-identified, and/or anonymized data; as otherwise disclosed in this privacy policy or at the time you provide your information, or otherwise with your consent.	Business Purpose: Service providers, Payment processors, Advertising partners, Business/marketing partners, Professional advisors, Authorities, Business transferees "Sale/Share": Advertising partners, Business/marketing partners
California Customer Records (as defined in California Civil Code §1798.80) Contact data, Transactional data, Data about others We may collect this type of information from: Consumer (you), Cookies and tracking technologies	Service delivery; Security; Service personalization; Direct marketing; Targeted/Interest-based advertising; SMS Marketing and Support; Promotions and contests; Internal Business Purposes, including Service Analytics; Compliance with law and co-operation with authorities; Protection and enforcement of rights; Data sharing in the context of corporate events; to create aggregated, de-identified, and/or anonymized data; as otherwise disclosed in this privacy policy or at the time you provide your information, or otherwise with your consent.	Business Purpose: Service providers, Payment processors, Advertising partners, Business/marketing partners, Professional advisors, Authorities, Business transferees "Sale/Share": Advertising partners, Business/marketing partners
Protected Classification Characteristics We may collect this type of information from: Consumer (you), Cookies and tracking technologies	Service delivery; Security; Compliance with law and co-operation with authorities; Protection and enforcement of rights; Data sharing in the context of corporate events; to create aggregated, de-identified, and/or anonymized data; as otherwise disclosed in this privacy policy or at the time you provide your information, or otherwise with your consent.	Business Purpose: Service providers, Professional advisors, Authorities, Business transferees "Sale/Share": None
Commercial Information Transactional data, Marketing data, Online activity data We may collect this type of information from: Consumer (you), Cookies and tracking technologies	Service delivery; Security; Service personalization; Direct marketing; Targeted/Interest-based advertising; SMS Marketing and Support; Promotions and contests; Internal Business Purposes, including Service Analytics; Compliance with law and co-operation with authorities; Protection and enforcement of rights; Data sharing in the context of corporate events; to create aggregated, de-identified, and/or anonymized data; as otherwise disclosed in this privacy policy or at the time you provide your information, or otherwise with your consent.	Business Purpose: Service providers, Payment processors, Advertising partners, Business/marketing partners, Professional advisors, Authorities, Business transferees "Sale/Share": Advertising partners, Business/marketing partners
Financial Information Transactional data, Payment data We may collect this type of information from: Consumer (you), Cookies and tracking technologies	Service delivery; Security; Compliance with law and co-operation with authorities; Protection and enforcement of rights; Data sharing in the context of corporate events; to create aggregated, de-identified, and/or anonymized data; as otherwise disclosed in this privacy policy or at the time you provide your information, or otherwise with your consent.	Business Purpose: Professional advisors, Authorities, Business transferees "Sale/Share": None
Internet or Network Information Marketing data, Device data, Online activity data We may collect this type of information from: Consumer (you), Cookies and tracking technologies	Service delivery; Security; Service personalization; Direct marketing; Targeted/Interest-based advertising; SMS Marketing and Support; Promotions and contests; Internal Business Purposes, including Service Analytics; Compliance with law and co-operation with authorities; Protection and enforcement of rights; Data sharing in the context of corporate events; to create aggregated, de-identified, and/or anonymized data; as otherwise disclosed in this privacy policy or at the time you provide your information, or otherwise with your consent.	Business Purpose: Service providers, Payment processors, Advertising partners, Business/marketing partners, Professional advisors, Authorities, Business transferees "Sale/Share": Advertising partners, Business/marketing partners
Inferences May be derived from: Contact data, Profile data, Transactional data, Marketing data, Device data, Online activity data We may collect this type of information from: Consumer (you), Cookies and tracking technologies	Service delivery; Security; Service personalization; Direct marketing; Targeted/Interest-based advertising; SMS Marketing and Support; Promotions and contests; Internal Business Purposes, including Service Analytics; Compliance with law and co-operation with authorities; Protection and enforcement of rights; Data sharing in the context of corporate events; to create aggregated, de-identified, and/or anonymized data; as otherwise disclosed in this privacy policy or at the time you provide your information, or otherwise with your consent.	Business Purpose: Service providers, Advertising partners, Authorities, Business transferees, Business/marketing partners "Sale/Share": Advertising partners, Business/marketing partners
Sensitive Information This category includes, for example, pregnancy and other health-related information. We may collect this type of information from: Consumer (you), Cookies and tracking technologies	Service delivery; Security; Service personalization; Direct marketing; Targeted/Interest-based advertising; SMS Marketing and Support; Promotions and contests; Internal Business Purposes, including Service Analytics; Compliance with law and co-operation with authorities; Protection and enforcement of rights; Data sharing in the context of corporate events; to create aggregated, de-identified, and/or anonymized data; as otherwise disclosed in this privacy policy or at the time you provide your information, or otherwise with your consent.	Business Purpose: Service providers, Advertising partners, Authorities, Business transferees, Business/marketing partners "Sale/Share": Advertising partners, Business/marketing partners

Notice of Financial Incentive

Under California regulations, certain programs we offer that provide benefits to consumers may be considered financial incentive programs. We may collect personal information from you in connection with these programs, e.g., such as contact information (name, email address, phone number) and certain commercial information (e.g., transaction history) for a number of reasons, including to administer the program, contact you with regard to your account (if any), to provide the benefits to you, to better serve you, and to fulfill your requests associated with the program.

To opt into the programs, you may need to provide certain information, register for an account and agree to the applicable program terms, or otherwise follow the instructions associated with that applicable program. Please also see the terms of the program you are joining for additional description of the program and any additional requirements. Participation in our other programs is voluntary and you can withdraw at any time. To withdraw from our other programs, please email my@ritual.com.

To the extent that we provide a program that may be considered a financial incentive because the program is directly or reasonably related the collection, deletion or sale or retention of consumer personal information, the value is reasonably related to the overall value we receive from the personal information participants provide specific to the program minus the costs and expenses we incur in providing the program.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

Shine the light law

California residents may send us requests to privacy@ritual.com for identification of third parties to whom we have disclosed your personal information during the preceding calendar year for such third parties' direct-marketing purposes. In your request, you must include the statement "Shine the Light Request," and provide your first and last name and mailing address and certify that you are a California resident. We reserve the right to require additional information to confirm your identity and California residency. Please note that we will not accept requests via telephone, mail, or facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.

Notice to Nevada Residents

We do not currently sell your covered information as those terms are defined under applicable Nevada law. You may still submit an opt-out request and we will honor that request as required by Nevada law if we were to engage in such a sale in the future. If you are a Nevada resident and would like to opt-out of the sale of your covered information, please submit your request to privacy-requests@ritual.com. Your request must include your full name, street address, city, state, zip code, and an email address so that we can contact you if needed regarding this request. If you previously provided a phone number, it will assist us in making sure we identify you as someone who wants to opt-out. You may also be required to take reasonable steps as we determine from time to time in order to verify your identity and/or the authenticity of the request. We will respond to your request within sixty (60) days either confirming that your request has been processed or indicating that we need an additional thirty (30) days to complete the request.

Notice to UK users

The information provided in this Notice to UK users applies only to individuals in the UK.

Controller. Natals, Inc. (d/b/a Ritual) is the controller in respect of the processing of your personal information covered by this Privacy Policy for the purposes of the so-called "UK GDPR" (i.e., the General Data Protection Regulation (EU) 2016/679 as it forms part of UK law post-Brexit). See the Contact Us section above for contact details.

Our UK GDPR Representatives. Our representative in the UK appointed under the UK GDPR is:

Email: contact@gdprlocal.com

Post: GDPR Local Ltd

1st Floor Front Suite 27-29

North Street, Brighton England BN1 1EB

Legal bases for processing. In respect of each of the purposes for which we use your personal information, the UK GDPR requires us to ensure that we have a "legal basis" for that use. Our legal bases for processing your personal information described in this Privacy Policy are listed below.

Where we need to perform a contract, we are about to enter into or have entered into with you ("Contractual Necessity").
Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests ("Legitimate Interests"). More detail about the specific legitimate interests pursued in respect of each purpose we use your personal information for is set out in the list below.
Where we need to comply with a legal or regulatory obligation ("Compliance with Law").
Where we have your specific consent to carry out the processing for the purpose in question ("Consent").

In addition, for any special categories of personal data we process (e.g., data related to your health, such as pregnancy and other similar health-related data), we also have to establish a condition to processing such data, because it is considered to be more sensitive in nature – for example, we may look to obtain your explicit consent to the Processing of those special categories of personal data for one or more specified purposes ("Explicit Consent").

We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use your personal information – for more information on these Purposes, what they cover, and the data types involved, see How we use your personal information.

Processing Purpose	Legal Basis
Service delivery	Contractual Necessity
Ensuring network and information security, including preventing unauthorized access to computer and electronic communication systems and preventing malicious software distribution	Compliance with Law Legitimate Interests. We have a legitimate interest in ensuring the ongoing security and proper operation of our Site, our Services and associated IT services, systems and networks.
Service personalization	Legitimate Interests. We have a legitimate interest in providing you with a good service, which is personalized to you and that remembers your selections and preferences. Consent, in respect of any optional cookies used for this purpose For any special categories of personal data (e.g., data related to your health, such as pregnancy-related data): Explicit Consent
Direct Marketing and Advertising	Legitimate Interests. We have a legitimate interest in promoting our operations and goals as an organization and sending marketing communications for that purpose. Consent, in circumstances or in jurisdictions where consent is required under applicable data protection laws to the sending of any given marketing communications For any special categories of personal data (e.g., data related to your health, such as pregnancy-related data): Explicit Consent
Interest-based Advertising	Consent Legitimate Interests. We have a legitimate interest in personalizing the advertisements served to you and evaluating the use of our website.
Promotions and contests	Contractual Necessity to administer the promotions and contests in accordance with the terms or rules thereof (including communicating with you as and where necessary) In respect of promoting these promotions and contests: Legitimate Interests. We have a legitimate interest in promoting these promotions and contests, including associated publicising of our business and operations. Consent – in circumstances or in jurisdictions where consent is required under applicable data protection laws to the sending of any given promotional communications.
Service Analytics	Consent
Data sharing in the context of corporate events	Legitimate interest. We and any relevant third parties have a legitimate interest in providing information to relevant third parties who are involved in an actual or prospective corporate event (including to enable them to investigate – and, where relevant, to continue to operate – all or relevant part(s) of our operations). However, we would always look to take steps to minimize the amount and sensitivity of any personal information shared in these contexts where possible and appropriate.
Compliance with law and co-operation with authorities	Compliance with Law. Legitimate interest. Where Compliance with Law is not applicable, we and any relevant third parties have a legitimate interest in participating in, supporting and following legal process and requests, including through co operation with authorities. For any special categories of personal data (e.g., data related to your health, such as pregnancy-related data): The processing is necessary for the establishment, exercise or defense of legal claims.
Protection and enforcement of rights	Compliance with Law. Legitimate interest. We and any relevant third parties have a legitimate interest of ensuring the protection, maintenance and enforcement of our and their rights, property, and/or safety. For any special categories of personal data (e.g., data related to your health, such as pregnancy-related data): The processing is necessary for the establishment, exercise or defense of legal claims.
To create aggregated, de-identified and/or anonymized data	Legitimate interest. We have legitimate interest, and believe it is also in your interests, that we are able to take steps to ensure that our Services and how we use Personal Information is as un-privacy intrusive as possible.
Further uses	The original legal basis relied upon, if the relevant further use is compatible with the initial purpose for which the Personal Information was collected. Consent, if the relevant further use is not compatible with the initial purpose for which the personal information was collected.

Special Categories of Personal Data. As noted above, you may choose to provide us with your pregnancy and other similar health-related data. We will only collect such data where you have provided us with your explicit consent to its use for the specific purpose of personalizing your experience. If you do not want us to process your pregnancy-status or other health-related data, you can always choose not to do so by selecting 'Prefer not to say' on our Site.

We will not use your personal information (whether it is directly special category personal data or not) to create inferences or to otherwise reveal information concerning your health / health conditions, your genetic information, your racial or ethnic origin, your sex life or sexual orientation or any other special category(ies) of personal data without your explicit consent. If you do not provide your explicit consent, we will not carry out any Processing that is designed or intended to treat you differently on the basis of a possible inference or 'educated guess' that we could theoretically make about, or that could deduce, these types of special categories (e.g., from your purchase history).

Retention

Your rights

The UK GDPR gives you certain rights regarding your personal information in certain circumstances. If you are located in the UK, you may ask us to take the following actions in relation to your personal information that we hold:

Access. Provide you with information about our processing of your personal information and give you access to your personal information.
Correct. Update or correct inaccuracies in your personal information.
Delete. Delete your personal information where there is no good reason for us continuing to process it – you also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Transfer/Data Portability. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
Restrict. Restrict the processing of your personal information, for example if you want us to establish its accuracy or the reason for processing it.
Object. Object to our processing of your personal information where we are relying on Legitimate Interests – you also have the right to object where we are processing your personal information for direct marketing purposes.
Opt-out (of direct marketing). Stop sending you direct marketing communications. You may continue to receive service-related and other non-marketing emails.
Consent withdrawal. Where we rely on your consent and/or explicit consent to process your personal information you may withdraw that consent at any time.

You may submit these requests online using our privacy request form. Additionally, or by emailing us at privacy-requests@ritual.com. We may request specific information from you to help us confirm your identity and process your request.

Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the UK data protection regulator:

The Information Commissioner's Office

Water Lane, Wycliffe House

Wilmslow - Cheshire SK9 5AF

Tel. +44 303 123 1113

Website: https://ico.org.uk/make-a-complaint/

Data transfers outside the UK

We are a U.S.-based company and many of our service providers, advisers, partners or other recipients of data are also based in the U.S. This means that, if you use the Service, your personal information will necessarily be accessed and processed in the U.S. It may also be provided to recipients in other countries outside the UK.

Where we share your personal data with third parties who are based outside the UK, we try to ensure a similar degree of protection is afforded to it by making sure one of the following mechanisms is implemented:

Transfers to territories with an adequacy decision. We may transfer your personal information to countries or territories whose laws have been deemed to provide an adequate level of protection for personal data by the UK Government (from time to time).
Transfers to territories without an adequacy decision.
- We may transfer your personal information to countries or territories whose laws have not been deemed to provide an adequate level of protection for Personal Data by the UK Government. However, in these cases, we may use specific appropriate safeguards approved by the UK Information Commissioner's Office or UK Government, which are designed to give personal information the same protection it has in the UK – for example, requiring the recipient of personal information to enter into standard contractual clauses such as the relevant form of the so-called 'International Data Transfer Agreement' issued or approved from time to time; or
- In limited circumstances, we may rely on an exception, or 'derogation', which permits us to transfer your information to such country despite the absence of an 'adequacy decision' or 'appropriate safeguards' – for example, reliance on your explicit consent to that transfer.

You may contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the UK.

Automated Decisionmaking

You have the right, in certain circumstances, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you.

Verification Procedures

We must verify your identity for everyone's protection, so we may require you to provide us with verification information prior to accessing any records containing personal information about you. We do this by:

Asking you to provide personal identifiers we can match against information we may have collected from you previously and confirm your request using the email or telephone account stated in the request; or
Having you submit your request through your account page, which will automatically verify your identity and will result in faster processing of your request.

We will use the information you provide for verification only for the purpose of verification. We may have a reason under the law why we do not have to respond to your request or respond to it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

Notice to Canadian residents

You may withdraw consent at any time (subject to legal or contractual restrictions and reasonable notice). Subject to certain limits set out in the applicable laws, Canadian residents also have the right to request access to the personal information that Ritual collects and to update or correct personal information if it is inaccurate. We may need to verify your identity before implementing your request.

Subject to applicable law, if you are a Canadian resident and would like to submit a request to access your personal information or to withdraw consent to the processing of your personal data, please email us at privacy-requests@ritual.com. You may also use this contact to submit any requests for information on our privacy practices or to submit a complaint regarding our practices.

Your request or complaint must include your full name, street address, city, province, postal code, and an email address so that we are able to contact you if needed regarding this request.

We cannot properly process requests or complaints that do not come through the designated request mechanism or do not contain sufficient information to allow us to process your request. You may also be required to take reasonable steps as we determine from time to time in order to verify your identity and/or the authenticity of the request. Once your request is processed, absent exemptions, we will provide you with details regarding what personal information we have, how it is used, and with which third parties it is shared.

Canadian residents may have additional rights under Canadian law, including the Personal Information Protection and Electronic Documents Act ("PIPEDA") and successor legislation. Please see the website of the Office of the Privacy Commissioner of Canada (www.priv.gc.ca) for further information.

Promo Details

Daily Health

Shop For

Shop By need

Pregnancy

Shop by Stage

Shop By Need

Your Cart