Privacy Policy

Rainku (“Rainku,” “we,” “us”) operates the rain-and-journal experience at rainku.com. This Privacy Policy explains what we collect, how we use it, who we share it with, and the choices you have. By using Rainku you agree to the practices described here.

We aim to keep your written and spoken content private. Your journals, chats with the rain-spirit companion, and any voice recordings you submit are personal data, and we treat them that way.

1. Information we collect

a. Information you give us

• Account information. Email address (or anonymous device identifier) you sign up with, plus an optional display name and a name you give your AI companion.
• Your written content. Journal entries you write or AI-assisted entries you save, and the messages you exchange with the rain-spirit companion.
• Voice input. When you press the dictate button, we capture audio, send it to our voice provider for speech-to-text, and store the resulting transcript with your journal. Raw audio is not retained on our servers; the transcript is.
• Settings and preferences. Theme, language, audio levels, sharing options, and the companion-name you choose.
• Payment information. If you subscribe or top up credits, our payment processor (Creem) collects your card details directly. We never see or store your full card number; we only receive a subscription identifier and outcome (paid / failed / refunded).

b. Information we collect automatically

• Usage telemetry. Aggregate per-call latency, success rate, and credit cost of AI calls — used to monitor service health. We do not log the content of your prompts in these telemetry records.
• Device and connection. IP address, user agent, and request region — used to deliver the right edge endpoints, prevent abuse, and rate-limit. IP addresses are stored only for the period needed for security analysis.
• Essential cookies. A signed-in session cookie and a small number of preference cookies. We do not set advertising cookies.

c. Information we do not collect

• We do not collect biometric data, contacts, location, or device sensor data.
• We do not link your activity to advertising networks.
• We do not use your journals or chats to train third-party AI models. Your content is sent to our LLM providers only as a prompt for the response you requested, under contracts that prohibit that data being used for training.

2. How we use your information

• To provide the journal, chat, voice, and weather features you use.
• To compute and bill credits, and to fulfill subscriptions and refunds via our payment processor.
• To detect abuse, fraud, and security incidents, and to enforce our Terms of Service.
• To send transactional email — sign-in codes, payment receipts, and account notices. We do not send marketing email by default.
• To improve the service through anonymized, aggregated metrics.

3. Service providers and data transfers

We rely on the following providers to deliver Rainku. We share only what each provider needs to perform its function, under data-processing agreements that bind them to comparable confidentiality and security standards.

• Supabase — managed Postgres database and authentication. Stores your account, journals, chat messages, and credit ledger.
• Cloudflare — content delivery, edge workers, R2 object storage (for background art). Sees request metadata; does not access journal content.
• Vercel — application hosting. Delivers the Rainku web app.
• Creem — payments and subscriptions. Receives the data needed to bill you.
• LLM providers (DeepSeek, and other model providers via our AI gateway) — receive the prompt and conversation context required to generate the AI response. Configured with zero-data-retention and a no-training-on-customer-data clause where the provider supports it.
• Voice ASR provider (Alibaba DashScope / Qwen3) — receives the audio you submit for transcription, returns text, and discards the audio.

These providers operate from data centers in the European Union, the United States, Singapore, and mainland China (for the China-region voice provider). When data crosses borders we rely on the relevant legal mechanisms (Standard Contractual Clauses and equivalent).

4. Your rights

Depending on where you live you have rights over your personal data, including:

• Access & portability. Download a complete machine-readable copy of your data from Account → Your data → Download. The export covers your profile, journals, chats, credit ledger, voice usage, and settings.
• Erasure. Delete your account from Account → Your data → Delete account. We schedule your account for permanent deletion after a 30-day grace period; you can sign back in within 30 days and cancel. After 30 days every journal, chat, credit, and setting is wiped.
• Correction. Edit your profile, companion name, and journal entries directly in the app.
• Restriction & objection. Email us at the address below to ask us to limit a specific use of your data.
• Withdraw consent. Where we rely on your consent (for example, the journal-access setting that lets the companion read your recent entries) you can turn it off in Settings.
• Complaint. If you live in the European Economic Area, the United Kingdom, or Switzerland, you have the right to lodge a complaint with your local data-protection authority.

5. Data retention

• Account, journals, chats, credit ledger: kept while your account is active and for 30 days after you schedule deletion (the grace window). After that, hard-deleted.
• Voice transcripts: kept with the journal entry they belong to. Raw audio is not retained.
• Payment records (orders, refunds): retained for 7 years to satisfy tax and accounting law, even after account deletion. We keep the minimum needed for that purpose.
• Aggregate, anonymized usage metrics: kept indefinitely; cannot be linked back to you.
• Backups: rolling 30-day window; deletions propagate to backups within that window.

6. Cookies and tracking

We use only essential cookies: a signed-in session cookie, a CSRF token, and a small set of preference cookies (locale, theme). We do not use advertising or cross-site tracking cookies. Disabling essential cookies will prevent sign-in.

7. Security

• All traffic to and from Rainku is encrypted in transit (TLS 1.2+).
• Passwords are not used — we sign you in via one-time email codes.
• API keys for third-party providers are stored in encrypted secret stores and never exposed to clients.
• Database row-level security restricts every query to your own data.
• We log security-relevant events (sign-ins, payment events, deletion requests) for review.

8. Children

Rainku is intended for users 13 years and older. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, contact us and we will delete the account.

9. Anonymous accounts

You can use Rainku without signing up; the app creates an anonymous account so your settings and free-trial credits travel with you on the device. Anonymous data is hard-deleted automatically after a period of inactivity, or whenever your browser clears site data.

10. AI-generated content

Replies from the rain-spirit companion are produced by large language models. They are not provided by a licensed therapist, doctor, or lawyer. AI replies can be wrong or imperfect; do not rely on them for medical, legal, financial, or safety-critical decisions. If you are in distress, please reach out to a local crisis service.

11. Changes to this policy

We may update this policy. When we do, we will change the “Effective” date above and, for material changes, notify you via email or an in-app notice. Continued use after the change means you accept the updated policy.

12. Contact us

Privacy questions or requests: privacy@rainku.com. We will respond within 30 days.