Skip to content
Rhize
ENES

Privacy Policy

Last updated:

About this policy

Rhize is a privacy-first social app that lets people communicate more authentically through a public social layer and a private, end-to-end encrypted layer. Rhize is built as a client for the Bluesky / AT Protocol network. That means some activity in Rhize happens on public or third-party social infrastructure that Rhize does not own or control.

This Privacy Policy explains what information Rhize collects, what we do not collect, how encryption works, how public Bluesky / AT Protocol content is handled, and what choices you have.

Rhize is operated by Denazen, Inc. You can contact us at privacy@rhize.social.

1. Our privacy commitments

Rhize is designed around a simple principle: your private social life should not become our business model.

  • We do not sell your personal information.
  • We do not use your private content for advertising.
  • We cannot read your end-to-end encrypted private posts or messages.
  • We do not build advertising profiles from your activity.
  • We collect only the information we reasonably need to operate, secure, improve, and support the app.

2. Rhize and Bluesky / AT Protocol

Rhize is a client for Bluesky and the AT Protocol. When you use Rhize to view, create, like, reply to, repost, follow, or otherwise interact with public Bluesky / AT Protocol content, that activity may be processed, stored, moderated, displayed, indexed, or otherwise handled by Bluesky, AT Protocol services, your personal data server, AppView services, relays, and other third-party infrastructure.

Rhize does not control Bluesky's public-content policies, moderation rules, server logs, data-retention practices, account rules, or network-level visibility.

Public posts and public interactions should be treated as public. Even if you use Rhize to create or view them, public Bluesky / AT Protocol activity may be visible outside Rhize.

3. End-to-end encrypted private content

Rhize includes private features that are designed to use end-to-end encryption. This means that the content of your private Rhize posts, private messages, and other encrypted private communications is encrypted on your device before it is stored or transmitted.

Rhize does not have the keys needed to read your encrypted private content. Your encryption password is processed only on your device and is never transmitted to Rhize servers in any form that lets us reconstruct it. The master key that decrypts your private content is stored on our servers only in a form that is itself encrypted by a key derived from your password — without your password, we cannot decrypt it.

Because of this:

  • Rhize cannot read your encrypted private posts or messages.
  • Rhize cannot recover encrypted private content if you lose access to the keys or credentials needed to decrypt it. Account reset is destructive — it generates new keys, and content encrypted under the prior keys becomes permanently unreadable.
  • Rhize cannot provide plaintext copies of encrypted private content in response to support requests, law-enforcement requests, or any other request.
  • Rhize cannot review the plaintext of encrypted private content for moderation purposes. For private content we can act only on user-submitted reports, screenshots voluntarily provided by users, account-level abuse signals, and non-content metadata.

Some metadata related to encrypted content is visible to Rhize, to Bluesky / AT Protocol infrastructure, or to other network participants. This includes: the existence of a post or message, the timestamp it was created, the account identifiers (DID and handle) involved, the relationships between accounts (follows, friend connections), the record type, and the ciphertext and any associated encrypted blob references. Other clients on the AT Protocol network may observe the same public metadata.

End-to-end encryption protects the content of private communications. It does not make all metadata invisible.

4a. Information we collect — Account and profile information

Rhize is designed to collect as little information as practical. We may process information associated with your Bluesky / AT Protocol account, such as:

  • Your handle.
  • Your decentralized identifier (DID).
  • Your display name.
  • Your profile image.
  • Your public profile description.
  • Your public follows, followers, posts, replies, likes, reposts, and other public AT Protocol activity.
  • Authentication tokens or session information needed to connect your account to Rhize.

Some of this information is public or available through Bluesky / AT Protocol infrastructure. We use it to provide the app experience.

4b. Information we collect — Private-network information

To provide Rhize's private features, we process limited information such as:

  • Your Rhize private-network relationships.
  • Circle membership or sharing relationships.
  • Encrypted key material (stored on your AT Protocol personal data server, encrypted with a key derived from your password).
  • Encrypted content keys (stored on your AT Protocol personal data server, encrypted).
  • Encrypted private records (stored on your AT Protocol personal data server, encrypted).
  • Encrypted private messages (relayed through Rhize's encrypted-inbox infrastructure as ciphertext only).
  • Non-content metadata needed to sync, route, display, secure, or manage private features.

Rhize does not have the keys necessary to read any of this encrypted material and does not use it to read encrypted private content.

4c. Information we collect — Technical and diagnostic information

We collect limited technical information to operate and improve Rhize, such as:

  • App version.
  • Device type.
  • Operating system version.
  • Unhandled JavaScript exception reports (stack traces and error messages, with handles, DIDs, and URIs scrubbed before transmission).
  • Performance and timing diagnostics (for example, login duration, feed-load duration).
  • Feature-error events (for example, a private post failing to encrypt, with a bounded error code — not the content).
  • Approximate timestamps.
  • Server request metadata needed to operate the service.

We use this information to fix bugs, prevent abuse, improve reliability, and understand whether the app is working.

4d. Information we collect — Minimal analytics

Rhize collects limited, anonymous analytics about app usage. We use PostHog as our analytics provider, configured so that:

  • User profiles are never created (no identify, no alias, anonymous person profiles disabled).
  • IP geolocation is disabled.
  • Session replay is disabled.
  • Automatic screen-view and touch capture are disabled.
  • A filter scrubs handles, DIDs, AT Protocol URIs, and email addresses from every event property and exception message before transmission.

The events we send include things like: whether onboarding was completed, whether an invite code was redeemed, whether account creation or login succeeded or failed, whether certain features are used, anonymous aggregate counts of app actions, and unhandled-exception trends.

We do not use analytics to read private content. We do not use analytics to create advertising profiles. We do not sell analytics data. We do not link analytics events to your Bluesky handle, DID, or any other personal identifier.

4e. Information we collect — Feedback and support information

If you contact us, submit feedback, report a problem, or participate in testing, we may collect information you choose to provide, such as:

  • Your email address.
  • Your name or handle.
  • Your message to us.
  • Screenshots or logs you choose to send.
  • Information needed to investigate your request.
  • App version and device information related to the issue.

Please do not send us sensitive personal information unless it is necessary for your request.

4f. Information we collect — Payment or subscription information

If Rhize offers paid features, subscriptions, or in-app purchases, payments may be processed by Apple, Google, or another payment provider. Rhize does not receive your full payment card number from Apple or Google.

We may receive limited purchase-related information, such as subscription status, product purchased, renewal status, transaction identifiers, and entitlement information needed to provide paid features.

5. Information we do not collect

Rhize does not collect:

  • The plaintext content of your end-to-end encrypted private posts or messages.
  • Your private encryption password or recovery secret in any form that Rhize can decrypt.
  • Precise GPS location (Rhize does not request location permission and does not include a location SDK).
  • Your contacts (Rhize does not request contacts permission and does not include a contacts SDK).
  • Microphone, video, or arbitrary-file access (Rhize includes only an image picker, used on-demand when you choose to attach an image to a post or feedback message).
  • Advertising identifiers for cross-app tracking (Rhize does not request the iOS App Tracking Transparency prompt and does not include any advertising or attribution SDK).
  • Sensitive personal information for advertising.
  • Biometric information (Rhize does not use Face ID, Touch ID, or any biometric authentication API; device-level passcode is used only via the operating system's standard secure key store).

If a future version of Rhize adds a feature requiring additional permissions or data, we will explain that at the time and update this policy as needed.

6. How we use information

We use the information described above to:

  • Provide and operate Rhize.
  • Connect to Bluesky / AT Protocol services.
  • Authenticate users.
  • Display public social content.
  • Enable end-to-end encrypted private features.
  • Sync encrypted private content and metadata.
  • Manage invite codes, onboarding, and account access.
  • Prevent spam, abuse, fraud, and security incidents.
  • Debug crashes and performance issues.
  • Respond to support requests and user reports.
  • Improve app reliability and usability.
  • Comply with legal obligations.
  • Enforce our Terms of Service and community rules.

We do not use your private encrypted content for advertising or profiling.

7a. How we share information — With Bluesky / AT Protocol infrastructure

Because Rhize is a Bluesky / AT Protocol client, public account activity and public content may be sent to or retrieved from Bluesky, AT Protocol personal data servers, relays, AppView services, or related infrastructure.

Encrypted private records may also be stored or transmitted through AT Protocol infrastructure in encrypted form. Rhize does not control how third-party AT Protocol infrastructure logs, retains, indexes, or processes network-level metadata.

7b. How we share information — With service providers

We use service providers to help operate Rhize. These providers are allowed to process information only as needed to provide services to us, subject to appropriate confidentiality and security obligations.

Current production service providers:

  • Supabase: stores account metadata, encrypted master keys (ciphertext only), and the encrypted inbox used to relay key-management messages and encrypted DMs. Supabase receives ciphertext and non-content metadata only; it does not receive plaintext private content or unencrypted keys.
  • PostHog: anonymous app analytics and unhandled-exception reporting, configured to never identify users, with IP geolocation disabled, session replay disabled, and screen/touch autocapture disabled. PostHog does not act as a separate crash-reporting provider; it captures JavaScript exceptions only.
  • MailerLite: manages beta-tester and waitlist signups. It receives only the email address of people who opt in to provide it, and is used to send beta and waitlist communications.
  • Apple App Store / TestFlight: distribution and, if Rhize offers paid features, in-app purchase processing.
  • Google Play (if Rhize is published to Android): distribution and, if applicable, in-app purchase processing.

Public posts, public interactions, and account identity are handled by Bluesky / AT Protocol infrastructure (your personal data server, relays, AppView services) — see the previous section.

Rhize does not currently use a customer-relationship-management platform, a dedicated cloud hosting provider beyond the ones listed, or any advertising or attribution SDK.

7c. How we share information — For legal, safety, or security reasons

We may disclose information if we believe it is reasonably necessary to:

  • Comply with law, legal process, or valid government requests.
  • Protect the rights, safety, and security of users, Rhize, or others.
  • Investigate fraud, abuse, spam, security incidents, or violations of our terms.
  • Protect against legal liability.

Because Rhize cannot decrypt end-to-end encrypted private content, we are unable to provide plaintext private content even if legally requested.

7d. How we share information — Business transfers

If Rhize is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. If that happens, we will take reasonable steps to ensure this policy continues to apply or that users receive notice of material changes.

We do not sell your personal information.

8. Public content and moderation

Rhize includes user-generated content. Public Bluesky / AT Protocol content is subject to Bluesky's rules, AT Protocol infrastructure, applicable moderation services, labeling systems, and user controls.

Rhize provides the following safeguards in-app:

  • Report. A "Report" action on any post submits a report to Bluesky / AT Protocol moderation with one of several reason categories (spam, community-guidelines violation, misleading, unwanted sexual content, harassment, or other).
  • Block. A "Block" action prevents the blocked user from interacting with your account and is propagated to Bluesky / AT Protocol — your block applies across compatible AT Protocol clients.
  • Mute. A "Mute" action hides a user's posts in your Rhize feed. Rhize's mute is currently device-local — it does not propagate to your other devices or to other AT Protocol clients.
  • Mature-content filtering. Posts labeled by Bluesky moderation as explicit content (categories including pornography, nudity, sexual content, graphic media, gore, and similar) are always hidden in Rhize. Rhize does not provide a user-facing override for these categories.

Because Rhize is a client for third-party public social infrastructure, moderation actions on public content (including reports, blocks, and labels) are processed by Bluesky / AT Protocol services rather than Rhize directly.

For encrypted private content, Rhize cannot review the underlying content because we cannot read it. We can still act on user-submitted reports, screenshots voluntarily provided by users, account-level abuse signals, and non-content metadata.

To report abuse, use the in-app Report action on the relevant post or account, or contact us at safety@rhize.social.

9. Children and age limits

As a conservative measure, Rhize is currently restricted to users who are 18 or older. Rhize is not intended for anyone under 18, and we do not knowingly collect personal information from anyone under 18. We may revisit this minimum-age policy over time.

Rhize uses Bluesky / AT Protocol account creation for sign-up. Bluesky enforces its own age-verification requirements during account creation, and Rhize does not independently collect a birthdate or run a separate age check at the time you connect your account to Rhize.

This 18-and-over requirement reflects an abundance of caution given that Rhize includes social features and user-generated content. Where an age gate applies at the App Store rating level, it is enforced by the App Store's age-rating gate at install time.

If you believe a child has provided us personal information, contact us at privacy@rhize.social, and we will take appropriate steps.

10. Data retention

We keep information only as long as reasonably necessary for the purposes described in this policy, including to provide Rhize, maintain security, comply with law, resolve disputes, enforce agreements, and improve the app.

Different types of information may be retained for different periods:

  • Account connection information is retained while your account is connected to Rhize.
  • Encrypted private records may remain available as long as needed to provide private features or until deleted according to product functionality and underlying protocol behavior.
  • Support messages may be retained as long as needed to respond and maintain business records.
  • Security logs may be retained for a limited period to detect and prevent abuse.
  • Aggregated analytics may be retained longer if they do not identify individual users.

Public Bluesky / AT Protocol content and metadata may continue to exist outside Rhize even if you stop using Rhize. Deleting content through Rhize may depend on Bluesky / AT Protocol capabilities, your personal data server, relays, caches, third-party clients, and other infrastructure we do not control.

11. Your choices and controls

Depending on the feature and applicable law, you may be able to:

  • Access, update, or delete certain Rhize account information.
  • Disconnect Rhize from your Bluesky / AT Protocol account.
  • Delete certain Rhize-created content.
  • Block or mute users.
  • Report content or accounts.
  • Opt out of optional analytics where available.
  • Request deletion of information Rhize controls.
  • Contact us about privacy questions or requests.

To make a privacy request, contact privacy@rhize.social.

We may need to verify your request before acting on it. Some information may not be fully deletable if we need to retain it for legal, security, fraud-prevention, or legitimate operational reasons.

12. Security

We use technical and organizational measures designed to protect information we process. These include:

  • End-to-end encryption of private posts and direct messages, performed on your device before transmission, using an authenticated-encryption cipher (XChaCha20-Poly1305 with associated data binding).
  • Device-local storage of encryption keys in the operating system's secure key store (Keychain on iOS, Keystore on Android), with cloud-sync of those secure-store items disabled at the OS level.
  • Password-derived key derivation using Argon2id, with a per-account random salt.
  • Exclusion of the app's local data sandbox from iCloud Backup and Google Drive Backup so that key material and decrypted content do not leave the device through device-backup channels.
  • A server-side data boundary in which Rhize's servers (Supabase) receive ciphertext and non-content metadata only — never plaintext private content or unencrypted keys.

No system is perfectly secure. You are responsible for protecting your device, account credentials, recovery information, and any password or secret used to access encrypted private content.

If you lose access to your encryption password and your recovery password, Rhize cannot restore your encrypted private content. Account reset generates a new key set and permanently makes content encrypted under the prior keys unreadable.

13. International users

Rhize is operated from the United States. If you use Rhize from outside the United States, your information may be processed in countries that may have different data-protection laws than where you live.

Where required, we will use appropriate safeguards for international transfers of personal information.

14. Legal rights by region

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain uses of your personal information.

Residents of certain U.S. states, the European Economic Area, the United Kingdom, Canada, and other jurisdictions may have additional privacy rights.

To exercise privacy rights, contact us at privacy@rhize.social.

We do not discriminate against users for exercising privacy rights.

15. California privacy notice

If you are a California resident, California law may give you rights regarding personal information, including the right to know, delete, correct, and opt out of certain sharing or sales.

Rhize does not sell personal information. Rhize does not share personal information for cross-context behavioral advertising.

Categories of personal information we may collect include:

  • Identifiers, such as handle, DID, email address if provided, and account identifiers.
  • Internet or network activity, such as app interactions, diagnostics, and security logs.
  • User-generated content, including public posts and encrypted private records.
  • Commercial information, if you purchase paid features.
  • Inferences, only in limited operational or aggregate analytics contexts, not for advertising profiles.

We use this information for the purposes described in this policy.

16. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify users, such as by updating the effective date, posting notice in the app, or sending an email if appropriate.

Your continued use of Rhize after an updated policy becomes effective means you accept the updated policy, to the extent permitted by law.

17. Contact us

For privacy questions or requests, contact Denazen, Inc. at privacy@rhize.social

Safety / reporting: safety@rhize.social

Support: support@rhize.social

Mailing address: 328 Mount Union Ave, Philomath OR, 97370