Privacy Policy for RODY AI

RODY AI leverages artificial intelligence to deliver animated stories and interactive 3D AI character chats, augmented reality (AR) experiences, and subscription-based premium features, fostering an engaging learning environment for children. As a Hong Kong-based entity, we operate under strict privacy standards to protect both Adult Users and Child Users. This Privacy Policy details:

• The types of data we collect and how we obtain it.
• The purposes for which we use your data.
• How we share, store, and secure it.
• Your rights and options regarding your data.

When you create an account or interact with the App, we may collect:

• Account Information: Full name, email address, and account credentials (e.g., username, password) to authenticate and manage your account.
• Payment Information: Billing details processed securely by third-party providers (e.g., Apple App Store, Google Play Store) for subscriptions; we do not retain this data ourselves.
• Technical and Usage Data: Device information (e.g., device model, operating system version, unique device identifiers), IP address, and usage analytics (e.g., session duration, unique features accessed) to optimise performance and troubleshoot issues.

For Child Users linked to an Adult User's account, we collect:

• Interaction Content (collected under Adult User consent): Chat messages with 3D AI characters, voice inputs, AR-captured environmental images processed for real-time interactions, story preferences, and educational progress (e.g., completed lessons or activities), used to tailor content. This content is collected and processed under the explicit consent of the supervising Adult User.
• Usage Data: Usage of premium features such as quotas for high-quality voices or AI-generated content.
• Direct Identifiers Not Requested: We do not request a Child User's name, email, or date of birth directly from the Child User. Such identifying information is collected only if an Adult User chooses to provide it on the Child User's behalf.

We use a combination of technologies depending on whether you are using our mobile App or our website:

• On the mobile App: mobile SDKs, device identifiers (such as IDFA on iOS or Android Advertising ID), and local storage.
• On our websites (rodyssey.ai and askrody.ai): cookies, web beacons, and similar browser-based technologies.

These technologies are used to gather:

• Device and Network Data: Device model, operating system, browser type (website only), mobile network or Wi-Fi connection details.
• Behavioural Data: Pages or features accessed, time spent, and interaction patterns, anonymised where possible for analytics.

RODY AI is designed for children aged 4-17. We require Adult Users to:

• Supervise Child Users' activities within the App.
• Provide explicit consent for the collection and use of Child User data, granted by registering and linking Child Users to your account.
• Optionally consent to receiving product updates or promotional emails from AI-R Metaverse Limited about RODY AI, which you can manage via account settings.

- Consent for Child User data is obtained via in-app prompts or email verification sent to the Adult User's registered address.

• Consent for Adult User marketing emails is obtained during account setup or during settings updates, using an opt-in checkbox or a similar mechanism. You may withdraw this consent at any time (see Section 10).
• If we detect that a Child User has accessed the App without consent (e.g., bypassing account creation), we will suspend access and delete any collected data.

- Adult Users can access, review, or delete Child User data through account settings at any time.

• Contact support@rodyssey.ai if you suspect unauthorised use by a child, and we'll take swift action to address it.

Before verifiable parental consent is obtained:

• The App does not collect personal information from Child Users without parental consent.
• Voice inputs are processed in real time for generating AI responses. Audio is not retained after processing unless parental consent has been given.
• Children cannot create accounts; only Adult Users may register and link Child Users.
• No marketing communications or push notifications are sent to Child Users.

We use a two-step verification process:

• A direct notice screen is displayed to the Adult User before linking a Child User, explaining our data collection practices and parental rights.
• Payment confirmation or email verification is used to verify adult status and complete the consent process.

Parents and legal guardians may at any time:

• Review the personal information collected from their child.
• Request deletion of their child's personal information.
• Refuse further collection or use of their child's information.
• Withdraw consent previously given.
• Contact us at dpo@rodyssey.ai to exercise any of these rights.

With verifiable parental consent, we may collect:

• First name (optional, provided by the parent on behalf of the child).
• Chat messages with AI characters.
• Voice inputs (processed in real time; audio is not permanently stored).
• Educational progress and usage data.

- Solely to provide the educational service, personalise learning content, and monitor safety.

• We do NOT use children's data for advertising, profiling, or marketing purposes.
• We do NOT sell, rent, or share children's personal information with third parties for any commercial purpose.

- Deliver personalised AI-driven stories, interactive chats, AR experiences, and premium features based on Child User preferences and progress.

• Enable Adult Users to manage subscriptions, monitor quotas, and oversee Child User activities.

- Process subscription payments securely via third-party providers.

• Maintain account functionality and user support (e.g., responding to inquiries).

- Analyse usage trends (e.g., popular stories, AR interactions) and technical performance to refine features and AI algorithms.

• Use anonymised feedback to enhance educational content and user experience.

- Fulfil legal obligations (e.g., responding to lawful regulatory or law-enforcement requests).

• Detect and prevent fraud, abuse, or security threats (e.g., unauthorised account access).

- With your explicit consent, we may use Adult User email addresses to send you product updates, promotional offers, or news related to RODY AI and other AI-R Metaverse Limited services. You can opt out at any time via account settings or unsubscribe links in emails.

• Child User data is never used for marketing, advertising, or profiling purposes, ensuring their privacy remains protected.
• We do not sell, rent, or share any user data with third parties for marketing or advertising purposes.

We partner with trusted providers, including:

• Payment Processors: Apple App Store and Google Play Store, to handle billing securely.
• Analytics Providers: Google Analytics, to track website usage trends and improve the App.
• AI Providers: OpenRouter (routing) and Google Gemini (model), to provide AI-powered chat features under Zero Data Retention (see Section 12).
• Cloud Infrastructure: Cloudflare, for hosting, CDN, and security.

- Encryption: AES-256 for data at rest, TLS for data in transit.

• Server Security: Hosted on secure, audited servers with regular updates.
• Access Controls: Limited to authorised personnel via multi-factor authentication.

If a data breach occurs, we will:

• Notify affected Adult Users via email or in-app message promptly (within 72 hours if the breach is serious, in accordance with applicable laws). A "serious" breach involves sensitive data or a high risk of harm.
• Notify the relevant supervisory authority where required by applicable law.
• Investigate and mitigate the breach, reporting to authorities if mandated.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, in accordance with Data Protection Principle 2 of the PDPO:

• Account and profile data (Adult and Child User): Retained until you request account deletion; erased from active systems within 30 days.
• AI conversation content (chat messages, voice recordings, AR-captured images): Stored on our servers until you delete your account, to allow parents to review their child's interactions, improve the App, and monitor safety.
• Voice recordings sent for AI processing: Processed in real time and not permanently stored by AI providers (see Section 12).
• Payment records: Retained for 7 years as required by Hong Kong tax and anti-money-laundering laws.
• Technical and usage data (anonymised): Retained for up to 24 months for analytics purposes.
• Data transmitted to AI providers (OpenRouter, Google Gemini): Not retained by these providers under our Zero Data Retention configuration (see Section 12).
• Marketing consent records: Retained until consent is withdrawn.

- Access: Obtain a copy of your or your Child User's data.

• Correction: Update inaccurate or incomplete data.
• Deletion: Remove your data, subject to legal retention needs (e.g., billing records).
• Restriction: Limit processing in some instances (e.g., during disputes).
• Withdrawal of Consent: Stop data processing, including marketing emails, potentially limiting App use.

- How to Request: Submit written requests to our Data Protection Officer at dpo@rodyssey.ai, specifying your request (e.g., "stop marketing emails" or "export my data").

• Verification: We may verify your identity (e.g., via email confirmation) to prevent unauthorised access.
• Fees: A reasonable fee may apply for data access requests under PDPO, covering administrative costs, notified upfront and not exceeding HKD 100. Where mandatory law of your country requires us to provide access free of charge, we will do so.
• Response: We will respond within 30 days, with reasonable extensions for complex cases.

- Disable cookies via your browser settings on the website, though this may affect functionality.

• Uninstall the App to stop all data collection (standard device uninstall processes apply).
• Opt out of marketing emails via account settings or unsubscribe links in each email, effective immediately upon request.

Transfers outside Hong Kong are conducted with appropriate safeguards, including:

• Contractual safeguards requiring recipients to maintain protection standards substantially similar to PDPO.
• Technical safeguards including encryption in transit and at rest.
• De-identification of data where feasible before cross-border transmission.

- To provide AI-powered conversational features, we transmit user inputs — including text questions, voice recordings, and photos — to Google's Gemini AI service via OpenRouter. We have configured our OpenRouter account with the following privacy protections:

• Zero Data Retention (ZDR) enforced — requests are routed only to provider endpoints that do not retain prompts or completions after processing
• Training opted out — neither paid nor free endpoints may use your data to train AI models
• Public dataset publication disabled — data will not be published to any public dataset
• OpenRouter product-improvement use disabled — OpenRouter itself will not use your inputs or outputs to improve its product
• As a result, your child's questions, voice recordings, and photos are not retained by OpenRouter or Google after the immediate processing of each request, and are not used to train any AI model.
• We do, however, store the conversation content (text, voice recordings, and photos) on our own servers for the following purposes:
• To allow parents to review their child's interactions with the app
• To improve our app experience and educational content
• To monitor safety and filter inappropriate content
• We do not sell or share user data with any third parties for advertising or marketing purposes. Users may request deletion of their conversation history by deleting their account through the App's settings, or by contacting our customer support team at info@rodyssey.ai.
• Users must provide explicit consent before any AI-powered features are activated.

- Changes: We may update this policy to reflect legal, operational, or feature changes.

• Notification: Material updates will be posted in the App, emailed to Adult Users, or announced via in-app messages. Continued use post-update signifies acceptance. Review periodically on our website. "Material" updates are those affecting data uses or rights. Where required by applicable law, we will obtain your express consent for material changes.