Privacy Policy for RODY AI

RODY AI leverages artificial intelligence to deliver animated stories and interactive 3D AI character chats, augmented reality (AR) experiences, and subscription-based premium features, fostering an engaging learning environment for children. As a Hong Kong-based entity, we operate under strict privacy standards to protect both Adult Users and Child Users. This Privacy Policy details:

• The types of data we collect and how we obtain it.
• The purposes for which we use your data.
• How we share, store, and secure it.
• Your rights and options regarding your data.

When you create an account or interact with the App, we may collect:

• Account Information: Full name, email address, and account credentials (e.g., username, password) to authenticate and manage your account.
• Payment Information: Billing details processed securely by third-party providers (e.g., Apple App Store, Google Play Store) for subscriptions; we do not retain this data ourselves.
• Technical and Usage Data: Device information (e.g., device model, operating system version, unique device identifiers), IP address, and usage analytics (e.g., session duration, unique features accessed) to optimise performance and troubleshoot issues.

For Child Users linked to an Adult User’s account, we collect:

• Usage Data: Information from interactions with AI features, such as chat logs with 3D characters, story preferences, educational progress (e.g., completed lessons or activities), AR-captured environmental images processed for real-time interactions, and usage of premium features like quotas for high-quality voices or AI-generated content, used to tailor content.
• No Direct Identifiers: We do not collect personal data (e.g., name, email, or birth date) directly from Child Users unless an Adult User provides it with the Child User's consent.

We use cookies, web beacons, and similar technologies to gather:

• Device and Network Data: Browser type, internet service provider, and connection details.
• Behavioural Data: Pages visited, time spent on features, and interaction patterns, anonymised where possible for analytics.

RODY AI is designed for children aged 4-17. We require Adult Users to:

• Supervise Child Users’ activities within the App.
• Provide explicit consent for the collection and use of Child User data, granted by registering and linking Child Users to your account.
• Optionally consent to receiving product updates or promotional emails from AI-R Metaverse Limited about RODY AI, which you can manage via account settings.

• Consent for Child User data is obtained via in-app prompts or email verification sent to the Adult User’s registered address, ensuring compliance with PDPO.
• Consent for Adult User marketing emails is obtained during account setup or during settings updates, using an opt-in checkbox or a similar mechanism. You may withdraw this consent at any time (see Section 7).
• If we detect that a Child User has accessed the App without consent (e.g., bypassing account creation), we will suspend access and delete any collected data.

• Adult Users can access, review, or delete Child User data through account settings at any time.
• Contact support@rodyssey.ai if you suspect unauthorised use by a child, and we’ll take swift action to address it.

• Deliver personalised AI-driven stories, interactive chats, AR experiences, and premium features based on Child User preferences and progress.
• Enable Adult Users to manage subscriptions, monitor quotas, and oversee Child User activities.

• Process subscription payments securely via third-party providers.
• Maintain account functionality and user support (e.g., responding to inquiries).

• Analyse usage trends (e.g., popular stories, AR interactions) and technical performance to refine features and AI algorithms.
• Use anonymised feedback to enhance educational content and user experience.

• Fulfil legal obligations (e.g., responding to PDPO requests).
• Detect and prevent fraud, abuse, or security threats (e.g., unauthorised account access).

• With your explicit consent, we may use Adult User email addresses to send you product updates, promotional offers, or news related to RODY AI and other AI-R Metaverse Limited services. You can opt out at any time via account settings or unsubscribe links in emails.
• Child User data is never used for marketing, advertising, or profiling purposes, ensuring their privacy remains protected.
• We do not sell, rent, or share any user data with third parties for marketing or advertising purposes.

We partner with trusted providers, including:

• Payment Processors: E.g., Apple App Store, Google Play Store, to handle billing securely (Apple Privacy Policy, Google Privacy Policy).
• Analytics Providers: E.g., Google Analytics, to track usage trends and improve the App.
• Cloud Storage: Secure servers to store encrypted data.

• We may share data with law enforcement or regulators if required by law (e.g., court orders under PDPO), ensuring minimal disclosure.

• In the event of a merger, acquisition, or sale, data may be transferred to a successor entity, with notice provided to Adult Users and safeguards maintained.

• Neither Adult User nor Child User data is shared with third parties for advertising or marketing purposes.

• Encryption: AES-256 for data at rest, TLS for data in transit.
• Server Security: Hosted on secure, audited servers with regular updates.
• Access Controls: Limited to authorised personnel via multi-factor authentication.

• Despite our efforts, no system is immune to all threats (e.g., advanced cyberattacks). We mitigate risks through continuous monitoring and updates.

• If a breach occurs, we will:
• Notify affected Adult Users via email or in-app message promptly (within 72 hours if the breach is serious, in accordance with applicable laws). A "serious" breach involves sensitive data or a high risk of harm.
• Investigate and mitigate the breach, reporting to authorities if mandated.

• Access: Obtain a copy of your or your Child User’s data.
• Correction: Update inaccurate or incomplete data.
• Deletion: Remove your data, subject to legal retention needs (e.g., billing records).
• Restriction: Limit processing in some instances (e.g., during disputes).
• Withdrawal of Consent: Stop data processing, including marketing emails, potentially limiting App use.

• How to Request: Submit written requests to our Data Protection Officer at dpo@rodyssey.ai, specifying your request (e.g., “stop marketing emails”).
• Verification: We may verify your identity (e.g., via email confirmation) to prevent unauthorised access.
• Fees: A reasonable fee may apply for data access requests under PDPO, covering administrative costs, notified upfront and not exceeding HKD 100.
• Response: We’ll respond within 30 days, with extensions for complex cases (e.g., due to volume or complexity).

• Disable cookies via device settings, though this may affect functionality.
• Uninstall the App to stop all data collection (standard device uninstall processes apply).
• Opt out of marketing emails via account settings or unsubscribe links in each email, effective immediately upon request.

• Contact us for resolution or escalate to a supervisory authority (e.g., Hong Kong’s PCPD: www.pcpd.org.hk).

• Data is processed in Hong Kong in accordance with local laws, including the PDPO.

• Transfers outside Hong Kong are conducted with appropriate safeguards, such as binding corporate rules or standard clauses approved by PCPD, in line with PDPO requirements.

• Retention Period: We keep data only as long as necessary for App operation, legal compliance (e.g., 12 months post-account closure for billing), or analytics (anonymised).
• Deletion: Upon request or account termination, we delete data within 30 days, except where legally required to retain it. We review retention annually and delete data securely by overwriting or anonymising it.

• Changes: We may update this policy to reflect legal, operational, or feature changes.
• Notification: Material updates will be posted in the App, emailed to Adult Users, or announced via in-app messages. Continued use post-update signifies acceptance. Review periodically on our website. "Material" updates are those affecting data uses or rights.