iroo world Privacy Policy
Effective date: 2026/05/26 Version: 1.0
Table of Contents
- Data Collection
- Data Sharing and Third-Party Processors
- User Rights
- Protection of Minors
- Account Deletion and Data Deletion
- Data Security
- Data Breach Notification
- Analytics and Tracking
- AI Risk Management
- Marketing Communications
- Updates to This Policy
- Applicable Law and Supervisory Authorities
- Contact Us
1. Data Collection
iroo world collects the following categories of personal data:
| Data category | Details | Purpose | Legal basis (GDPR Art. 6) | Retention period |
|---|---|---|---|---|
| Account information | Phone number / email / third-party login authorization | Account registration and identity verification | Performance of a contract (1(b)) | Deleted within 30 days after account deletion |
| Device information | Device ID, IP address, operating system | Application security | Legitimate interests (1(f)) | 180 days |
| AI interaction data | User-entered text prompts, conversation history, story choices | Providing AI story generation services | Performance of a contract (1(b)) | Deleted within 30 days after account deletion |
| Behavioral data | Reading duration, genre preferences, favorites | Personalized recommendations | Consent (1(a)) | Deleted within 30 days after account deletion |
| Payment information | Subscription status, IAP transaction records | Providing paid services | Performance of a contract (1(b)) | Statutory period |
1.1 Special Notice on AI Interaction Data
- Text inputs (prompts) you submit in iroo world will be transmitted in encrypted form to third-party AI model providers to generate story content. iroo world currently uses or may use Google Gemini, Anthropic Claude, OpenAI ChatGPT, and other comparable providers.
- According to our current AI service providers' published API or commercial service policies, API-submitted customer data is not used to train their models without explicit consent.
- iroo world will not use your conversation data to train or fine-tune AI models without your explicit authorization. You may turn "Allow my data to improve AI models" on or off in "Account Settings -> Privacy -> Data Use" (default: off).
1.2 Sensitive Personal Information and Automated Filtering
Please do not submit sensitive personal information in your inputs, such as government ID numbers, precise addresses, health information, personal information of minors, financial information, account passwords, religious beliefs, sexual orientation, or similar information. We use content safety and privacy protection mechanisms to try to identify, intercept, or delete unnecessary sensitive personal information in inputs, but these mechanisms may not identify every case. If you voluntarily submit such information, we will process it only to the extent necessary to provide the service, conduct safety review, or comply with legal obligations, and will not use it for personalized recommendations, advertising, or model training unless we obtain your separate consent or applicable law requires otherwise.
For inputs that may contain sensitive personal information or high-risk content, the system may automatically detect, block, rewrite prompts, or refuse generation.
2. Data Sharing and Third-Party Processors
iroo world may share data with the following categories of third-party processors, service providers, or contractors as needed to provide the service:
| Processor category | Shared data | Purpose | Outside the EEA | Transfer mechanism |
|---|---|---|---|---|
| AI model providers, including Google Gemini, Anthropic Claude, OpenAI ChatGPT, and comparable providers | User prompt text and context needed for generation | Generate AI story content and provide safety controls | Yes, depending on provider | SCCs or other lawful transfer safeguards where required |
| Analytics providers, if enabled | Behavioral data and device-level identifiers | Product optimization and service analytics | Depends on provider | SCCs or other lawful transfer safeguards where required |
| Cloud infrastructure providers used to operate iroo world | Stored service data | Hosting, storage, backup, and security | Depends on provider | SCCs or other lawful transfer safeguards where required |
| Payment processors, such as Apple or Google | Subscription order information | Process in-app purchases and subscriptions | Yes, depending on user region and platform | Platform terms and lawful transfer safeguards where required |
| Content safety provider, if separate from the AI model provider | User prompt text and AI-generated text | Content safety review | Depends on provider | SCCs or other lawful transfer safeguards where required |
Where a third party acts as a processor, service provider, or contractor for iroo world, we use contractual controls such as data processing terms, confidentiality obligations, and cross-border transfer safeguards where required. Links to the privacy policies of major third-party providers are listed in the appendix where available.
iroo world does not sell your personal information and does not share personal information for cross-context behavioral advertising.
3. User Rights
3.1 GDPR Rights (EU Users)
You have the following rights. You may submit a request through the contact methods listed on the Contact page, and iroo world will respond within 30 days:
- Right of access (Art. 15): obtain a copy of your personal data
- Right to rectification (Art. 16): correct inaccurate data
- Right to erasure / right to be forgotten (Art. 17): request deletion of your personal data
- Right to restriction of processing (Art. 18): restrict iroo world's processing of your data
- Right to data portability (Art. 20): export your data in a structured format
- Right to object (Art. 21): object to data processing based on legitimate interests
3.2 CCPA Rights (California Users)
You have the following rights. iroo world will respond within 45 days (which may be extended to 90 days with an explanation):
- Right to know (Section 1798.100): know the categories and specific pieces of personal information collected in the past 12 months
- Right to delete (Section 1798.105): request deletion of your personal information
- Right to correct (Section 1798.106): request correction of inaccurate personal information
- Right to opt out of sale/sharing (Section 1798.120): opt out of the sale or sharing of personal information
- Right to limit sensitive personal information (Section 1798.121): limit certain uses and disclosures of sensitive personal information where applicable
- Right to non-discrimination (Section 1798.125): you will not be discriminated against for exercising these rights
Disclosure of personal information in the past 12 months (CCPA/CPRA): iroo world does not sell your personal information and does not share personal information for cross-context behavioral advertising. In the past 12 months, iroo world has disclosed personal information to the following categories of third parties for service-provision purposes: AI model providers (prompt text), analytics providers if enabled (behavioral data), cloud infrastructure providers (stored data), and payment processors (subscription information). These disclosures are for providing the service and do not constitute a "sale" under the CCPA.
iroo world does not knowingly sell or share personal information of users under 16 for targeted advertising. If this changes, iroo world will implement the opt-in consent mechanism required by applicable law before activation.
For interest preferences or recommendation profiles generated based on usage behavior, you may adjust them through "Not interested," "Show less like this," interest preference settings, or resetting personalized recommendations. You may also request correction of inaccurate personal information we hold through the privacy request channels.
Methods for submitting CCPA requests: (1) send an email to privacy@iroo.world; (2) submit a request in the app through "Settings -> Privacy -> Submit Data Request".
We will not use sensitive personal information to infer user characteristics, targeted advertising, or non-essential purposes. If we introduce such uses in the future, we will provide a mechanism to limit the use and disclosure of sensitive personal information.
4. Protection of Minors
iroo world is not intended for children under 13 and does not actively collect personal information from children under 13. If we discover that a user is under 13, or is otherwise a young minor who legally requires guardian consent, we will stop providing account services and delete the relevant personal information unless we have obtained the guardian consent required by applicable law.
In mainland China, personal information of minors under 14 is sensitive personal information. If iroo world later targets or permits users under 14 to use the service, we will obtain separate consent from a parent or other guardian before collection and provide dedicated Minor Personal Information Protection Rules.
For users under 18, iroo world will enable stricter content safety and privacy protection measures, including restricting adult content, limiting personalized advertising or marketing uses, and prohibiting use of their conversation content for model training without explicit authorization.
5. Account Deletion and Data Deletion
Deletion path: "Me -> Settings -> Account & Security -> Delete Account" (no more than 3 clicks).
After deletion is confirmed, iroo world will:
- delete or anonymize personal data that is no longer necessary within 30 days, including account information, AI conversation history, and behavioral data
- send an account deletion confirmation email to your registered email address
- stop providing account services and provide instructions for canceling active subscriptions. Subscriptions managed by Apple or Google must be canceled through the relevant store account and may not be canceled automatically by account deletion
- retain or anonymize data that must be kept for legal obligations, such as transaction records, only to the extent necessary
Consent records: iroo world will record the timestamp of your first acceptance of this agreement and the Privacy Policy, together with the accepted document version number, for compliance retention. These records are retained while the account exists and for no more than 5 years after account deletion.
6. Data Security
iroo world uses reasonable administrative, technical, and organizational measures to protect your personal data, including transport encryption (TLS), encryption at rest where supported, access controls, and security reviews.
7. Data Breach Notification
- EU users: If a data breach may affect your rights, iroo world will notify the competent supervisory authority within 72 hours after becoming aware of the breach and will notify affected users as soon as practicable.
- California users: iroo world will comply with the breach notification requirements of California Civil Code Section 1798.82.
- Breach notices will include: the nature of the breach, affected data categories, remedial measures taken, protective steps users may take, and contact information.
8. Analytics and Tracking
iroo world may use analytics technologies to collect reading behavior data for product improvement and personalized recommendations. Data points may include reading duration, chapter completion rate, preferred genre tags, favorites and sharing records, and feature usage frequency.
Cookies and similar technologies: As a native mobile application, iroo world does not use browser cookies. The app uses a device-level anonymous random identifier (UUID) for session association. This identifier automatically expires after you uninstall the app.
Analytics data may be shared with third-party analytics providers if analytics features are enabled (see "2. Data Sharing"). You may opt out of analytics in "Account Settings -> Privacy -> Analytics Data". iroo world currently does not use advertising identifiers (IDFA/GAID) for targeted advertising and does not use personal data for targeted ads.
9. AI Risk Management
iroo world implements AI system risk management measures, including content safety filtering, AI-generated content notices, output quality monitoring, and model performance evaluation. For story content generated by AI, we will display a notice near the content indicating that it is AI-assisted fictional content and provide necessary transparency information to the extent required by applicable law.
Stories, characters, dialogue, and plots generated by iroo world may be automatically generated by AI and are fictional. They should not be treated as real facts, professional advice, or official information. When sharing or publishing such content, users must not remove, hide, or misleadingly modify AI-generated content labels.
10. Marketing Communications
During registration, you may separately choose whether to receive marketing notifications. This consent is not bundled with the service agreement and is not pre-checked. You may withdraw marketing consent at any time through "Settings -> Notification Preferences" or the email unsubscribe link, and iroo world will process the unsubscribe request within 48 hours.
11. Updates to This Policy
If this policy changes materially, iroo world will notify you at least 30 days in advance through in-app notice and your registered email address. When you first open the app after the update, you must confirm acceptance of the new policy before continuing to use the service. Historical versions are available in "Settings -> Help & Legal -> Policy History". If a change reduces your rights, you may request account deletion before the change takes effect.
12. Applicable Law and Supervisory Authorities
- EU users: This policy is governed by the GDPR where applicable, and you may contact the competent supervisory authority in your member state.
- California users: This policy is governed by the CCPA/CPRA.
13. Contact Us
| Subject | Contact |
|---|---|
| Privacy inquiries and data subject requests | privacy@iroo.world |
| Legal notices | legal@iroo.world |
| Operator mailing address | iroo world, support@iroo.world |
| EU representative (if applicable) | Not applicable |
| Data Protection Officer (if applicable) | dpo@iroo.world |
For additional support channels, please visit the Contact Us page.
Appendix: Privacy Policy Links of Major Third-Party Providers
| Provider category | Provider name | Privacy policy link |
|---|---|---|
| AI model provider | OpenAI ChatGPT / OpenAI API | https://openai.com/policies/privacy-policy |
| AI model provider | Anthropic Claude | https://www.anthropic.com/privacy |
| AI model provider | Google Gemini | https://policies.google.com/privacy |
| Cloud infrastructure | Providers used to host and store the iroo world service | Provider-specific links will be added before the corresponding production integration is made available to users |
| Analytics provider | Analytics provider, if enabled | Provider-specific links will be added before analytics SDKs are enabled |
| Payment processor | Apple (App Store IAP) | https://www.apple.com/legal/privacy/ |
| Payment processor | Google (Play Store IAP) | https://policies.google.com/privacy |
| Content safety provider | Provider-integrated safety systems and iroo world moderation tools | Provider-specific links will be added before a standalone third-party provider is made available to users |