Skip to main content

iroo world Privacy Policy

Effective date: 2026/05/26 Version: 1.0


Table of Contents

  1. Data Collection
  2. Data Sharing and Third-Party Processors
  3. User Rights
  4. Protection of Minors
  5. Account Deletion and Data Deletion
  6. Data Security
  7. Data Breach Notification
  8. Analytics and Tracking
  9. AI Risk Management
  10. Marketing Communications
  11. Updates to This Policy
  12. Applicable Law and Supervisory Authorities
  13. Contact Us

1. Data Collection

iroo world collects the following categories of personal data:

Data categoryDetailsPurposeLegal basis (GDPR Art. 6)Retention period
Account informationPhone number / email / third-party login authorizationAccount registration and identity verificationPerformance of a contract (1(b))Deleted within 30 days after account deletion
Device informationDevice ID, IP address, operating systemApplication securityLegitimate interests (1(f))180 days
AI interaction dataUser-entered text prompts, conversation history, story choicesProviding AI story generation servicesPerformance of a contract (1(b))Deleted within 30 days after account deletion
Behavioral dataReading duration, genre preferences, favoritesPersonalized recommendationsConsent (1(a))Deleted within 30 days after account deletion
Payment informationSubscription status, IAP transaction recordsProviding paid servicesPerformance of a contract (1(b))Statutory period

1.1 Special Notice on AI Interaction Data

  • Text inputs (prompts) you submit in iroo world will be transmitted in encrypted form to third-party AI model providers to generate story content. iroo world currently uses or may use Google Gemini, Anthropic Claude, OpenAI ChatGPT, and other comparable providers.
  • According to our current AI service providers' published API or commercial service policies, API-submitted customer data is not used to train their models without explicit consent.
  • iroo world will not use your conversation data to train or fine-tune AI models without your explicit authorization. You may turn "Allow my data to improve AI models" on or off in "Account Settings -> Privacy -> Data Use" (default: off).

1.2 Sensitive Personal Information and Automated Filtering

Please do not submit sensitive personal information in your inputs, such as government ID numbers, precise addresses, health information, personal information of minors, financial information, account passwords, religious beliefs, sexual orientation, or similar information. We use content safety and privacy protection mechanisms to try to identify, intercept, or delete unnecessary sensitive personal information in inputs, but these mechanisms may not identify every case. If you voluntarily submit such information, we will process it only to the extent necessary to provide the service, conduct safety review, or comply with legal obligations, and will not use it for personalized recommendations, advertising, or model training unless we obtain your separate consent or applicable law requires otherwise.

For inputs that may contain sensitive personal information or high-risk content, the system may automatically detect, block, rewrite prompts, or refuse generation.

2. Data Sharing and Third-Party Processors

iroo world may share data with the following categories of third-party processors, service providers, or contractors as needed to provide the service:

Processor categoryShared dataPurposeOutside the EEATransfer mechanism
AI model providers, including Google Gemini, Anthropic Claude, OpenAI ChatGPT, and comparable providersUser prompt text and context needed for generationGenerate AI story content and provide safety controlsYes, depending on providerSCCs or other lawful transfer safeguards where required
Analytics providers, if enabledBehavioral data and device-level identifiersProduct optimization and service analyticsDepends on providerSCCs or other lawful transfer safeguards where required
Cloud infrastructure providers used to operate iroo worldStored service dataHosting, storage, backup, and securityDepends on providerSCCs or other lawful transfer safeguards where required
Payment processors, such as Apple or GoogleSubscription order informationProcess in-app purchases and subscriptionsYes, depending on user region and platformPlatform terms and lawful transfer safeguards where required
Content safety provider, if separate from the AI model providerUser prompt text and AI-generated textContent safety reviewDepends on providerSCCs or other lawful transfer safeguards where required

Where a third party acts as a processor, service provider, or contractor for iroo world, we use contractual controls such as data processing terms, confidentiality obligations, and cross-border transfer safeguards where required. Links to the privacy policies of major third-party providers are listed in the appendix where available.

iroo world does not sell your personal information and does not share personal information for cross-context behavioral advertising.

3. User Rights

3.1 GDPR Rights (EU Users)

You have the following rights. You may submit a request through the contact methods listed on the Contact page, and iroo world will respond within 30 days:

  • Right of access (Art. 15): obtain a copy of your personal data
  • Right to rectification (Art. 16): correct inaccurate data
  • Right to erasure / right to be forgotten (Art. 17): request deletion of your personal data
  • Right to restriction of processing (Art. 18): restrict iroo world's processing of your data
  • Right to data portability (Art. 20): export your data in a structured format
  • Right to object (Art. 21): object to data processing based on legitimate interests

3.2 CCPA Rights (California Users)

You have the following rights. iroo world will respond within 45 days (which may be extended to 90 days with an explanation):

  • Right to know (Section 1798.100): know the categories and specific pieces of personal information collected in the past 12 months
  • Right to delete (Section 1798.105): request deletion of your personal information
  • Right to correct (Section 1798.106): request correction of inaccurate personal information
  • Right to opt out of sale/sharing (Section 1798.120): opt out of the sale or sharing of personal information
  • Right to limit sensitive personal information (Section 1798.121): limit certain uses and disclosures of sensitive personal information where applicable
  • Right to non-discrimination (Section 1798.125): you will not be discriminated against for exercising these rights

Disclosure of personal information in the past 12 months (CCPA/CPRA): iroo world does not sell your personal information and does not share personal information for cross-context behavioral advertising. In the past 12 months, iroo world has disclosed personal information to the following categories of third parties for service-provision purposes: AI model providers (prompt text), analytics providers if enabled (behavioral data), cloud infrastructure providers (stored data), and payment processors (subscription information). These disclosures are for providing the service and do not constitute a "sale" under the CCPA.

iroo world does not knowingly sell or share personal information of users under 16 for targeted advertising. If this changes, iroo world will implement the opt-in consent mechanism required by applicable law before activation.

For interest preferences or recommendation profiles generated based on usage behavior, you may adjust them through "Not interested," "Show less like this," interest preference settings, or resetting personalized recommendations. You may also request correction of inaccurate personal information we hold through the privacy request channels.

Methods for submitting CCPA requests: (1) send an email to privacy@iroo.world; (2) submit a request in the app through "Settings -> Privacy -> Submit Data Request".

We will not use sensitive personal information to infer user characteristics, targeted advertising, or non-essential purposes. If we introduce such uses in the future, we will provide a mechanism to limit the use and disclosure of sensitive personal information.

4. Protection of Minors

iroo world is not intended for children under 13 and does not actively collect personal information from children under 13. If we discover that a user is under 13, or is otherwise a young minor who legally requires guardian consent, we will stop providing account services and delete the relevant personal information unless we have obtained the guardian consent required by applicable law.

In mainland China, personal information of minors under 14 is sensitive personal information. If iroo world later targets or permits users under 14 to use the service, we will obtain separate consent from a parent or other guardian before collection and provide dedicated Minor Personal Information Protection Rules.

For users under 18, iroo world will enable stricter content safety and privacy protection measures, including restricting adult content, limiting personalized advertising or marketing uses, and prohibiting use of their conversation content for model training without explicit authorization.

5. Account Deletion and Data Deletion

Deletion path: "Me -> Settings -> Account & Security -> Delete Account" (no more than 3 clicks).

After deletion is confirmed, iroo world will:

  • delete or anonymize personal data that is no longer necessary within 30 days, including account information, AI conversation history, and behavioral data
  • send an account deletion confirmation email to your registered email address
  • stop providing account services and provide instructions for canceling active subscriptions. Subscriptions managed by Apple or Google must be canceled through the relevant store account and may not be canceled automatically by account deletion
  • retain or anonymize data that must be kept for legal obligations, such as transaction records, only to the extent necessary

Consent records: iroo world will record the timestamp of your first acceptance of this agreement and the Privacy Policy, together with the accepted document version number, for compliance retention. These records are retained while the account exists and for no more than 5 years after account deletion.

6. Data Security

iroo world uses reasonable administrative, technical, and organizational measures to protect your personal data, including transport encryption (TLS), encryption at rest where supported, access controls, and security reviews.

7. Data Breach Notification

  • EU users: If a data breach may affect your rights, iroo world will notify the competent supervisory authority within 72 hours after becoming aware of the breach and will notify affected users as soon as practicable.
  • California users: iroo world will comply with the breach notification requirements of California Civil Code Section 1798.82.
  • Breach notices will include: the nature of the breach, affected data categories, remedial measures taken, protective steps users may take, and contact information.

8. Analytics and Tracking

iroo world may use analytics technologies to collect reading behavior data for product improvement and personalized recommendations. Data points may include reading duration, chapter completion rate, preferred genre tags, favorites and sharing records, and feature usage frequency.

Cookies and similar technologies: As a native mobile application, iroo world does not use browser cookies. The app uses a device-level anonymous random identifier (UUID) for session association. This identifier automatically expires after you uninstall the app.

Analytics data may be shared with third-party analytics providers if analytics features are enabled (see "2. Data Sharing"). You may opt out of analytics in "Account Settings -> Privacy -> Analytics Data". iroo world currently does not use advertising identifiers (IDFA/GAID) for targeted advertising and does not use personal data for targeted ads.

9. AI Risk Management

iroo world implements AI system risk management measures, including content safety filtering, AI-generated content notices, output quality monitoring, and model performance evaluation. For story content generated by AI, we will display a notice near the content indicating that it is AI-assisted fictional content and provide necessary transparency information to the extent required by applicable law.

Stories, characters, dialogue, and plots generated by iroo world may be automatically generated by AI and are fictional. They should not be treated as real facts, professional advice, or official information. When sharing or publishing such content, users must not remove, hide, or misleadingly modify AI-generated content labels.

10. Marketing Communications

During registration, you may separately choose whether to receive marketing notifications. This consent is not bundled with the service agreement and is not pre-checked. You may withdraw marketing consent at any time through "Settings -> Notification Preferences" or the email unsubscribe link, and iroo world will process the unsubscribe request within 48 hours.

11. Updates to This Policy

If this policy changes materially, iroo world will notify you at least 30 days in advance through in-app notice and your registered email address. When you first open the app after the update, you must confirm acceptance of the new policy before continuing to use the service. Historical versions are available in "Settings -> Help & Legal -> Policy History". If a change reduces your rights, you may request account deletion before the change takes effect.

12. Applicable Law and Supervisory Authorities

  • EU users: This policy is governed by the GDPR where applicable, and you may contact the competent supervisory authority in your member state.
  • California users: This policy is governed by the CCPA/CPRA.

13. Contact Us

SubjectContact
Privacy inquiries and data subject requestsprivacy@iroo.world
Legal noticeslegal@iroo.world
Operator mailing addressiroo world, support@iroo.world
EU representative (if applicable)Not applicable
Data Protection Officer (if applicable)dpo@iroo.world

For additional support channels, please visit the Contact Us page.


Provider categoryProvider namePrivacy policy link
AI model providerOpenAI ChatGPT / OpenAI APIhttps://openai.com/policies/privacy-policy
AI model providerAnthropic Claudehttps://www.anthropic.com/privacy
AI model providerGoogle Geminihttps://policies.google.com/privacy
Cloud infrastructureProviders used to host and store the iroo world serviceProvider-specific links will be added before the corresponding production integration is made available to users
Analytics providerAnalytics provider, if enabledProvider-specific links will be added before analytics SDKs are enabled
Payment processorApple (App Store IAP)https://www.apple.com/legal/privacy/
Payment processorGoogle (Play Store IAP)https://policies.google.com/privacy
Content safety providerProvider-integrated safety systems and iroo world moderation toolsProvider-specific links will be added before a standalone third-party provider is made available to users