Privacy Policy

Last Update : February 1st 2024

We care about your privacy and want to be upfront about how we treat your data when using the services (“Services”) that Romy (“romy”) offers: what we collect, why we collect it, where it all goes, for how long, your rights, and what you can ask us to do with it. So we wrote this policy (“Privacy Policy”) to explain it to you in the clearest and simplest way we know.

Caring about your privacy means that you don’t have to worry that your data is being misused,  or misappropriated. Sometimes we’ll make decisions relating to your data on your behalf, but please know that these decisions are made in the best interests of you and other Romy users.

Your use of our Services is subject to our Terms of Service. Please read it – it’s important that you understand and agree to what you’re signing up for before using any of our Services.

As always, feel free to reach out to us at privacy@getromy.com should you ever have any questions related to this policy.

1. Romy is your data controller

Romy is the “controller” of your data as described in this Privacy Policy. By your “data”, we mean any piece of data that identifies you directly (such as your name, or your email) or indirectly (such as your user ID, your location, or the technical data related to your device). We are a French company, and our head office is at 2 rue des près, 51430, Bezannes, France. Being a French company means we need to apply GDPR regulations for everyone, regardless of which country you’re from. This in short means that law requires us to take your privacy very seriously.  As "controller", we process some of your data to power our Services. Processing your data, however, does not mean we can do what we want with it. We follow all the rules and create even more ourselves. We provide a lot of Services – most of which can’t work without your data, and therefore we use your data according to this Policy and our Terms.

2. What kind of data do we collect?

There are three categories of data we collect: 

• data you provide us; 

• data we collect through the use of our Services; 

• data we collect from third parties.

Data you provide us

• Account data. When you register for the Services you provide us with your first name, last name, email and with the names of your children. We cannot provide the Services without these.

• Children data. You provide us with any other data you send through our Services, such as the relationship of the characters you create with the children you created. We use this data to personalize the stories for your children as much as we can.

• Support. Data you provide to our support (@romytheapp on Instagram). This includes the content of our communications, photos, copies of government issued identification, and identifiers like the method you used to contact us.

• Exercising your rights. When exercising your data protection rights (privacy@getromy.com), we receive data from you that is necessary to identify and respond to you.

• Transaction data. If you purchase paid features, we retain your purchase and subscription history. However, we will not be processing your payment data, it will be collected and processed via the store (App Store, Google Play Store).

Data we get from your usage of the services

• Usage data. We collect data with regards to your activity on any of the Services. For example, the stories you listened to, the categories you browsed and so on. This helps us understand what you like and how we can improve.

Data we collect from third parties

We may obtain data from other companies that are owned or operated by us — or any other third party sources — and combine that with the data we normally collect through our services:

• Business partners. We may receive data from trusted business partners, such as app stores or operating system providers and analytics providers.

• Law enforcement and NGOs. We may receive data from non governmental or law enforcement organizations for safety purposes, investigations, or legal proceedings.

3. How do we use your data?

We use your data to:

• Develop, operate, improve, deliver, maintain, and protect our Services.

• Send you communications, including by email. For example, we may use email to respond to direct support inquiries.

• Create statistical studies and analyze trends:

  • Statistical studies. Creating statistical studies on an anonymous basis. For example, we may look for groups of users with similar usage patterns or habits to see if we can improve the user experience of the Services.

  • Registration statistics. Determining which groups like country, users of different phone types, operating systems, etc. are statistically relevant to the different studies that we conduct on an aggregate basis.

• Assess the success rate of our marketing campaigns.

• Send you push notifications to get updates when new stories of categories you like are available, and some other important news.

• Verify your identity to prevent fraud or other unauthorized or illegal activity.

• Enforce our Terms of Service and other usage policies.

• Respond to your exercise of rights requests.

• Store data locally on your phone, so that you can open the app and view content faster.

You can find an up-to-date recap chart at the end of this policy that shows what data we collect, what we use it for, the legal basis for that use, and how long we keep it for.

4. What are our bases for using your data?

As an EU based company, we are only allowed to use your data when certain conditions apply. These conditions are called “legal bases” and, at Romy, we typically rely on one of four:

• Contract. We may use your data should it be needed to be able to provide our services to you as described in our Terms of Service. Because Romy’s Services may use your camera and location, we need to access and store said data in order to offer our Services to you. This data is needed to provide you with the full Romy experience.

• Legitimate interest. We may need to use your data to provide and improve our services, including protecting your account, delivering our Services, providing customer support, helping you find friends, or to detect fraudulent activity. We only rely on legitimate interest when we believe that the way we use your data doesn’t significantly impact your privacy.

• Consent. In some cases, we may ask for consent to use your data for specific purposes. If we do, we’ll make sure you can revoke your consent to our Services or through your device permissions. Even when we do not rely on consent to use your data, we may ask you for permission to access it via your device permissions.

• Legal obligation. We may be required to use your data to comply with the law, like when we respond to valid legal processes or need to take action to protect our users.

5. Who can have access to your data?

A lot of good people are involved with providing you with our Services. Here’s who they are and how we may share your data with them:

Romy employees

 As our Services can’t run themselves for now, authorized Romy employees may access your data to provide our Services or a required support. Such access is only granted within the scope of their responsibilities and only for the data which they need to access in order to carry out these responsibilities.

Third parties.

Service providers and partners. We may share data about you with service providers who perform Services on our behalf and business partners that provide services and functionality, including partners who may show ads for the Services on their platforms.

Third parties for legal reasons. We may share data about you if we reasonably believe that disclosing the data is needed to:

• Comply with any valid legal process, governmental request, or applicable law, rule, or regulation.

• Investigate, remedy, or enforce potential Terms of Service violations.

• Protect the rights, property, and safety of us, our users, or others.

• Detect and resolve any fraud or security concerns.

• Other third parties. We may also share aggregated, non-personally identifiable or non-identifiable data.

Auth0 to perform identity verification. Auth0 is an identity authentication provider that maintains the highest security standards and is trusted by enterprise customers worldwide. It allows us to better manage our users’ login experience and protect their credentials. We share your full names, email addresses, and a hash of your password so You can log in to Romy securely. Information shared: name, email address, and password hash You can read more about their privacy policy: https://auth0.com/privacy

Google GCP To store your files. When You share information with Romy, the Data is stored on Google GCP with the servers located in France. Most of your Data is stored on a database, encrypted in-transit, within Google GCP. Information shared: coaching content, name, nickname, company name, company information. You can read more about their privacy policy: https://cloud.google.com/terms/cloud-privacy-notice

Mixpanel to determine how our website/applications and our features are used by You. Mixpanel is an analytics platform that lets us follow feature usage, discover new anonymized trends, detect bugs and ensure that our software is behaving as expected. It allows us to understand how visitors browse the website and adjust how our information is displayed. It does not access nor collect information from your confidential coaching content. Information shared: app browsing behavior, IP address. Important note: Mixapnel’s data centers are located in the United States. You can read more about their privacy policy: https://mixpanel.com/legal/privacy-policy/

Mailchimp to manage our marketing email campaigns Mailchimp is a SaaS solution for relationship marketing. The company offers a cloud-based marketing communication software suite with email marketing, transactional email, marketing automation, etc. Information shared: name, email address You can read more about their privacy policy: https://mailchimp.com/help/mailchimp-intuit-privacy-faq/

Notion to document user research feedback Notion is our knowledge base provider. When a member of the Romy team conducts a user interview, the content of the interview and personal information you voluntarily disclose can be captured in Notion. Information shared: name, email. You can read more about their privacy policy: https://www.notion.so/help/security-and-privacy

OneSignal to manage our marketing push notifications campaigns. OneSignal is a SaaS solution for relationship marketing. Information shared: name, email address. You can read more about their privacy policy: https://onesignal.com/privacy_policy

OpenAI To personalize the stories created for children using Romy, we utilize OpenAI's language models. This technology helps us to generate unique, engaging, and age-appropriate content based on the inputs provided. Information shared with OpenAI includes the child's name, age, interests, and gender to tailor the story content. This data is processed to customize story narratives, ensuring a personalized experience for each user. OpenAI commits to high standards of data privacy and security. Please refer to OpenAI's privacy policy for more details on their data handling practices: https://openai.com/privacy

Tally to create forms and gather results. Tally is a software as a service (SaaS) company that specializes in online form building and surveys. Only Romy can access your answers to the forms. Information shared: name, email.You can read more about their privacy policy at https://tally.so/help/privacy-policy