Privacy Policy

Last Update : February 1st 2024

We care about your privacy and want to be upfront about how we treat your data when using the services (“Services”) that Romy (“romy”) offers: what we collect, why we collect it, where it all goes, for how long, your rights, and what you can ask us to do with it. So we wrote this policy (“Privacy Policy”) to explain it to you in the clearest and simplest way we know.

Caring about your privacy means that you don’t have to worry that your data is being misused,  or misappropriated. Sometimes we’ll make decisions relating to your data on your behalf, but please know that these decisions are made in the best interests of you and other Romy users.

Your use of our Services is subject to our Terms of Service. Please read it – it’s important that you understand and agree to what you’re signing up for before using any of our Services.

As always, feel free to reach out to us at should you ever have any questions related to this policy.

1. Romy is your data controller

Romy is the “controller” of your data as described in this Privacy Policy. By your “data”, we mean any piece of data that identifies you directly (such as your name, or your email) or indirectly (such as your user ID, your location, or the technical data related to your device). We are a French company, and our head office is at 2 rue des près, 51430, Bezannes, France. Being a French company means we need to apply GDPR regulations for everyone, regardless of which country you’re from. This in short means that law requires us to take your privacy very seriously.  As "controller", we process some of your data to power our Services. Processing your data, however, does not mean we can do what we want with it. We follow all the rules and create even more ourselves. We provide a lot of Services – most of which can’t work without your data, and therefore we use your data according to this Policy and our Terms.

2. What kind of data do we collect?

There are three categories of data we collect: 

  • data you provide us; 

  • data we collect through the use of our Services; 

  • data we collect from third parties.

Data you provide us

  • Account data. When you register for the Services you provide us with your first name, last name, email and with the names of your children. We cannot provide the Services without these.

  • Children data. You provide us with any other data you send through our Services, such as the relationship of the characters you create with the children you created. We use this data to personalize the stories for your children as much as we can.

  • Support. Data you provide to our support (@romytheapp on Instagram). This includes the content of our communications, photos, copies of government issued identification, and identifiers like the method you used to contact us.

  • Exercising your rights. When exercising your data protection rights (, we receive data from you that is necessary to identify and respond to you.

  • Transaction data. If you purchase paid features, we retain your purchase and subscription history. However, we will not be processing your payment data, it will be collected and processed via the store (App Store, Google Play Store).

Data we get from your usage of the services

  • Usage data. We collect data with regards to your activity on any of the Services. For example, the stories you listened to, the categories you browsed and so on. This helps us understand what you like and how we can improve.

Data we collect from third parties

We may obtain data from other companies that are owned or operated by us — or any other third party sources — and combine that with the data we normally collect through our services:

  • Business partners. We may receive data from trusted business partners, such as app stores or operating system providers and analytics providers.

  • Law enforcement and NGOs. We may receive data from non governmental or law enforcement organizations for safety purposes, investigations, or legal proceedings.

3. How do we use your data?

We use your data to:

  • Develop, operate, improve, deliver, maintain, and protect our Services.

  • Send you communications, including by email. For example, we may use email to respond to direct support inquiries.

  • Create statistical studies and analyze trends:

    • Statistical studies. Creating statistical studies on an anonymous basis. For example, we may look for groups of users with similar usage patterns or habits to see if we can improve the user experience of the Services.

    • Registration statistics. Determining which groups like country, users of different phone types, operating systems, etc. are statistically relevant to the different studies that we conduct on an aggregate basis.

  • Assess the success rate of our marketing campaigns.

  • Send you push notifications to get updates when new stories of categories you like are available, and some other important news.

  • Verify your identity to prevent fraud or other unauthorized or illegal activity.

  • Enforce our Terms of Service and other usage policies.

  • Respond to your exercise of rights requests.

  • Store data locally on your phone, so that you can open the app and view content faster.

You can find an up-to-date recap chart at the end of this policy that shows what data we collect, what we use it for, the legal basis for that use, and how long we keep it for.

4. What are our bases for using your data?

As an EU based company, we are only allowed to use your data when certain conditions apply. These conditions are called “legal bases” and, at Romy, we typically rely on one of four:

  • Contract. We may use your data should it be needed to be able to provide our services to you as described in our Terms of Service. Because Romy’s Services may use your camera and location, we need to access and store said data in order to offer our Services to you. This data is needed to provide you with the full Romy experience.

  • Legitimate interest. We may need to use your data to provide and improve our services, including protecting your account, delivering our Services, providing customer support, helping you find friends, or to detect fraudulent activity. We only rely on legitimate interest when we believe that the way we use your data doesn’t significantly impact your privacy.

  • Consent. In some cases, we may ask for consent to use your data for specific purposes. If we do, we’ll make sure you can revoke your consent to our Services or through your device permissions. Even when we do not rely on consent to use your data, we may ask you for permission to access it via your device permissions.

  • Legal obligation. We may be required to use your data to comply with the law, like when we respond to valid legal processes or need to take action to protect our users.

5. Who can have access to your data?

A lot of good people are involved with providing you with our Services. Here’s who they are and how we may share your data with them:

Romy employees

 As our Services can’t run themselves for now, authorized Romy employees may access your data to provide our Services or a required support. Such access is only granted within the scope of their responsibilities and only for the data which they need to access in order to carry out these responsibilities.

Third parties.

Service providers and partners. We may share data about you with service providers who perform Services on our behalf and business partners that provide services and functionality, including partners who may show ads for the Services on their platforms.

Third parties for legal reasons. We may share data about you if we reasonably believe that disclosing the data is needed to:

  • Comply with any valid legal process, governmental request, or applicable law, rule, or regulation.

  • Investigate, remedy, or enforce potential Terms of Service violations.

  • Protect the rights, property, and safety of us, our users, or others.

  • Detect and resolve any fraud or security concerns.

  • Other third parties. We may also share aggregated, non-personally identifiable or non-identifiable data.

Auth0 to perform identity verification. Auth0 is an identity authentication provider that maintains the highest security standards and is trusted by enterprise customers worldwide. It allows us to better manage our users’ login experience and protect their credentials. We share your full names, email addresses, and a hash of your password so You can log in to Romy securely. Information shared: name, email address, and password hash You can read more about their privacy policy:

Google GCP To store your files. When You share information with Romy, the Data is stored on Google GCP with the servers located in France. Most of your Data is stored on a database, encrypted in-transit, within Google GCP. Information shared: coaching content, name, nickname, company name, company information. You can read more about their privacy policy:

Mixpanel to determine how our website/applications and our features are used by You. Mixpanel is an analytics platform that lets us follow feature usage, discover new anonymized trends, detect bugs and ensure that our software is behaving as expected. It allows us to understand how visitors browse the website and adjust how our information is displayed. It does not access nor collect information from your confidential coaching content. Information shared: app browsing behavior, IP address. Important note: Mixapnel’s data centers are located in the United States. You can read more about their privacy policy:

Mailchimp to manage our marketing email campaigns Mailchimp is a SaaS solution for relationship marketing. The company offers a cloud-based marketing communication software suite with email marketing, transactional email, marketing automation, etc. Information shared: name, email address You can read more about their privacy policy:

Notion to document user research feedback Notion is our knowledge base provider. When a member of the Romy team conducts a user interview, the content of the interview and personal information you voluntarily disclose can be captured in Notion. Information shared: name, email. You can read more about their privacy policy:

OneSignal to manage our marketing push notifications campaigns. OneSignal is a SaaS solution for relationship marketing. Information shared: name, email address. You can read more about their privacy policy:

OpenAI To personalize the stories created for children using Romy, we utilize OpenAI's language models. This technology helps us to generate unique, engaging, and age-appropriate content based on the inputs provided. Information shared with OpenAI includes the child's name, age, interests, and gender to tailor the story content. This data is processed to customize story narratives, ensuring a personalized experience for each user. OpenAI commits to high standards of data privacy and security. Please refer to OpenAI's privacy policy for more details on their data handling practices:

Tally to create forms and gather results. Tally is a software as a service (SaaS) company that specializes in online form building and surveys. Only Romy can access your answers to the forms. Information shared: name, email.You can read more about their privacy policy at

6. How long do we keep your data?

We store your data as long as you’re a user of our Services and have different retention protocols in place for different types of data. You can find details on said retention protocols in our data processing recap chart, but in any case, we’ll always delete or anonymize your data at the end of the periods indicated.

If you haven’t opened or used the Services for more than 36 months, we will delete your account and its associated data. We of course won’t delete your data as long as you remain a user of the Services.

The following data is stored as long as you are actively using the Services:

  • Your name and email;

  • Stories you created;

  • Listening history;

  • Your device and usage data.

Should you not feel comfortable sharing your data you may delete your account at any time. The following section provides more information on how you may do so.

7. Your control over your data

  • Access. We let you access and update most of the data that we have about you. Most of this can be done in the profile section of the app. If you need to access, update, or delete any other data that we may have, you can contact us on Instagram ( Note that we may ask you to verify your identity or provide additional information before we can provide access to your data.

  • Location. You can change which friends can see your location at any time in the settings.

  • Contact data. You can change your contacts sharing setting at any time in the settings or through your device permissions.

  • Object. You have the right to object to our use of your data. For data without which we cannot provide the Services, you can delete your account to stop us from processing your data.

  • Correct. You can also correct your data should you find information incorrect.

  • Delete. If you want to delete the stories you created, you can do this by deleting your account.

  • Account deletion. We don’t like seeing you go, but if for some reason you want to delete your account you can always reach out on Instagram ( to request your account’s deletion.

  • Account un-deletion. If you’ve asked us to delete your account and then changed your mind and want it back, you have up to 30 days to restore your account before we delete your data from our servers. During this period, your account will not be visible to other users.

  • Data portability. You have the right to obtain, in a structured and machine-readable form (something that your computer can decipher), the data that you provide us directly on the basis of your consent or on the basis of the contract.

  • Define handling of your data after your death. You have the right to give instructions regarding whether Romy should communicate this data (or not) to a previously designated third party.

  • Lodge a complaint. If you believe the processing of your data infringes on your rights or data protection regulation, you have the right to file a complaint with the CNIL or your local supervisory authority.

Please reach out at any time. We’ll try our best to get back to you fast, but we’re only human, so if your request is complex or if you make too many, we may need some time to answer.

8. Data transfers outside of the European Union

Similar to our transfer of your data to third parties, your data can be transferred and be accessible to third parties and users outside of the European Union. This can include countries that may not have the same level of protection of your data as those within the EU. Whenever we share your data outside the EU with third parties we make sure adequate mechanisms are in place to protect your data.

Any transfers of data originating from within the European Economic Area, the United Kingdom, and Switzerland to countries outside the EEA, UK, or Switzerland will normally be made on the basis of:

  • The data privacy framework when the providers are located in the United States and appear on the department of commerce’s list.

  • The model clauses approved by the European Commission for transfers from EU controllers to non-EU controllers, which may be found at the Commission’s website. We do not retain the data we collect longer than is reasonably necessary to fulfill the purposes for which we collect the data in line with our legal obligations.

We’re always happy to answer any questions you may have about data sharing to countries outside the EU, so feel free to reach out on Instagram ( should you ever have any questions.

9. Future revisions

Times change, and so will this Privacy Policy. We’ll update it to take into account any technical, economic, regulatory, or legal developments in order to comply with any changes in applicable laws and regulations, or data practices. When we do, we’ll make sure to let you know.

That’s it for now

Always feel free to reach out on Instagram ( or to our data team at  – we love reading emails so don’t be shy.