1. Introduction
This Privacy Policy explains how Aroa (“we,” “us,” or “our”) collects, stores, uses, and protects personal data (as defined under the PDPA) of users (“you” or “User”) of the Aroa application (“App”). By using the App—including creating AI characters, engaging in chat sessions, or purchasing in-app tokens—you consent to the practices described in this Policy.
2. What Personal Data Do We Collect?
We collect minimal personal data, focusing on data necessary to provide and improve the App’s core functions. The types of data we may collect include:
2.1 Data You Voluntarily Provide
Account-Related Data: If you choose to associate an email address with your App usage (e.g., for password recovery or customer support), we will collect that email address.
User-Generated Content (UGC): Content you create within the App, such as custom AI character settings (personality, interests, skills) and chat messages with your AI characters.
Payment-Related Data: When you purchase in-app tokens (“Tokens”), we do not directly collect or store your payment method details (e.g., credit card numbers). These details are processed by third-party payment processors (e.g., Apple Pay, Google Pay), which adhere to their own privacy policies. We may only receive non-identifiable transaction data (e.g., transaction ID, Token quantity purchased) to confirm payment completion.
2.2 Automatically Collected Data
Device & Usage Data: To ensure App performance, we may collect limited non-identifiable data about your device (e.g., device model, operating system version) and App usage (e.g., frequency of AI character creation, duration of chat sessions). This data is aggregated and used solely to improve App functionality (e.g., fixing bugs, optimizing load times) and is not linked to your identity.
3. How We Store Your Personal Data
Consistent with the App’s core feature of local data persistence, we prioritize storing your personal data on your device whenever possible:
3.1 Local Storage (Primary Method)
All UGC (AI character settings, chat history) and any email address you provide are stored locally on your device. This means the data remains under your direct control and is not transmitted to our servers unless you explicitly request it (see Section 4.2).
We do not maintain centralized servers for storing your local data. You can access, edit, or delete this data directly through the App’s settings or by uninstalling the App (note: uninstalling may permanently delete locally stored data—see Section 6).
3.2 Server Storage (Limited Circumstances)
We only store minimal personal data on our secure servers in Singapore if:
You contact our customer support and voluntarily share data (e.g., an email describing a technical issue, screenshots of chat history to troubleshoot). This data is stored temporarily (for up to 90 days after resolving your inquiry) and deleted afterward.
We receive non-identifiable transaction data from third-party payment processors (as noted in Section 2.1). This data is stored for 12 months to comply with Singaporean financial record-keeping requirements, then anonymized.
4. How We Use Your Personal Data
We use your personal data only for the purposes stated below, and only to the extent necessary to fulfill those purposes:
4.1 Core App Functionality
To enable you to create, access, and interact with custom AI characters (using your UGC stored locally).
To process Token purchases (using non-identifiable transaction data) and grant you access to paid chat features.
4.2 Customer Support
To respond to your inquiries, resolve technical issues, or address feedback (using the email address or data you share with support).
4.3 App Improvement
To analyze aggregated, non-identifiable device and usage data to fix bugs, optimize performance, and develop new features that align with user needs.
4.4 Legal Compliance
To comply with applicable laws and regulations of Singapore (e.g., responding to a valid court order or request from a Singaporean regulatory authority).
5. How We Protect Your Personal Data
We implement technical, administrative, and physical security measures to safeguard your personal data against unauthorized access, disclosure, alteration, or destruction:
Local Data Security: The App uses encryption (e.g., AES-256) to protect locally stored data on your device. You can enhance security by securing your device with a password, biometric lock, or other access controls.
Server Data Security: Any data stored on our servers is encrypted in transit (via TLS 1.3) and at rest. Access to server-stored data is restricted to authorized personnel only, and we conduct regular security audits to identify and address vulnerabilities.
Third-Party Processor Security: We only partner with payment processors that are compliant with global data security standards (e.g., PCI DSS) to ensure your payment-related data is protected.
6. Your Rights Regarding Personal Data
Under the PDPA, you have the following rights regarding your personal data, which we will facilitate free of charge (unless the request is excessive or unfounded):
6.1 Right to Access
You may request a copy of the personal data we hold about you (e.g., data stored on our servers for customer support). To make this request, contact us at hiaroawow1210@zohomail.com.
6.2 Right to Correction
If you believe the personal data we hold is inaccurate or incomplete, you may request to correct it. For locally stored data, you can edit it directly via the App; for server-stored data, contact our support team.
6.3 Right to Deletion
Local Data: You may delete locally stored data at any time through the App’s “Data Management” settings or by uninstalling the App (note: uninstallation will permanently delete all local App data).
Server Data: You may request the deletion of any data we store on our servers (e.g., support-related emails) by contacting us. We will delete this data within 7 business days of verifying your request.
6.4 Right to Withdraw Consent
You may withdraw your consent to our data practices at any time (e.g., refusing to share data with customer support). However, withdrawing consent may limit your ability to use certain App features (e.g., receiving support for technical issues).
7. Sharing of Personal Data
We do not sell, rent, or share your personal data with third parties for marketing or commercial purposes. We may share your data only in the following limited circumstances:
With Third-Party Service Providers: We share non-identifiable transaction data with payment processors to facilitate Token purchases, and aggregated usage data with analytics providers (e.g., Firebase) to improve App performance. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
For Legal Reasons: We may share data if required by law (e.g., a court order, regulatory request) or to protect our legal rights (e.g., investigating fraud or violating of our User Agreement).
In Business Transfers: If we undergo a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity. We will notify you of such a transfer via in-app notification or email, and the new entity will be bound by this Privacy Policy.
8. Children’s Privacy
The App is intended for users aged 18 and above (as stated in our User Agreement). We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will immediately delete the data and terminate access to the App. Parents or guardians who believe their child has used the App may contact us at hiaroawow1210@zohomail.com to request data deletion.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in App features, legal requirements, or data practices. We will notify you of material changes via:
An in-app pop-up notification.
An email sent to the address associated with your App usage (if provided).
Your continued use of the App after the effective date of the updated Policy constitutes acceptance of the changes. We encourage you to review this Policy periodically.
10. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Email: hiaroawow1210@zohomail.com
We will respond to your inquiry within 5 business days.