Privacy Policy

Effective: April 23, 2026 MADNESS (FZE)

1. Introduction

RoboYap™ ("the Platform") is operated by MADNESS (FZE) ("we," "us," "our"), a company licensed in the Emirate of Sharjah, United Arab Emirates.

Operator Name: MADNESS (FZE)
Email: [email protected]
Mailing Address:
Block B - B26-062
Sharjah Research Technology and Innovation Park
Sharjah, United Arab Emirates
Data Protection Officer (DPO): MADNESS (FZE), acting as its own DPO pursuant to UAE PDPL Article 10. Given the nature and scale of our processing activities — limited personal data categories, no sensitive data processing, and a small user base — the sole proprietor serves as the designated DPO. Contact: [email protected]

This Privacy Policy explains what personal data we collect, why we collect it, how we process and store it, and your rights regarding that data. It applies to all users of the Platform, including parents, legal guardians, and their children.

RoboYap is a service directed to children. We comply with the United States Children's Online Privacy Protection Act ("COPPA") and the COPPA Rule (16 C.F.R. Part 312), and the United Arab Emirates Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE PDPL"). Where requirements differ, we apply the stricter standard.

We built RoboYap with privacy as a core principle. We collect the minimum data necessary to operate the service, and we never sell, rent, or share personal data with third parties for marketing or advertising purposes.

2. Data We Collect

2.1 Parent Account Data

Provided directly by you (the parent or legal guardian) when you create and use your account.

Data	Purpose	Stored
Email address	Account identification, authentication (OTP codes), notifications, flagged-message alerts, billing correspondence, and delivery of parental consent notices	Until you delete your account
Universal household rules	Passed to AI models as system instructions so all agents follow your household guidelines	Until you delete your account

2.2 Children's Profile Data

Provided by the parent — children never enter this data themselves. This data is collected only after verifiable parental consent has been obtained in accordance with COPPA (see Section 5).

Data	Purpose	Stored
First name	Displayed in the Parent Portal and used by AI agents to personalize interactions	Until the child profile or parent account is deleted
Birth year	Used by AI agents to adapt tone and complexity to the child's approximate age	Until the child profile or parent account is deleted
Child-specific rules	Passed to AI models as system instructions for that specific child	Until the child profile or parent account is deleted
Agent assignments	Records which AI agents are available to each child, with per-agent rules and settings	Until the child profile or parent account is deleted

2.3 Usage & Activity Data

Data	Purpose	Stored
Daily usage stats (messages sent, chat sessions, minutes)	Displayed to parents in the dashboard; used for plan quota tracking	Until the child profile or parent account is deleted
Flagged messages (message content + reason)	Displayed to parents for review when content moderation detects a potential safety issue	Until the parent deletes them, or the account is deleted; auto-deleted 30 days after creation in any case
Flag reports (copy of flagged message content, AI response if applicable, flag reason, agent name, and optional parent description)	When a parent reports a flagged message, a copy is sent to our admin team for review. This is limited to the specific flagged message in question — no other messages or child data are included.	Auto-deleted 30 days after the report is created, or deleted sooner by an administrator

2.4 Device Data

Data	Purpose	Stored
Device identifier (one-way hash)	Uniquely identify a paired device without storing the raw identifier	Until the device is revoked or the account is deleted
Device name & type	Displayed to parents in the Devices management screen	Until the device is revoked or the account is deleted
API token (hashed)	Authenticates the paired device when communicating with our servers	Until the device is revoked or the account is deleted
Last-seen timestamp	Displays when the device was last active	Until the device is revoked or the account is deleted

2.5 Session & Security Data

Data	Purpose	Stored
IP address	Session security, rate limiting, and abuse prevention	Duration of session only; purged when session expires
User-Agent hash (SHA-256)	Binds OTP codes and sessions to a specific browser to prevent hijacking; the raw User-Agent string is never stored	Duration of session only; purged when session expires
Rate-limit counters	Prevent abuse and brute-force attacks	Temporary; automatically expire within minutes

2.6 Billing Data

Data	Purpose	Stored
Stripe customer ID and subscription ID	Links your account to your Stripe subscription for plan management	Until subscription ends and account is deleted
Plan type & status	Determines your message quota and account capabilities	Until account is deleted

We do not store credit card numbers, bank details, or other payment credentials. All payment processing is handled entirely by Stripe. See Stripe's Privacy Policy for details.

2.7 Parental Consent Records

Consent is recorded at the account level — a single consent covers all child profiles under the account.

Data	Purpose	Stored
Consent status (granted or revoked)	Records whether the parent has provided verifiable parental consent under COPPA	Until the parent account is deleted
Consent timestamp	Records when consent was granted	Until the parent account is deleted

3. What We Do NOT Collect

Chat conversations are never stored on our servers. When a child chats with an AI agent, messages are processed in real time and delivered to the child's device. Conversation history exists only in the child's browser session. When the session ends — it is gone. Permanently. We cannot recover it.

We also do not collect:

Passwords — We use passwordless authentication (email OTP codes).
Children's personal accounts — Children do not register or sign in. They access the Companion App through parent-paired devices.
Location data — We do not request or store geographic location.
Contacts, photos, or files — The Platform is text-only chat.
Advertising identifiers or tracking pixels — We do not use ad networks.
Biometric data — We do not collect fingerprints, facial scans, voiceprints, or any biometric identifiers.

4. How We Use Your Data

We use the data described in Section 2 strictly for these purposes:

Operating the service — authenticating you, managing child profiles, pairing devices, enforcing message quotas, and processing subscriptions.
Delivering AI interactions — passing your household rules, child profile details (first name, approximate age), and agent configurations to AI models so they generate appropriate, personalized responses.
Content moderation — analyzing every message in real time to detect harmful content and alert you.
Reviewing reported flags — when you report a flagged message, our admin team reviews the specific flagged content (and the AI's response, if applicable) to investigate the incident, improve our safety systems, and take action if necessary. Only the data described in Section 2.3 under "Flag reports" is accessible to the admin team — no other messages or child data are shared. This data is automatically and permanently deleted after 30 days.
Security & abuse prevention — session management, rate limiting, OTP verification, and device authentication.
Service communications — sending OTP codes, flagged-message email alerts, parental consent notices, and critical account notifications.
Improving the service — analyzing aggregate, anonymized usage patterns (e.g., total messages per plan) to improve reliability and plan offerings. Individual conversations are never analyzed.

We do not use any data collected from children for marketing, advertising, or profiling. We do not use children's data for any commercial purpose beyond providing the service you have consented to.

5. Children's Privacy (COPPA Compliance)

RoboYap is a service directed to children of all ages, including children under 13. Because our service targets children under 13 as part of its audience, we treat the entire Platform as a service "directed to children" under COPPA and apply COPPA's protections to all child profiles, regardless of the child's age.

5.1 What Personal Information We Collect from Children and How

Children do not create accounts on RoboYap. They do not provide an email address, name, age, or any personal information directly to the Platform. All child-related data (first name, birth year) is provided by the parent and is managed entirely through the Parent Portal.

The Companion App (used by children) does not collect personal data from children. It does not use cookies for tracking, does not run analytics scripts, and does not display advertising. The only data transmitted from the Companion App is:

Chat messages — processed in real time by AI models, never stored on our servers.
Anonymous usage counters — message counts and session duration, linked to the child profile (created by the parent), used for quota tracking and displayed to parents.
Persistent identifiers — a device pairing token stored in the child's browser Local Storage, used solely to authenticate the paired device. This token is used only for support of the internal operations of the Platform (specifically: authenticating the device to deliver the service). It is not used for behavioral advertising, to build profiles, or for any purpose other than device authentication.

5.2 How Children's Information Is Used

Children's information (first name, approximate age from birth year, household and child-specific rules) is used solely to:

Personalize AI agent responses to be age-appropriate and use the child's first name.
Enforce household rules and content moderation.
Track usage quotas.
Display activity to the parent in the Parent Portal.

5.3 Disclosure of Children's Information

We use children's personal information for internal purposes only. We do not disclose children's personal information to third parties for their own commercial purposes.

The following third-party service providers process children's data solely on our behalf and under our instructions, as necessary to operate the service:

Provider	Data Shared	Purpose	Data Retention by Provider
OpenRouter (AI processing)	Chat message content, child's first name, approximate age, household rules, agent system prompts	Generating AI responses in real time	OpenRouter does not store prompts or completions by default (see OpenRouter Data Collection Policy). We additionally enforce Zero Data Retention (ZDR) at the account level and on every API request using the `zdr` parameter, which restricts routing to only ZDR-compliant endpoints. We also set `data_collection: deny` on every request, which blocks routing to any upstream AI provider that reserves the right to store or train on data (see OpenRouter Provider Routing). Prompt logging is disabled on our account. Under these configurations, neither OpenRouter nor any upstream provider retains prompt or completion data from RoboYap requests.
Maileroo (email delivery)	Parent's email address, content of transactional emails (OTP codes, parental consent notices, flagged-message alerts)	Delivering authentication codes, parental consent notices, and critical account notifications	Maileroo processes emails on our behalf as a data processor under their Data Processing Addendum. Maileroo's servers are located in Germany and the Netherlands. Email delivery data is retained in accordance with their processing terms. Maileroo does not independently use personal data for its own purposes.
DreamHost (hosting)	All stored data as described in Section 2	Infrastructure hosting	Data stored on their servers as our hosting provider; no independent use of data.

No other third party receives children's personal information.

5.4 Verifiable Parental Consent

Before any child profile becomes active and before any child can use the Companion App, we obtain verifiable parental consent using the "email plus" method permitted under 16 C.F.R. § 312.5(b)(2)(vi). Although COPPA requires verifiable parental consent only for children under 13, we require parental consent for all child profiles regardless of the child's age. Every child profile on RoboYap — whether the child is 5 or 16 — is subject to the same parental consent process, the same parental controls, and the same privacy protections described in this section:

When the parent creates their account, we deliver a Direct Notice to the parent's email address. This notice is included in the body of the email and contains:
- That we wish to collect personal information from their child and that parental consent is required before any such collection;
- The specific personal information we intend to collect (first name, birth year, child-specific rules, agent assignments, usage statistics, and flagged message content);
- How the information will be used (personalizing AI interactions, content moderation, usage tracking, and display to the parent);
- That we do not disclose children's personal information to third parties for their own purposes;
- The names and roles of service providers that process children's data on our behalf (OpenRouter, Maileroo, DreamHost);
- How the parent can provide or refuse consent;
- That the parent may revoke consent at any time, and how to do so;
- Our operator name, mailing address, and email contact;
- A link to this Privacy Policy.
The parent provides consent by clicking a unique, time-limited confirmation link in the email, which signs them in to the Platform.
Immediately upon successful sign-in, we send a confirmation email (the "plus" step required under 16 C.F.R. § 312.5(b)(2)(vi)) to the same email address. This confirmation email restates the information from the Direct Notice, confirms that consent was received, and informs the parent that they may revoke consent at any time and how to do so.
Only after both steps are complete does the parent's account become active and child profiles become available to create.

If the parent does not provide consent within 7 days, we delete their email address from our records.

This consent applies to both free trial and paid subscription usage. The data we collect, how we use it, and who processes it does not change between the free trial and paid plans. If we ever make a material change to our collection, use, or disclosure practices, we will send a new Direct Notice and obtain fresh consent before applying the changes.

The parent may revoke consent at any time by:

Deleting their child's profile through the Parent Portal;
Deleting their account through the Parent Portal; or
Contacting us at [email protected] or by mail at the address listed in Section 1.

5.5 Parental Rights Under COPPA

As a parent or legal guardian, you have the right to:

Review the personal information we have collected from your child. You may view all child profile data at any time through the Parent Portal. You may also request a description of the types and categories of information collected by emailing [email protected] or by writing to us at the mailing address listed in Section 1.
Delete your child's personal information. You may delete any individual child profile through the Parent Portal, which permanently removes all data associated with that child. You may also email [email protected] or write to us to request deletion.
Revoke consent and refuse further collection. You may revoke your consent at any time through the Parent Portal, by emailing [email protected], or by writing to us at the mailing address listed in Section 1. Revoking consent will immediately deactivate the child profile and prevent any further collection or use of that child's information. Existing data for that child will be deleted.
Consent to internal use without third-party disclosure. We do not disclose children's personal information to third parties for their own purposes. Your consent covers our collection and internal use of your child's information to operate the service as described in this policy.

We do not condition a child's participation in any activity on the disclosure of more personal information than is reasonably necessary to participate in that activity.

To exercise any of these rights, use the controls in the Parent Portal, email [email protected], or write to us at the mailing address listed in Section 1. We will respond within 30 days.

These rights apply to all child profiles on the Platform, regardless of the child's age.

5.6 Data Retention for Children's Information

We retain children's personal information only for as long as reasonably necessary to fulfill the purpose for which it was collected:

Child profile data (first name, birth year, rules, agent assignments) — retained while the child profile is active. Deleted when the parent deletes the child profile, deletes their account, or revokes consent.
Usage statistics — retained while the child profile is active. Deleted with the child profile.
Flagged messages — retained until the parent deletes them, or automatically deleted 30 days after creation, or deleted with the account — whichever comes first.
Flag reports — if a parent reports a flagged message, a copy of the specific flagged content (and AI response, if applicable) is made available to our admin team. This copy is automatically and permanently deleted 30 days after the report is created. No other messages or child data are included in the report.
Chat conversations — never stored. Cannot be retained.
Consent records — retained at the account level while the parent account is active. Deleted when the parent deletes their account or revokes consent.

When a parent deletes a child profile, the child's name, birth year, rules, agent assignments, flagged messages, and all associated device data are permanently deleted. Only anonymized usage statistics (message counts and session metrics) are retained for subscription quota tracking — these statistics no longer identify the child.

We do not retain children's personal information indefinitely.

6. Third-Party Services

RoboYap uses a limited number of third-party services to operate. We do not sell, rent, or share your personal data with any third party for their own marketing or commercial purposes.

6.1 OpenRouter (AI Processing)

What is shared: Message content (in real time), household rules, child's first name and approximate age, and agent system prompts — all sent as part of the AI request.
Data retention: OpenRouter does not store prompts or completions by default (OpenRouter Data Collection Policy). We additionally enforce Zero Data Retention (ZDR) at both the account level and on every individual API request using the zdr parameter, which restricts routing to only ZDR-compliant endpoints. Prompt logging is disabled on our account. We also set data_collection: deny on every request, which blocks routing to any upstream AI provider that reserves the right to store or train on data (OpenRouter Provider Routing). Under these configurations, neither OpenRouter nor any upstream provider retains prompt or completion data from RoboYap requests. OpenRouter retains only request metadata (timestamps, model used, token counts, latency) for billing and operational purposes; this metadata does not include the content of prompts or responses.
Provider policy: OpenRouter Privacy Policy · OpenRouter Terms of Service

6.2 Stripe (Payment Processing)

What is shared: Your email address (for customer identification) and your selected plan (for checkout).
What Stripe handles directly: Credit card numbers, billing addresses, and all payment credentials. These are entered directly into Stripe's secure payment page — they never pass through our servers.
See: Stripe Privacy Policy

6.3 Maileroo (Email Delivery)

What is shared: Your email address and the content of transactional emails (OTP codes, parental consent notices, flagged-message alerts, support confirmations).
Purpose: Delivering authentication codes, parental consent notices, and critical account notifications only. We do not send marketing emails.
Data handling: Maileroo processes emails on our behalf under their Data Processing Addendum. Their servers are located in Germany and the Netherlands and are GDPR-compliant. Maileroo does not independently use personal data for its own purposes.
See: Maileroo Privacy Policy

6.4 Google Analytics (Marketing Landing Page Only)

Where: The public marketing landing page (roboyap.com) only. Google Analytics is not loaded in the Parent Portal, the Companion App, or any authenticated page. It is not present on any page accessible to or used by children.
What it collects: Anonymous page-view and traffic-source data using first-party cookies (_ga, _ga_), which are persistent identifiers. These are collected solely for support of our internal operations — specifically, statistical reporting and website optimization. They are not used for behavioral advertising, to build user profiles, or for any purpose other than understanding how visitors find our marketing page.
COPPA note: Because these persistent identifiers are collected only on the marketing landing page (which is not used by children), are used solely for support of internal operations, and no other personal information is collected alongside them, they fall within the exception under 16 C.F.R. § 312.5(c)(7) and do not require parental consent.
See: Google Privacy Policy

7. Hosting, Data Location & Backups

RoboYap is hosted on DreamHost with servers located in the Netherlands (EU). All data described in this policy is stored on infrastructure located in the EU and is subject to EU data protection standards.

AI requests are processed by OpenRouter, which may route them to model providers in various jurisdictions. However, as described in Section 6.1, Zero Data Retention is enforced on every request — no prompts or responses are stored by any provider.

7.2 Cross-Border Data Transfers

For users located in the United Arab Emirates, your personal data is transferred outside the UAE to the following jurisdictions in accordance with the UAE PDPL:

Recipient	Jurisdiction	Legal Basis (UAE PDPL)
DreamHost (hosting)	Netherlands (EU)	Article 22(1) — transfer to a jurisdiction with adequate data protection (EU/GDPR). A Data Processing Agreement (DPA) is on file with DreamHost.
Maileroo (email delivery)	Germany / Netherlands (EU)	Article 22(1) — transfer to a jurisdiction with adequate data protection (EU/GDPR). Maileroo operates under their published Data Processing Addendum.
Stripe (payments)	United States	Article 23(1)(a) and 23(1)(d) — transfer necessary for performance of a contract with the data subject (subscription billing) and where the data subject has explicitly consented. Stripe maintains comprehensive data protection measures including encryption and PCI DSS Level 1 compliance.
OpenRouter (AI processing)	United States (and upstream providers in various jurisdictions)	Article 23(1)(b) and 23(1)(d) — transfer based on data subject consent and contractual necessity. Additional safeguards: Zero Data Retention (ZDR) enforced on every request; `data_collection: deny` blocks all data-retaining providers; prompt logging disabled. No personal data is retained by OpenRouter or upstream providers post-processing. OpenRouter does not currently offer a formal DPA for accounts of our scale; however, these technical safeguards ensure no personal data persists outside the real-time processing window.

7.1 Database Backups

Our hosting provider, DreamHost, automatically retains database backups for up to 5 days as part of their standard infrastructure operations. These backups are stored on DreamHost's infrastructure in the Netherlands and are subject to the same data protection standards as our production data.

Additionally, we retain securely stored offline backups for up to 90 days for the purposes of security, fraud prevention, disaster recovery, and compliance with legal obligations. These offline backups are stored in the United Arab Emirates and are encrypted at rest. Offline backups are not used for any purpose other than disaster recovery and fraud investigation, and access is restricted to authorized personnel only.

When data is deleted from our production database (e.g., upon account deletion), it may persist in DreamHost backups for up to 5 days and in our offline backups for up to 90 days before being naturally rotated out. We do not restore deleted data from backups except in the event of a catastrophic infrastructure failure.

8. Data Retention & Deletion

8.1 Retention Schedule

Data Category	Retained Until
Parent account data (email, household rules)	Parent deletes their account
Children's profile data (name, birth year, rules, assignments)	Parent deletes the child profile, revokes consent, or deletes their account
Usage statistics	Deleted with associated parent account. When a child profile is deleted, usage statistics are anonymized (child reference removed) and retained for subscription quota tracking only.
Flagged messages	Deleted by parent, or auto-deleted 30 days after creation, or deleted with account — whichever comes first
Flag reports (admin copies of reported flags)	Auto-deleted 30 days after the report is created, or deleted sooner by an administrator. Contains only the specific flagged message content, AI response (if applicable), flag reason, agent name, and optional parent description — no other child data.
Device data (paired devices)	Device is revoked by parent, or auto-deleted after 365 days from pairing, or auto-deleted after 30 days of inactivity, or deleted with the account — whichever comes first
Session data (IP, User-Agent hash, rate-limit counters)	Sessions expire after 24 hours of inactivity (Parent Portal); expired session data is purged from the database by the daily cleanup cycle
Chat conversations	Never stored on our servers
OTP codes (login and device pairing)	Expire and become unusable after 10 minutes; automatically purged from the database by the next scheduled cleanup cycle (runs hourly)
Consent tokens (registration links)	Expire after 7 days; auto-deleted on next cleanup cycle
Uncompleted registrations	If a parent requests a consent link but does not complete registration, their email address is deleted within 7 days
Billing data (Stripe IDs, plan status)	Retained for 90 days after account deletion for dispute resolution and fraud prevention, then permanently deleted
Consent records	Deleted with parent account
Post-deletion email hash	After voluntary account deletion, we retain only a one-way SHA-256 hash of your email address for 90 days to prevent abuse (e.g., repeated free-trial exploitation). This hash cannot be reversed to recover your email address and is not shared with any third party. After 90 days, the hash and all remaining account metadata are permanently deleted.
Blocked account email hash	If an account is blocked by an administrator for policy violations, the one-way email hash is retained on a block list for 24 months after the account is deleted to prevent re-registration. During this period, only the irreversible hash is stored — no personal data.
DreamHost database backups	Automatically retained by our hosting provider for up to 5 days (see Section 7.1)
Offline backups	Retained for up to 90 days for disaster recovery and fraud prevention, stored in the UAE (see Section 7.1)

8.2 Deletion Process

Child Profile Deletion

When you delete a child profile, the child's name, birth year, rules, agent assignments, flagged messages, and all device data associated with that child are permanently deleted from our database immediately. Anonymized usage statistics (message counts only, with the child reference removed) are retained for subscription quota tracking purposes.

Voluntary Account Deletion

When you delete your account, the following happens immediately:

Any active Stripe subscription is canceled immediately (billing stops).
All child profiles and their associated data are permanently deleted (including all usage data).
All device pairings, custom agents, household rules, flagged messages, and consent records are permanently deleted.
All login OTPs and consent tokens are deleted.
All sessions are invalidated (you are logged out of all devices).

After deletion, we retain only: a one-way hash of your email address, your Stripe customer/subscription IDs, and key metadata (account creation date, deletion date, consent date, last login date, and login count). This minimal data is retained for 90 days to prevent abuse and resolve billing disputes. After 90 days, all remaining data — including the email hash, Stripe data, and metadata — is permanently and automatically deleted.

During the 90-day window, re-registration with the same email address is blocked.

Account Suspension (Admin Block)

If an administrator blocks your account for policy violations:

Any active Stripe subscription is canceled immediately.
All sessions are invalidated and you are logged out of all devices.
Your account data is retained (not deleted) while the block is in effect, but you cannot log in or use the Platform.

After 90 days, blocked accounts are automatically and permanently deleted. All personal data — including child profiles, usage data, devices, and billing data — is removed. The one-way hash of your email address is placed on a block list for 24 months to prevent re-registration. After 24 months, the block list entry expires and is deleted.

We do not retain children's personal information indefinitely. We do not retain any data longer than reasonably necessary to fulfill the purpose for which it was collected.

9. Cookies & Local Storage

RoboYap uses only the following browser storage mechanisms:

Mechanism	Where	Purpose	Type
Session cookie	Parent Portal	Maintains your authenticated session and includes CSRF protection to prevent cross-site request forgery attacks	Strictly necessary; expires after 24 hours of inactivity
Local Storage (device token)	Companion App	Stores the device pairing token and current chat history on the child's device	Functional; device-local; cleared when device is unpaired
`_ga`, `_ga_` cookies	Marketing landing page only	Google Analytics — anonymous traffic analysis	Analytics; not present on any authenticated or child-facing page

We do not use advertising cookies or any third-party tracking cookies.

10. Your Rights

10.1 All Users

You have the right to:

Access your data — View all data associated with your account through the Parent Portal.
Correct your data — Update your email, children's profiles, rules, and agent configurations at any time.
Delete your data — Delete individual child profiles, flagged messages, or your entire account. Account deletion permanently removes all associated data (subject to the retention schedule in Section 8).
Export your data — Request a complete export of all your account data in machine-readable JSON format directly from the Parent Portal (Help & Support → Export Data). Exports are verified via OTP, available for download for 24 hours, then automatically deleted. You may also contact us at [email protected] to request an export.
Withdraw consent — You may stop using the Platform and delete your account at any time.

10.2 Parents' Rights Regarding Children's Data

See Section 5.5 for your full rights under COPPA, including the right to review, delete, and refuse further collection of your child's information.

10.3 UAE Data Subject Rights (PDPL)

If you are located in the United Arab Emirates, you have the following rights under the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL):

Right of access (Art. 13) — View all data we hold about you through the Parent Portal, or request a summary by contacting us.
Right to rectification (Art. 14) — Update your email, children's profiles, rules, and agent configurations at any time through the Parent Portal.
Right to erasure (Art. 14) — Delete individual child profiles, flagged messages, or your entire account through the Parent Portal.
Right to data portability (Art. 14) — Export all your account data in machine-readable JSON format from the Parent Portal (Help & Support → Export Data).
Right to restrict processing (Art. 14) — Given the nature of RoboYap, the practical options to restrict processing are: (a) do not register for an account; (b) delete your account; (c) do not use the chat functionality or AI features; and/or (d) do not enable the voluntary additional content moderation option available for incoming LLM response moderation. You may also delete individual child profiles to restrict processing for specific children.
Right to object to automated processing (Art. 16) — RoboYap uses AI language models to generate chat responses and automated content moderation to detect harmful content. These are core functions of the service. The practical options to object are the same as for restricting processing above: (a) do not register; (b) delete your account; (c) do not use the chat or AI features; and/or (d) do not enable the voluntary response moderation option. We do not use automated processing to make legal or similarly significant decisions about you or your children.
Right to withdraw consent (Art. 6) — You may withdraw consent at any time by deleting your account or contacting us. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

10.4 Filing a Complaint

To lodge a complaint regarding the processing of your personal data, please contact the UAE Data Office (the federal Bureau responsible for PDPL enforcement), affiliated with the UAE Cabinet. Visit the official UAE government portal at u.ae for updates on contact methods, or refer to the UAE Legislation Portal at uaelegislation.gov.ae for PDPL details.

For questions about COPPA, you may contact the U.S. Federal Trade Commission at www.ftc.gov or [email protected].

For any data rights requests, contact our DPO at [email protected] or write to us at the mailing address listed in Section 1. We will respond within 30 days.

11. Security

We take the security of your data seriously and employ industry-standard measures to protect it:

All connections to RoboYap are encrypted using HTTPS/TLS.
We use passwordless authentication with time-limited, single-use OTP codes — there are no passwords to steal or leak.
Sensitive identifiers and tokens are stored using one-way cryptographic hashes (SHA-256) — the original values cannot be recovered, even by us.
Sessions are secured server-side and protected against cross-site request forgery (CSRF) and session hijacking.
Automated rate limiting is in place to prevent brute-force and abuse attempts.
All AI requests enforce Zero Data Retention (ZDR) and are blocked from routing to providers that collect or train on data.
Access to production databases and infrastructure is restricted to authorized personnel only and requires multi-factor authentication.
Children's personal information is maintained with confidentiality, security, and integrity, and is released only to service providers capable of maintaining its confidentiality and security, as required by COPPA.

No system is perfectly secure. If you discover a security vulnerability, please report it responsibly to [email protected].

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes — particularly changes to our practices regarding the collection, use, or disclosure of children's personal information — we will:

Update the "Effective Date" at the top of this page.
Notify you via email.
If the changes affect children's personal information, send a new Direct Notice and obtain fresh parental consent before applying the changes.

Your continued use of the Platform after changes are posted constitutes your acceptance of the revised policy, except where renewed consent is required.

13. Contact Us

For any privacy-related questions, concerns, or data requests — including requests to review, delete, or stop the collection of your child's personal information — please contact us:

Email: [email protected]
Operator: MADNESS (FZE)
Address:
Block B - B26-062
Sharjah Research Technology and Innovation Park
Sharjah, United Arab Emirates

If you believe we have collected personal information from a child without parental consent, please contact us immediately and we will delete it.

For questions about COPPA, you may also contact the U.S. Federal Trade Commission at www.ftc.gov or [email protected].