Privacy Policy
1. Introduction
RoboYap™ ("the Platform") is operated by MADNESS (FZE) ("we," "us," "our"). This Privacy Policy explains exactly what personal data we collect, why we collect it, how we process and store it, and your rights regarding that data.
We built RoboYap with privacy as a core principle — especially because our Platform is used by children. We collect the minimum data necessary to operate the service, and we never sell, rent, or share personal data with third parties for marketing or advertising purposes.
2. Data We Collect
The following tables list every category of data we collect, what it includes, and why we need it.
2.1 Parent Account Data
Provided directly by you when you create and use your account.
| Data | Purpose | Stored |
|---|---|---|
| Email address | Account identification, authentication (OTP codes), notifications and flagged-message alerts, billing correspondence | Until you delete your account |
| Universal rules | Passed to AI models as system instructions so all agents follow your household guidelines | Until you delete your account |
2.2 Children's Profile Data
Provided by the parent — children never enter this data themselves.
| Data | Purpose | Stored |
|---|---|---|
| First name | Displayed in the Parent Portal and used by AI agents to personalize interactions | Until the child profile or parent account is deleted |
| Birth year | Used by AI agents to adapt tone and complexity to the child's approximate age | Until the child profile or parent account is deleted |
| Child-specific rules | Passed to AI models as system instructions for that specific child | Until the child profile or parent account is deleted |
| Agent assignments | Records which AI agents are available to each child, with per-agent rules and settings | Until the child profile or parent account is deleted |
2.3 Usage & Activity Data
| Data | Purpose | Stored |
|---|---|---|
| Daily usage stats (messages sent, chat sessions, minutes) | Displayed to parents in the dashboard; used for plan quota tracking | Until the child profile or parent account is deleted |
| Flagged messages (message content + reason) | Displayed to parents for review when content moderation detects a potential safety issue | Until the parent reviews and deletes them, or the account is deleted |
2.4 Device Data
| Data | Purpose | Stored |
|---|---|---|
| Device identifier (one-way hash) | Uniquely identify a paired device without storing the raw identifier | Until the device is revoked or the account is deleted |
| Device name & type | Displayed to parents in the Devices management screen | Until the device is revoked or the account is deleted |
| API token (hashed) | Authenticates the paired device when communicating with our servers | Until the device is revoked or the account is deleted |
| Last-seen timestamp | Displays when the device was last active | Until the device is revoked or the account is deleted |
2.5 Session & Security Data
| Data | Purpose | Stored |
|---|---|---|
| IP address | Session security, rate limiting, and abuse prevention | Duration of session; purged when session expires |
| User-Agent hash (SHA-256) | Binds OTP codes and sessions to a specific browser to prevent hijacking; the raw User-Agent string is never stored | Duration of session; purged when session expires |
| Rate-limit counters | Prevent abuse and brute-force attacks | Temporary; automatically expire within minutes |
2.6 Billing Data
| Data | Purpose | Stored |
|---|---|---|
| Stripe subscription ID | Links your account to your Stripe subscription for plan management | Until subscription ends and account is deleted |
| Plan type & status | Determines your message quota and account capabilities | Until account is deleted |
We do not store credit card numbers, bank details, or other payment credentials. All payment processing is handled entirely by Stripe. See Stripe's Privacy Policy for details on how they handle your payment information.
3. What We Do NOT Collect
We also do not collect:
- Passwords — We use passwordless authentication (email OTP codes).
- Children's personal accounts — Children do not register or sign in. They access the Companion App through parent-paired devices.
- Location data — We do not request or store geographic location.
- Contacts, photos, or files — The Platform is text-only chat.
- Advertising identifiers or tracking pixels — We do not use ad networks.
4. How We Use Your Data
We use the data described in Section 2 strictly for these purposes:
- Operating the service — authenticating you, managing child profiles, pairing devices, enforcing message quotas, and processing subscriptions.
- Delivering AI interactions — passing your household rules, child profile details (name, approximate age), and agent configurations to AI models so they generate appropriate, personalized responses.
- Content moderation — analyzing every message in real time to detect harmful content and alert you.
- Security & abuse prevention — session management, rate limiting, OTP verification, and device authentication.
- Service communications — sending OTP codes, flagged-message email alerts, and critical account notifications.
- Improving the service — analyzing aggregate, anonymized usage patterns (e.g., total messages per plan) to improve reliability and plan offerings. Individual conversations are never analyzed.
5. Third-Party Services
RoboYap uses a limited number of third-party services to operate. We do not sell, rent, or share your personal data with any third party for their own marketing or commercial purposes.
5.1 OpenRouter (AI Processing)
- What is shared: Message content (in real time), household rules, child's first name and approximate age, and agent system prompts — all sent as part of the AI request.
- Data retention: We enforce Zero Data Retention (ZDR) at both the account level and on every individual API call. This means OpenRouter and its upstream AI providers are contractually prohibited from storing, logging, or training on any prompts or responses generated through RoboYap.
- Provider policy: We additionally set
data_collection: denyon every request, which blocks routing to any provider that reserves the right to store or train on data.
5.2 Stripe (Payment Processing)
- What is shared: Your email address (for customer identification) and your selected plan (for checkout).
- What Stripe handles directly: Credit card numbers, billing addresses, and all payment credentials. These are entered directly into Stripe's secure payment page — they never pass through our servers.
- See: Stripe Privacy Policy
5.3 Email (SMTP)
- What is shared: Your email address and the content of transactional emails (OTP codes, flagged-message alerts, support confirmations).
- Purpose: Delivering authentication codes and critical account notifications only. We do not send marketing emails.
5.4 Google Analytics (Landing Page Only)
- Where: The public landing page (roboyap.com) only. Google Analytics is not loaded in the Parent Portal, the Companion App, or any authenticated page.
- What it collects: Anonymous page-view and traffic-source data to help us understand how visitors find our website.
- See: Google Privacy Policy
6. Hosting & Data Location
RoboYap is hosted on DreamHost with servers located in the Netherlands (EU). All data described in this policy is stored on infrastructure located in the EU and is subject to EU data protection standards.
AI requests are processed by OpenRouter, which may route them to model providers in various jurisdictions. However, as described in Section 5.1, Zero Data Retention is enforced on every request — no prompts or responses are stored by any provider.
7. Data Retention
- Account data — Retained for as long as your account is active. Deleted when you delete your account.
- Children's profile data — Deleted when you remove the child profile or delete your account.
- Usage statistics — Deleted with the associated child profile or parent account.
- Flagged messages — Retained until you review and delete them, or until your account is deleted.
- Session data — Automatically purged when sessions expire (inactivity timeout).
- Chat conversations — Never stored. Exist only in the child's browser during an active session.
- Post-deletion: After account deletion, we retain only a one-way SHA-256 hash of your email address to prevent abuse (e.g., repeated free-trial exploitation). This hash cannot be used to recover your email address.
8. Children's Privacy
The Companion App does not collect personal data from children. It does not use cookies for tracking, does not run analytics scripts, and does not display advertising. The only data transmitted from the Companion App is chat messages (processed in real time, never stored) and anonymous usage counters (message counts and session duration).
If you believe a child has provided personal information to us without parental consent, please contact us immediately at [email protected] and we will delete it.
9. Cookies & Local Storage
RoboYap uses only the following browser storage mechanisms:
| Mechanism | Purpose | Type |
|---|---|---|
| Session cookie | Maintains your authenticated session in the Parent Portal | Strictly necessary (expires on browser close or session timeout) |
| CSRF token | Prevents cross-site request forgery attacks on form submissions | Strictly necessary (session-scoped) |
| Local Storage (Companion App only) | Stores the device pairing token and current chat history on the child's device | Functional (device-local, cleared when device is unpaired) |
We do not use advertising cookies, analytics cookies (except Google Analytics on the landing page — see Section 5.4), or any third-party tracking cookies.
10. Your Rights
You have the right to:
- Access your data — View all data associated with your account through the Parent Portal.
- Correct your data — Update your email, name, children's profiles, rules, and agent configurations at any time.
- Delete your data — Delete individual child profiles, flagged messages, or your entire account. Account deletion permanently removes all associated data.
- Export your data — Contact us at [email protected] to request an export of your account data.
- Withdraw consent — You may stop using the Platform and delete your account at any time.
For any data rights requests, please contact [email protected]. We will respond within 30 days.
11. Security
We take the security of your data seriously and employ industry-standard measures to protect it:
- All connections to RoboYap are encrypted using HTTPS.
- We use passwordless authentication with time-limited, single-use codes — there are no passwords to steal or leak.
- Sensitive identifiers and tokens are stored using one-way cryptographic hashes — the original values cannot be recovered, even by us.
- Sessions are secured server-side and protected against common web attacks such as cross-site forgery and session hijacking.
- Automated rate limiting is in place to prevent brute-force and abuse attempts.
- All AI requests enforce Zero Data Retention (ZDR) and are blocked from routing to providers that collect data.
No system is perfectly secure. If you discover a security vulnerability, please report it responsibly to [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective" date at the top of this page and, where practical, notify you via email. Your continued use of the Platform after changes are posted constitutes your acceptance of the revised policy.
13. Contact Us
For any privacy-related questions, concerns, or data requests, please contact us:
- Email: [email protected]
- Operator: MADNESS (FZE)