Privacy Policy
We collect what we need to make Roo work for your family. Your account details and a nickname for each child (not their real name). Photos you take stay on your device. We don't sell data, run ads, or share information with anyone who doesn't need it. You can delete everything any time, instantly.
1. Who we are
Roo is a screen-free activity app for children, made by a small team in the United Kingdom. This policy covers everything Roo does, the app and the website.
If you've got questions, email us at privacy@rooapp.co.uk.
2. What we collect
Your parent account
When you sign up, we collect:
- Your email address (or Apple ID if you use Sign in with Apple)
- A password, if you create one (we never see this in plain text)
Each child's profile
For every child you add to Roo, we collect:
- A nickname, not their real name (you choose what to use, like "Buttercup", "Champ", or just their initial)
- Their age
- Their answers to the personality quiz
Why nicknames? Because Roo doesn't need your child's real name to work. Using a nickname means even if anything ever went wrong, your child stays unidentifiable. It's a small thing that protects your family.
Activity data
- Which activities you've done together
- Badges earned, streaks, and progress milestones (these are linked to your parent account, not to the child)
Photos
If you use the camera to set a profile picture or save a memory from an activity, those photos stay on your device. We never upload them to our servers, never see them, never store them.
Automatically
Standard technical info that any app or website collects: device type, app version, IP address, basic logs to keep things running.
3. What we don't collect
- No location data. Roo doesn't know or care where you are.
- No analytics or tracking. We don't use Google Analytics, Mixpanel, or any usage trackers.
- No advertising. No ads in the app, no advertising cookies on the website, no retargeting pixels.
- No third-party social tracking. Roo doesn't talk to Facebook, TikTok, or anyone like that.
- No payment details. Subscriptions are handled by Apple, so your card details never touch us.
- No microphone or contacts access. Roo doesn't ask for either.
- No photo uploads. Photos you take stay on your device. We never see them.
4. How we use your data
We use the information we collect to:
- Let you sign in to Roo
- Generate activities matched to your child's personality, age, and what you've got at home
- Keep track of badges, streaks, and progress so you can see your child's playtime journey
- Reply to your messages if you contact us
- Keep Roo secure and working properly
We never use your data for marketing without your separate, explicit consent.
5. The AI bit (this is important)
To generate activities tailored to your child, Roo sends some information to a trusted third-party AI provider. Specifically:
- Your child's age and nickname
- Their personality profile
- The filters you've chosen (energy level, time available, materials)
We don't send your name, your email, your real child's name, your location, or anything else that could identify you.
When we send this information:
- It is not used to train AI models
- It is not stored long-term
- It is processed only to return an activity suggestion
If we ever change provider, we'll only use providers with the same protections.
6. The camera
Roo can use your phone's camera, but only when you choose to:
- Take a profile picture for yourself or a child
- Save a photo of an activity you've done together (a "memory")
The camera only ever works after you've explicitly given permission, and iOS will ask you the first time. You can revoke that permission any time in your iPhone Settings.
Photos stay on your device. We don't upload them, see them, store them on our servers, or back them up. They live in your device's photo library, full stop.
7. Where your data lives
Your account and child profile data is stored securely in Supabase, our cloud database provider. Data is encrypted in transit (HTTPS) and at rest. Servers may be located outside the UK or EU, and where that's the case we use Standard Contractual Clauses approved by the UK Information Commissioner's Office to protect your information.
Photos taken in the app stay on your device only.
8. Children's data
Roo is designed to be set up by a parent or guardian. Children don't create accounts themselves.
Because we collect a nickname, age, and personality profile for each child, we treat this data with extra care:
- We use nicknames instead of real names by design, so the data is far less personally identifiable
- It's only ever used to personalise activities for that child
- It's never shared with anyone outside of what's described in this policy
- It's never used for marketing or advertising
- You can delete a child's profile any time from within the app
If a child somehow contacts us directly, we'll delete their information immediately. Please email us at privacy@rooapp.co.uk if you believe this has happened.
9. Sharing your data
We only share data with companies that help us run Roo:
- Apple — handles your subscription and Sign in with Apple, if you use it
- Supabase — stores your account and profile data
- Our AI provider — generates activities (see section 5 for what's sent)
We never sell your data. Not to advertisers, not to data brokers, not to anyone.
If we're ever required by law to share data (a court order, for example), we'll comply, but we'll push back on requests that aren't legitimate.
10. Your rights
Depending on where you live, you've got rights over your data. We honour all of them, no matter where you are.
You can:
- See what we hold about you and your children
- Correct anything inaccurate
- Delete your account and all data, any time, instantly, from within the app
- Withdraw consent any time
- Take your data with you in a portable format
- Complain to a regulator if you think we've handled things badly
UK and EU residents
You can complain to the UK Information Commissioner's Office at ico.org.uk or to your national data protection authority.
California residents
You have all the rights above under the California Consumer Privacy Act (CCPA), plus the right to opt out of any sale of personal information. We don't sell data anyway, so this doesn't apply, but the right exists.
To exercise any of these rights, email privacy@rooapp.co.uk.
11. How long we keep your data
- Your account and child profiles: as long as your account is active. When you delete your account, it's gone instantly. No grace period, no archive, no recovery.
- Activity history and progress: deleted with your account.
- Technical logs: up to 90 days, for security and troubleshooting.
When you hit delete, it deletes. Properly.
12. Security
We protect your data with:
- Encryption in transit (HTTPS everywhere) and at rest
- Strict access controls, only the small team that needs to access data can
- Regular reviews of who has access and why
- Two-factor authentication on all our internal accounts
No system is 100% secure, but we work hard to keep yours safe. If we ever have a data breach that affects you, we'll tell you within 72 hours, as the law requires.
13. Cookies and similar tech
The Roo app doesn't use cookies in the traditional web sense. It does store some information on your device (so the app remembers you're signed in, for example).
The Roo website uses only essential cookies needed to make it work. See our Cookie Notice for the full breakdown.
14. Changes to this policy
If we change this policy in a way that materially affects your rights or how we use your data, we'll tell you in the app or by email before the change takes effect.
For smaller updates (clarifications, typos, that sort of thing), we'll update the "last updated" date at the top.
15. Contact
For any privacy questions, requests, or complaints:
We aim to reply within 2 working days. We're based in the UK and reply during UK working hours, Monday to Friday.
