How Roa handles personal data.
This Privacy Policy explains how FIRST LIGHT WORKS LLC collects, uses, shares, stores, and deletes personal data when you use the Roa mobile application, our related websites, and connected services.
Contents
1. Scope
This Privacy Policy applies to Roa, including the iOS app, hosted web pages, backend infrastructure, analytics, in-app purchase processing, notifications, and AI-assisted learning features.
2. Data We Collect
Account and profile data
- Firebase Authentication user ID and sign-in state, including anonymous, Apple, or Google-linked accounts.
- Nickname and basic onboarding selections such as learning language, locale, country, language, and region.
- Account creation time, linked authentication provider, and similar account metadata.
Learning and service data
- Story progress, completed scenes, branch history, endings, XP, streaks, battery status, gem balance, and learning-level data.
- Story chat history, sub-chat messages, answer selections, free-text answers, hint usage, and notification preferences.
- Push notification settings and device messaging tokens used to deliver reminders and character-message alerts.
Purchase and subscription data
- Product ID, transaction ID, purchase date, renewal or expiration date, purchase amount, currency, and subscription status.
- App Store Server Notification data needed to validate subscription events such as subscribe, renew, expire, refund, or revoke.
AI feature data
- User messages, conversation history, character context, question context, expected answers, grading context, and language settings needed to generate or evaluate responses.
- Safety-filter decisions and rate-limit metadata used to keep the service stable and reduce abuse.
Usage, analytics, and device data
- Analytics identifiers such as Firebase Analytics user ID, app instance ID, and session-related identifiers.
- App usage events such as onboarding completion, scene entry, question answering, purchase completion, battery depletion, and similar product events.
- App version, OS version, locale, currency, notification-permission status, and other configuration data associated with product analytics.
Advertising and tracking data
- If ads, measurement, or targeting features are enabled, we and our ad partners may process ad-related identifiers and ad interaction data.
- Where required by Apple or applicable law, we request App Tracking Transparency permission before using tracking-based functionality.
Support and communications
- Information you provide when you email us or request account or data-deletion support.
3. How We Use Data
- To create and maintain your account, sync progress, and restore linked accounts across devices.
- To deliver story content, sub-chat features, recommendations, answer grading, and other core learning functionality.
- To process subscriptions, gem purchases, purchase restoration, and fraud-prevention checks.
- To send notifications you enable, such as learning reminders or character-message alerts.
- To analyze product usage, improve pacing, study retention, and understand purchase and engagement behavior.
- To operate safety controls, rate limits, abuse prevention, and internal service monitoring.
- To comply with legal obligations, enforce our Terms of Service, and respond to lawful requests.
4. Legal Bases
Depending on where you live, we process personal data on one or more of the following grounds: to perform our contract with you, with your consent, to comply with legal obligations, and for our legitimate interests in operating, securing, and improving Roa.
5. How We Share Data
We do not sell personal information for money. We may share data with service providers and partners that help us operate Roa, including:
- Google / Firebase / Google Cloud: authentication, Firestore, hosting, analytics, push messaging, and related infrastructure.
- Apple: App Store billing, subscription validation, renewal status, and purchase restoration.
- AI providers: Anthropic, OpenAI, and Google, when used to generate or evaluate learning interactions.
- Telegram: internal operational alerts for events such as user creation or purchases.
- Advertising partners: such as Google AdMob, if ads or measurement features are enabled.
- Professional advisers, regulators, or law enforcement: when required by law or reasonably necessary to protect rights, safety, or the service.
- Business transfers: if we are involved in a merger, acquisition, financing, or asset sale.
6. International Processing
Roa uses infrastructure and service providers that may process data outside your country, including in the United States and other jurisdictions where our vendors operate. By using the service, you understand that your data may be transferred to and processed in those locations, subject to applicable safeguards.
7. Data Retention
- Core account and learning data are generally kept while your account remains active.
- When you delete your account, we initiate deletion of your authentication record and related Firestore user data, including settings, progress, sub-chat data, chat history, notification tokens, and service-side purchase records tied to your account.
- Analytics export data may be retained for up to 365 days, and intraday analytics data may remain for shorter system-managed periods.
- Financial, tax, fraud-prevention, security, legal, and audit records may be retained longer where permitted or required by law.
- Third-party platforms such as Apple, Firebase, and AI providers may retain certain records under their own policies and legal obligations.
8. Your Choices and Rights
- You can edit profile information such as your nickname in the app.
- You can manage notifications and tracking permissions through the app and your device settings.
- You can manage subscriptions through your Apple account settings. Deleting your Roa account does not automatically cancel an active Apple subscription.
- You can request account deletion in-app from Profile > Edit Profile > Delete Account.
- If you cannot access the app, you can email crafanic@gmail.com for account or privacy requests.
- Depending on applicable law, you may have rights to request access, correction, deletion, restriction, objection, or a copy of certain data.
9. Security
We use administrative, technical, and organizational measures designed to protect personal data. No service can guarantee absolute security, so you should also protect your devices, accounts, and credentials.
10. Children
If you believe a child has provided personal data in a way that requires parental or guardian consent under applicable law, please contact us at crafanic@gmail.com so we can review the situation.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we may provide notice through the app, our website, or other appropriate means. The updated version becomes effective on the posted effective date.