Privacy Notice
Introduction
While it is intended that third party service providers will provide profile verification services and therewith, the collection and processing of any personal data, should The Prescient Pachyderm Ltd ("Rooverse", "we", "us") decide to collect, use and share any personal data, this privacy notice ("Notice") will explain to you how it intends to do this. When you access or use any services provided by us and/or any related entity, including our apps, our websites, software and all other services (collectively, the "Rooverse Services"), personal data may be collected.
Insofar as this is collected by third party service providers or entities other than Rooverse, the privacy and data policies of such third-party service providers and the laws applicable in the jurisdiction they operate in, shall apply. As and when a third-party service provider is involved, you will be notified prior to providing your personal data to them. It shall be a personal preference whether you proceed or not but it should always be noted that such third parties operate independently from Rooverse and that any data will be treated subject to their own data / privacy policies. It shall be your responsibility to ensure you are familiar with them before proceeding.
Where Rooverse does however collect any of your data, this policy explains your privacy rights under the UK General Data Protection Regulation (together with the EU GDPR, referred to as the "GDPR").
Who this Notice applies to
This Notice applies to:
- users of the Rooverse Services, including registered account holders and unregistered visitors who browse or interact with the Rooverse Services;
- individuals who contact us about the Rooverse Services, for example to request support or provide feedback; and
- individuals who receive service communications or Rooverse marketing in line with their preferences.
This Notice does not apply to Rooverse employees, workers, contractors or job applicants. Separate privacy information is provided to those individuals where relevant.
Your use of the Rooverse Services remains subject to eligibility criteria in the Terms of Use.
1. Who we are
The Rooverse Services are operated by The Prescient Pachyderm Ltd (company number 16846775 registered in England and Wales), registered address Suite 1 First Floor, 3 Jubilee Way, Faversham, Kent, United Kingdom, ME13 8GD, which is the controller responsible for the processing of your personal data.
If you have questions about how your personal data is processed or you wish to exercise your rights (as set out in the "Your rights" section below), you can contact us at privacy@rooverse.app.
2. The data we collect about you
We may collect and process different types of personal data depending on how you use the Rooverse Services. The categories below include examples of the categories of personal data that may fall within each category. These examples are not exhaustive.
Identity Data
Includes information used to identify you, such as your username, date of birth, country of residence and information generated through identity verification, for example verification outcomes, reference IDs and risk indicators.
Contact Data
Includes information used to contact you, such as your email address and telephone number.
Profile Data
Includes information you choose to include in your profile, such as your profile photo, interests, profile biography, visibility settings and information about your account status.
Technical and Usage Data
Includes technical information and usage details generated when you access or use the Rooverse Services, such as IP address, device identifiers, device type, operating system and application version, login timestamps, session behaviour, screens or pages viewed, interactions with features, posting activity, likes, shares, referral activity and indicators used for the protection and security of the Rooverse Services.
Content Data
Includes content you upload or generate when using the Rooverse Services, such as text, images, audio, video, comments, direct messages and associated metadata.
Transaction Data
Includes information connected with special features which require a RooChip or a RooChip Lite to power/enable, such as reference numbers and amounts.
Marketing and Communications Data
Includes your marketing preferences, notification settings and voluntary responses to surveys or feedback requests.
Special Category Data
Includes any special category data (i.e. information on race, ethnic origin, political opinions, religious beliefs, trade union membership, genetics, biometrics (for identification), health, and sexual orientation) you choose to provide when using the Rooverse Services, including within your content or communications.
3. How we collect your personal data
Directly from you
We may collect personal data directly from you when you create an account, complete identity verification, update your profile, upload or publish content, message other users, participate in referrals or rewards, use paid or non-paid features or contact support.
Automatically
We may collect personal data through cookies and similar technologies, device identifiers, analytics, server logs, fraud prevention tools, or other similar methods.
From third parties
We may also collect personal data from third parties. For example:
- Identity verification providers may supply Rooverse user verification outcomes. For purposes of ID verification and/or where required by law, impersonation or account‑security issues for Verified Users, the provider may capture and process images of your identity document and facial images on our behalf to perform biometric matching; we may receive the verification result and limited metadata needed to evidence the check.
- Content‑safety systems provide automated analysis outputs that assist Rooverse with content moderation.
- Where you use a third‑party sign‑in option (for example Google or Apple), the relevant authentication provider may share basic account identifiers with us to enable sign‑in and acts as an independent controller for that sign‑in service.
These third parties process personal data either under their own controller responsibilities (for example, third‑party sign‑in providers) or under our instructions (for example, verification vendors acting as our processors), as applicable.
4. Legal bases we rely on
We may rely on one or more of the following legal bases: performance of a contract, legitimate interests, legal obligation and consent. Before we rely on legitimate interests, we consider your rights and freedoms and take them fully into account.
5. Purposes for which we use your personal data
The table below explains the purposes for which we may collect and/or use your personal data. Where legitimate interests are relied on, they are included within the Legal Basis column.
| Purpose | Categories of Data | Legal Basis |
|---|---|---|
| Create and managing your account (this includes enabling account creation, authentication and access management, including optional third-party sign-in) | Unverified User accounts: Contact Data, Profile Data, Technical and Usage Data Verified User accounts: All relevant categories of data |
Performance of contract |
| Verify identity, age and, where applicable, compliance checks (for example sanctions screening or AML/CTF checks) | Identity Data Special Category Data (biometric images/identifiers processed by our verification provider for one‑to‑one matching, where applicable) |
Performance of contract, where the verification outcome is made using automated processing that may produce legal or similarly significant effects (for example, refusal of Verified User access), we rely on the automated decision‑making exception of contractual necessity. For any Special Category Data processed as part of biometric matching, we rely on explicit consent. |
| Provide core features of the Rooverse Services including profiles, feeds, posting, interactions and messaging | Identity Data, Profile Data, Technical and Usage Data, Content Data | Performance of contract |
| Provide recommendations and personalise your experience based on interests you select and basic interactions | Profile Data, Technical and Usage Data, Content Data | Our legitimate interests in improving content relevance and user experience. |
| Moderate content, including the use of automated tools to detect AI-generated content | Content Data, Technical and Usage Data | Performance of contract, where a moderation outcome is made using automated processing that may produce legal or similarly significant effects (for example, permanent account termination or loss of Verified User access), we rely on the automated decision‑making exception of contractual necessity. For clarity, we do not rely on Special Category Data for content‑moderation decisions and do not use inferences of special‑category characteristics to make such decisions. |
| Detect and prevent fraud, abuse and suspicious activity | Technical and Usage Data, Identity Data, Wallet and Transaction Data | Our legitimate interests in protecting users and the Rooverse Services, securing transactions and preventing abuse of rewards and referrals. |
| Deliver contextual advertising and paid boosts | Technical and Usage Data, Profile Data | Our legitimate interests in generating funding for the Rooverse Services. Consent for personal data collected as part of our use of non-essential cookies (where this is required). |
| Measurement and performance reporting for the Rooverse Services, content reach, detection accuracy and contextual ads | Technical and Usage Data, Content Data, Profile Data | Our legitimate interests in ensuring reliability, improving content surfacing and supporting accurate automated systems. |
| Send service communications including verification updates, security notices, policy changes, moderation decisions and account information | Identity Data, Contact Data, Technical and Usage Data, Profile Data | Performance of contract Legal obligation Our legitimate interests in ensuring safe and effective operation of the Rooverse Services. |
| Analytics and service improvement | Technical and Usage Data | Legitimate interests in understanding usage, improving performance and enhancing safety. Consent for personal data collected as part of our use of non-essential cookies (where this is required). |
| Respond to support requests and complaints | Identity Data, Contact Data, Technical and Usage Data, Marketing and Communications Data | Performance of contract Our legitimate interests in providing efficient support and resolving issues. |
| Comply with legal obligations and respond to lawful requests | All relevant categories of data | Legal obligation |
| Process special category data that you choose to make public or explicitly consent to | Special Category Data | Explicit consent or data manifestly made public |
6. Marketing
We may send you marketing communications about the Rooverse Services if you have opted in, or if you are an existing user and have not opted out. You can update your preferences at any time in your settings or by using the opt-out instructions in our messages. [We do not sell your personal data.]
7. Cookies
For information about what types of cookies we use as part of the Rooverse Services and your choices in respect of those cookies, please visit Rooverse Cookie Notice.
8. Sharing your personal data
Service providers
We may share personal data with, or receive personal data from, service providers who support the operation of the Services, including identity verification vendors, authentication providers that enable third-party sign-in, cloud hosting partners, analytics and content safety providers, payment processors and blockchain infrastructure partners. Notwithstanding the foregoing, where it is not necessary for Rooverse to collect such data from service providers to ensure compliance with the laws and regulations applicable to its operations, Rooverse may choose not to receive data from such service providers. Service providers shall collect this data in accordance with their own obligations and shall be responsible for confirming the legitimacy of the data provided to Rooverse only. These providers must keep your data secure, act only on our instructions where they are processors, and are prohibited from using your data for their own purposes but which shall always be in accordance with the applicable data laws applying to them, under the circumstances under which such data was provided. For the avoidance of any doubt, providers that offer their own sign-in services act as independent controllers for those services.
Other users or the public
Information you choose to make public through the Rooverse Services may be visible to other users and, in some cases, to the general public.
Authorised personnel
Your personal data may be accessed by authorised personnel acting under our instructions, for example to perform safety reviews, handle user reports, provide support, investigate abuse or apply our terms.
Regulators and law enforcement
We may share personal data where required by law or to protect the rights, safety and integrity of users or the Rooverse Services.
Corporate transactions
If we are involved in a merger, acquisition or transfer of assets, your personal data may be transferred to the new operator and continue to be used as set out in this Notice.
9. International transfers
Where we transfer your personal data out of the UK or the EEA (for example, some service providers may process personal data outside the UK or the EEA), we will only do so relying on approved safeguards such as adequacy decisions, the International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses. Further details on what appropriate safeguards we rely on are available on request.
10. Data accuracy
Where we do collect personal data, we will take reasonable steps to ensure personal data is accurate and kept up to date. You shall however, be responsible for informing us of any changes and keeping your account information up-to-date. If we doubt the accuracy of data, we may request confirmation. We correct inaccuracies promptly once identified.
11. Data security
Where we collect personal data, we will have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we will limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We will have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
12. Data retention
Where we do collect personal data, we will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
13. Your rights
You have the following rights under the GDPR. These rights may be subject to conditions or limitations. These rights may be limited, for example where a right only applies depending on the legal basis we rely on to process your personal data, where fulfilling your request would reveal personal data about another person, where you ask us to delete information that we are required by law to keep or have compelling legitimate interests to retain, or where technical constraints such as blockchain immutability prevent deletion.
| Right | Summary |
|---|---|
| The right of access | Enables you to obtain confirmation from Rooverse as to whether or not personal data concerning you is being processed, and, if so, to receive a copy of your personal data. |
| The right to rectification | Enables you to correct any inaccurate or incomplete personal data we hold about you. |
| The right to erasure | Enables you to ask us to delete your personal data in certain circumstances. |
| The right to restrict processing | Enables you to ask us to halt the processing of your personal data in certain circumstances. |
| The right to object | Enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party), including processing for direct marketing purposes or profiling for purposes of direct marketing, or where we are performing a task in the public interest – your objection will be upheld, and we will cease processing your personal data, unless (other than in the case of direct marketing) the processing is based on compelling legitimate grounds or is needed for the exercise or defence of legal claims that may be brought by or against us. |
| The right to data portability | Enables you, in certain circumstances, to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible. |
Wherever we rely on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. We may however have other legal grounds for processing your data for other purposes, such as those set out above. We also give you control over our use of your data for direct marketing purposes. This means you can opt-out of receiving emails from us at any time by unsubscribing using the link provided in our emails.
Automated decision making and profiling
We may use automated systems to:
- verify identity and age for users who request Verified User access; and
- to check content for AI generated or otherwise non-permitted material.
Where a decision is made solely by automated means and may have legal or similarly significant effects, for example permanent account termination, the additional rights set out below will apply. The majority of moderation actions are not significant, such as temporary content removal or short‑term limits. In those cases the additional Article 22 GDPR rights do not apply and the additional rights below are not available to you, although you can still contact us if you believe a mistake has been made.
If you are affected by a solely automated decision that may have legal or similarly significant effects, you can request human intervention before the decision is final, you can provide information for us to review, and you can contest the decision.
How to exercise your rights
Email privacy@rooverse.app. We may ask you to verify your identity before responding to ensure personal data is not disclosed to anyone who should not receive it. Any verification information will be used only for this purpose and deleted afterwards. We aim to respond within one month and will notify you if an extension is required.
Right to complain
Whilst we encourage you to contact us first so we can address your concerns, if you are not satisfied with our response, you can lodge a complaint with the relevant data protection supervisory authority in the country in which you are based. In the UK, this is the Information Commissioner's Office.
15. Special Category Data
We do not require special category data. If you choose to include such information in content that will be publicly visible, you are choosing to make that information public. Where content is not yet publicly visible (e.g. it is being reviewed as part of our content moderation practices), we do not base automated moderation outcomes on special category information. If we need to process special category data for other purposes, we will request explicit consent and apply appropriate safeguards.
16. Children
The Rooverse Services are intended only for users aged 18 and over. If we become aware that an account belongs to a minor, we will remove it.
17. Third party links and social login
The Rooverse Services may contain links to external websites or services, which are provided by separate data controllers. Their privacy practices are governed by their own privacy notices, which you should read separately.
18. Changes to this Notice
We may update this Notice from time to time. Significant changes will be communicated through the Rooverse Services or by email. The most recent version will apply to our processing of your personal data.
19. Contact us
If you have questions about this Notice or how we handle your personal data, please contact us using the email below.
Email: privacy@rooverse.app