Privacy Policy

Last updated: April 21, 2026 · Effective April 21, 2026

This Privacy Policy explains how Koro Interactive Pte. Ltd. (UEN 202525340Z), a private company limited by shares incorporated in Singapore (“Koro Interactive”, “we”, “our”, or “us”), collects, uses, and discloses personal data in connection with the NariYume mobile application for iOS (the “App”).

We comply with the Singapore Personal Data Protection Act 2012 (“PDPA”). Where applicable, we also observe the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”) for users in those jurisdictions.

1. Summary

We collect the minimum personal data needed to run your account and sync your data across your devices.
We do not sell your personal data.
We do not use your conversations to train third-party AI models.
You can delete your account — and all associated data — from inside the App at any time.

2. Personal data we collect

2.1 Account information

When you sign in with Sign in with Apple or Google, we receive a stable user identifier (your Firebase UID). We store it alongside your chosen display name and, if your Apple/Google account shares it, your email address. We do not receive your Apple or Google password.

2.2 Conversation content

Your messages, the AI’s replies, and metadata about your character’s mood and affection state are saved so the App can give you a continuous experience across launches and devices. This content is stored in Google Firebase (Firestore) under a document keyed to your Firebase UID, and locally on your device via Apple’s SwiftData framework.

2.3 Microphone and speech data

When you use voice mode, audio is captured by your device’s microphone and transcribed on-device using Apple’s Speech Recognition framework. The transcribed text is then sent to our AI inference proxy (see §4) to generate a reply. We do not store raw audio recordings.

2.4 Usage and diagnostics

Firebase Analytics is enabled to help us understand aggregate feature usage and stability. We have configured the SDK so that no data is collected for cross-app or cross-site tracking. We do not use your data to build advertising profiles.

2.5 Purchase information

If you subscribe to NariYume Premium, Apple handles payment and shares a transaction identifier with us so we can grant your entitlement. We do not receive your payment card details.

3. Purposes of use

We collect and use personal data for the following purposes:

To create and authenticate your account.
To store and sync your conversation history, character state, and preferences across your devices.
To generate AI replies to your messages.
To process subscription entitlements.
To detect, investigate, and respond to abuse or safety issues (see §5).
To improve the App’s stability and performance.
To comply with legal obligations.

By using the App you consent, to the extent required under the PDPA, to the collection, use, and disclosure of your personal data for these purposes.

4. AI inference — third-party processor

AI responses are generated by third-party large-language models accessed through an inference proxy we operate at proxy.korointeractive.com. When you send a message, the App forwards your message, the recent conversation context, and the character’s system prompt to this proxy, which routes the request to an underlying model provider (currently OpenRouter, which in turn fronts various model providers).

We do not share your name, email, or any other direct identifier with the inference provider — only the message text and the conversation context needed to generate a reply. Model providers retain request payloads briefly to monitor for abuse; we have opted out of any provider setting that would permit using your payloads to train their models.

5. Content safety and reports

Every AI-generated message in the App exposes a Report action. When you tap Report, we record the message identifier, a truncated copy of the reported text, your Firebase UID (if signed in), and a timestamp in a separate Firestore collection used solely for human moderation review.

6. Disclosure of personal data

We do not sell personal data. We disclose personal data only to:

Service providers who process data on our behalf under contract, including Google Firebase (hosting, authentication, Firestore, Cloud Messaging) and our AI inference provider (see §4).
Regulators, courts, or law enforcement where we are required to do so by law.
Successors in connection with a merger, acquisition, or sale of assets, subject to the same protections described in this Policy.

7. International data transfers

Your personal data is stored on Google Cloud infrastructure, which may process data in the United States, the European Union, or other countries. Where we transfer personal data out of Singapore, the EU, or the United Kingdom, we rely on contractual protections (including Standard Contractual Clauses where applicable) and on the security guarantees of our underlying providers.

8. Retention

Account + conversation content: for the lifetime of your account.
Content reports: up to 12 months, then deleted.
Crash / diagnostic logs: up to 90 days.
On account deletion: we delete your Firebase Auth record, all cloud data under your user document, and wipe the on-device database from the deletion device. This is irreversible.

9. Children

The App is intended for users aged 13 and older, or the minimum digital-consent age applicable in your jurisdiction, whichever is higher. We do not knowingly collect personal data from children below that age. If we learn that we have, we will delete it promptly.

10. Your rights

Depending on where you live, you have the following rights:

Access. Request a copy of the personal data we hold about you.
Correction. Ask us to correct inaccurate data. You can update your display name in the App directly.
Deletion. Use “Delete Account” inside the App (Profile → Delete Account) to erase your account everywhere.
Portability. Request a machine-readable export.
Withdraw consent. Sign out of the App. Signing out preserves your cloud data for later return; use Delete Account for full erasure.
Object / restrict processing. Where GDPR applies, you may object to or restrict certain processing.
Lodge a complaint. You may lodge a complaint with the Singapore Personal Data Protection Commission (pdpc.gov.sg) or your local supervisory authority.

To exercise any of these rights, email our Data Protection Officer at privacy@nariyume.com. We will respond within 30 days.

11. Security

We use Apple’s Keychain for on-device credential storage, Firebase’s managed security model for cloud data, and TLS for every network request. No system is perfectly secure; we encourage you to use a strong Apple ID / Google account password and enable two-factor authentication.

If we become aware of a personal-data breach that is likely to result in significant harm to you, we will notify you in accordance with applicable law (including the PDPA’s data breach notification obligation).

12. Data Protection Officer

We have designated a Data Protection Officer responsible for overseeing compliance with this Policy and applicable data protection laws. You may contact the DPO at privacy@nariyume.com.

13. Changes to this Policy

We may update this Policy from time to time. When we do, we will post the new version here and update the date above. If the change is material, we will notify you inside the App.

14. Contact

Privacy and data requests: privacy@nariyume.com
General support: support@nariyume.com
Data Controller: Koro Interactive Pte. Ltd. (UEN 202525340Z), Singapore.

← Back to NariYume