Effective Date: June 5, 2026
This Privacy Policy explains how Risus collects, uses, discloses, stores, and protects information when you use the Risus mobile app, website, APIs, and related services, together called the "Service."
If you do not agree with this Privacy Policy, do not use the Service.
Data Protection Officer: For privacy-related questions, account deletion requests, data access requests, or other privacy concerns, contact our privacy team at privacy@risus.io.
This Privacy Policy applies to all users of the Risus mobile app, website, APIs, and related services (the "Service"). It covers the information we collect when you browse, register, post content, send messages, use AI-assisted features, or otherwise interact with the Service. It does not apply to third-party services that may be linked from our platform — those services have their own privacy policies.
We collect information you provide directly, content and activity you create or interact with, information collected automatically as you use the Service, and information we receive from other users and third parties.
Name, display name, username, email & profile details
Password credentials or authentication tokens (hashed where applicable)
Verification information (OTP, email verification, session security)
Google sign-in details, if you sign in with Google
Posts, pings, reposts, captions, comments, reactions, likes & bookmarks
Chat rooms, direct messages, attachments & related metadata
Uploaded images, videos, audio & documents
Reports, moderation requests, block/mute actions & appeals
AI prompts, generated outputs, feedback & usage logs
Device, network, app version & diagnostic logs
Notification tokens & delivery status
Media metadata (creation time, device info, embedded location)
When you sign in with Google, we use only the Google account identifier, name, email address, and profile image that you authorise. Uploaded images or videos may contain embedded metadata, including location. Risus does not use device GPS for foreground location unless separately disclosed, and avoids accessing or retaining media location metadata where it is not needed. We may also receive information about you from other users (for example, when they message, tag, or report you) and from our service providers.
Creating and authenticating your account, securing it, and delivering the core features of the platform.
Processing posts, pings, messages, media, and AI-assisted captions, suggestions, and enhancements.
Reviewing reports, enforcing policies, preventing abuse, protecting users, and meeting legal and child-safety obligations.
Personal information is stored in secure servers located in Cloud infrastructure operated by trusted hosting providers.
Your information may be processed in countries other than where you live. Where required, we use appropriate safeguards for international data transfers.
Risus uses trusted third-party providers for hosting and storage, authentication (including Google sign-in), analytics, crash reporting, push notifications, AI processing, email and SMS verification, content delivery, moderation, security, and support. Providers may process limited information only as necessary to provide their services and are not permitted to use it for their own purposes except as permitted by contract or law. Risus does not sell personal information.
Data transmitted between your device and our servers is protected using modern cryptography such as HTTPS/TLS.
Access to personal data is restricted to authorised personnel on a need-to-know basis, with monitoring of unusual activity.
We conduct regular security reviews and monitoring. No system is completely secure, and we cannot guarantee absolute security.
We keep information only as long as needed to provide the Service and meet legal, safety, and dispute obligations. Reports and enforcement records may be kept longer, and backups persist for a limited time during normal backup cycles.
We may disclose information when required by law, to protect rights and safety, to investigate abuse, to prevent harm, or to report illegal content. If Risus is involved in a merger, acquisition, financing, restructuring, or asset sale, information may be transferred as part of that transaction, subject to appropriate safeguards.
Depending on your location, you may have rights to access, correct, download, delete, restrict, or object to the processing of your personal data. To make a privacy request, contact us at privacy@risus.io. We may need to verify your identity before responding, and we aim to respond within the timeframes required by applicable law.
Art. 15 GDPR / CCPA
Request a copy of the personal data we hold about you and information about how we process it.
Art. 16 GDPR
Request correction of inaccurate or incomplete personal information we hold about you.
Art. 17 GDPR / CCPA
Request deletion of your account and associated personal data, subject to legal and safety retention requirements.
Art. 18 GDPR
Request that we restrict processing of your personal data under certain conditions.
Art. 20 GDPR
Receive your personal data in a structured, commonly used, machine-readable format.
Art. 21 GDPR
Object to the processing of your personal data, including for direct marketing purposes.
Art. 7(3) GDPR
Withdraw optional permissions (camera, microphone, notifications, media access) at any time through your device settings. Withdrawing consent does not affect prior lawful processing.
Art. 77 GDPR
Lodge a complaint with a supervisory authority if you believe our processing violates applicable data protection laws.
Contact us at privacy@risus.io to exercise any of these rights. You can also control app permissions, and withdraw optional consents such as camera, microphone, notifications, or media access, through your device settings.
Risus is intended for users who are at least 13 years old, or the minimum age required in their country. In compliance with the Children's Online Privacy Protection Act (COPPA), Risus does not knowingly collect, use, or disclose personal information from children under the age of 13.
You must be at least 13 years old (or the minimum age required in your country) to create an account. If you are under the age of legal majority in your jurisdiction, you confirm that you have parental or guardian consent. Accounts determined to belong to users under 13 may be suspended, restricted, or permanently removed.
If we discover that a user under the age of 13 has created an account or provided personal information, we will take appropriate steps to remove the account and delete the associated data, subject to legal, safety, security, moderation, and backup retention requirements.
Parents or legal guardians who believe their child has provided personal information to Risus may contact us at privacy@risus.io. Risus also prohibits content or conduct that exploits, endangers, sexualizes, abuses, or harms children — see our Child Safety and CSAE Standards for more information.
Risus maintains a strict, zero-tolerance policy against Child Sexual Abuse and Exploitation (CSAE). We explicitly prohibit any content, behavior, or activity that sexually exploits, abuses, or endangers children — including grooming, sextortion, trafficking, and the sharing of exploitative material.
Any user found violating our child safety standards will face immediate and permanent account termination and may be reported to the appropriate authorities, including NCMEC and local law enforcement.
Child Sexual Abuse Material is immediately removed, the offending account disabled, and the incident reported to NCMEC and relevant law enforcement.
Users can report suspicious behavior or content by visiting the post or profile, selecting "Report" or "Flag", and choosing the appropriate safety category.
Dedicated Child Safety Contact
For safety enforcement questions or severe escalations, contact our Child Safety Point of Contact directly.
For residents of the United States, the following rights may apply under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable state privacy laws.
Request disclosure of the categories and specific pieces of personal information we have collected, the sources, our purposes, and any third parties with whom we share it.
Request deletion of personal information we have collected, subject to exceptions for legal compliance, safety, and fraud prevention.
Request correction of inaccurate personal information we hold about you.
Risus does not sell personal information and does not share personal information for cross-context behavioural advertising.
Request that we limit our use of sensitive personal information to what is necessary to provide the Services.
We will not discriminate against you for exercising any of your privacy rights.
Submit requests by emailing privacy@risus.io. We will verify your identity by comparing the information you provide with our records before processing your request.
We maintain security measures designed to protect your personal data. In the event of a data breach that poses a risk to your rights and freedoms, we have procedures to promptly identify, assess, and respond.
Security monitoring helps detect anomalous activity. Upon detection, we work to contain the breach and assess its scope and impact.
Where required by applicable law (for example, the GDPR 72-hour rule), we notify the relevant supervisory authority within the legally required timeframe.
Where a breach is likely to result in high risk to your rights and freedoms, we will notify affected users promptly with information about what happened and what steps to take.
We take steps to remediate the breach and provide guidance to affected individuals on how to protect themselves.
If you have questions about a potential breach or believe your account may have been compromised, contact us immediately at privacy@risus.io.