Privacy Policy

Effective Date: June 5, 2026

01

Introduction

This Privacy Policy explains how Risus collects, uses, discloses, stores, and protects information when you use the Risus mobile app, website, APIs, and related services, together called the "Service."

If you do not agree with this Privacy Policy, do not use the Service.

Our Primary Goals:

  • Create, authenticate, secure, and manage your account
  • Provide posts, pings, chat rooms, messaging, media upload, notifications, search, profiles, bookmarking, and AI features
  • Personalise the Service and improve usability
  • Moderate content, investigate reports, and enforce our policies
  • Prevent spam, fraud, abuse, illegal activity, and security incidents
  • Provide customer support and respond to your requests
  • Analyse performance, diagnose crashes, and improve reliability
  • Comply with legal obligations, lawful requests, and child-safety duties

Data Protection Officer: For privacy-related questions, account deletion requests, data access requests, or other privacy concerns, contact our privacy team at privacy@risus.io.

02

Scope and Application

This Privacy Policy applies to all users of the Risus mobile app, website, APIs, and related services (the "Service"). It covers the information we collect when you browse, register, post content, send messages, use AI-assisted features, or otherwise interact with the Service. It does not apply to third-party services that may be linked from our platform — those services have their own privacy policies.

03

What We Collect

We collect information you provide directly, content and activity you create or interact with, information collected automatically as you use the Service, and information we receive from other users and third parties.

Types of Personal Information:

Name, display name, username, email & profile details

Password credentials or authentication tokens (hashed where applicable)

Verification information (OTP, email verification, session security)

Google sign-in details, if you sign in with Google

Posts, pings, reposts, captions, comments, reactions, likes & bookmarks

Chat rooms, direct messages, attachments & related metadata

Uploaded images, videos, audio & documents

Reports, moderation requests, block/mute actions & appeals

AI prompts, generated outputs, feedback & usage logs

Device, network, app version & diagnostic logs

Notification tokens & delivery status

Media metadata (creation time, device info, embedded location)

When you sign in with Google, we use only the Google account identifier, name, email address, and profile image that you authorise. Uploaded images or videos may contain embedded metadata, including location. Risus does not use device GPS for foreground location unless separately disclosed, and avoids accessing or retaining media location metadata where it is not needed. We may also receive information about you from other users (for example, when they message, tag, or report you) and from our service providers.

How We Use Your Information:

Account & Service Provision

Creating and authenticating your account, securing it, and delivering the core features of the platform.

Content, Messaging & AI Features

Processing posts, pings, messages, media, and AI-assisted captions, suggestions, and enhancements.

Safety, Moderation & Legal Compliance

Reviewing reports, enforcing policies, preventing abuse, protecting users, and meeting legal and child-safety obligations.

04

How We Store, Share & Protect Your Data

Data Storage

Personal information is stored in secure servers located in Cloud infrastructure operated by trusted hosting providers.

Your information may be processed in countries other than where you live. Where required, we use appropriate safeguards for international data transfers.

Risus uses trusted third-party providers for hosting and storage, authentication (including Google sign-in), analytics, crash reporting, push notifications, AI processing, email and SMS verification, content delivery, moderation, security, and support. Providers may process limited information only as necessary to provide their services and are not permitted to use it for their own purposes except as permitted by contract or law. Risus does not sell personal information.

Data Protection Measures

1

Encryption in Transit

Data transmitted between your device and our servers is protected using modern cryptography such as HTTPS/TLS.

2

Access Controls

Access to personal data is restricted to authorised personnel on a need-to-know basis, with monitoring of unusual activity.

3

Security Review

We conduct regular security reviews and monitoring. No system is completely secure, and we cannot guarantee absolute security.

4

Limited Retention

We keep information only as long as needed to provide the Service and meet legal, safety, and dispute obligations. Reports and enforcement records may be kept longer, and backups persist for a limited time during normal backup cycles.

Data Processing Agreements

We may disclose information when required by law, to protect rights and safety, to investigate abuse, to prevent harm, or to report illegal content. If Risus is involved in a merger, acquisition, financing, restructuring, or asset sale, information may be transferred as part of that transaction, subject to appropriate safeguards.

05

Your Rights and Choices

Depending on your location, you may have rights to access, correct, download, delete, restrict, or object to the processing of your personal data. To make a privacy request, contact us at privacy@risus.io. We may need to verify your identity before responding, and we aim to respond within the timeframes required by applicable law.

Right of Access

Art. 15 GDPR / CCPA

Request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification

Art. 16 GDPR

Request correction of inaccurate or incomplete personal information we hold about you.

Right to Erasure

Art. 17 GDPR / CCPA

Request deletion of your account and associated personal data, subject to legal and safety retention requirements.

Right to Restriction

Art. 18 GDPR

Request that we restrict processing of your personal data under certain conditions.

Right to Data Portability

Art. 20 GDPR

Receive your personal data in a structured, commonly used, machine-readable format.

Right to Object

Art. 21 GDPR

Object to the processing of your personal data, including for direct marketing purposes.

Withdraw Consent

Art. 7(3) GDPR

Withdraw optional permissions (camera, microphone, notifications, media access) at any time through your device settings. Withdrawing consent does not affect prior lawful processing.

Right to Lodge a Complaint

Art. 77 GDPR

Lodge a complaint with a supervisory authority if you believe our processing violates applicable data protection laws.

Exercising Your Rights

Contact us at privacy@risus.io to exercise any of these rights. You can also control app permissions, and withdraw optional consents such as camera, microphone, notifications, or media access, through your device settings.

06

Cookies and Tracking Technologies

Our website (risus.io) may use cookies, local storage, server logs, and similar technologies to provide essential website functions, protect forms from abuse, remember preferences, measure performance, and improve the website.

Cookies are small data files stored on your device. The mobile app does not use browser cookies but may use equivalent on-device storage. See our Cookie Notice for more detail.

Essential

Required for security, form submission, account deletion requests, and basic website operation. These cannot be disabled without breaking site functionality.

Preference

Remember language or display choices to provide a consistent experience across sessions.

Analytics

Help us understand website visits and errors, where enabled, so we can fix issues and improve the experience.

Security

Help detect spam, abuse, bots, and fraudulent requests. May be set by our security service providers.

For more detailed information about cookies, visit our Cookie Policy at https://risus.io/cookie-notice

07

Children's Privacy (COPPA)

Risus is intended for users who are at least 13 years old, or the minimum age required in their country. In compliance with the Children's Online Privacy Protection Act (COPPA), Risus does not knowingly collect, use, or disclose personal information from children under the age of 13.

Age Requirements

You must be at least 13 years old (or the minimum age required in your country) to create an account. If you are under the age of legal majority in your jurisdiction, you confirm that you have parental or guardian consent. Accounts determined to belong to users under 13 may be suspended, restricted, or permanently removed.

If we discover that a user under the age of 13 has created an account or provided personal information, we will take appropriate steps to remove the account and delete the associated data, subject to legal, safety, security, moderation, and backup retention requirements.

Parental Rights

Parents or legal guardians who believe their child has provided personal information to Risus may contact us at privacy@risus.io. Risus also prohibits content or conduct that exploits, endangers, sexualizes, abuses, or harms children — see our Child Safety and CSAE Standards for more information.

🛡️

Child Safety Standards

Risus maintains a strict, zero-tolerance policy against Child Sexual Abuse and Exploitation (CSAE). We explicitly prohibit any content, behavior, or activity that sexually exploits, abuses, or endangers children — including grooming, sextortion, trafficking, and the sharing of exploitative material.

Zero Tolerance Policy

Any user found violating our child safety standards will face immediate and permanent account termination and may be reported to the appropriate authorities, including NCMEC and local law enforcement.

CSAM Reporting

Child Sexual Abuse Material is immediately removed, the offending account disabled, and the incident reported to NCMEC and relevant law enforcement.

In-App Reporting

Users can report suspicious behavior or content by visiting the post or profile, selecting "Report" or "Flag", and choosing the appropriate safety category.

Dedicated Child Safety Contact

For safety enforcement questions or severe escalations, contact our Child Safety Point of Contact directly.

buzzee@risus.io
08

Compliance with United States Privacy Laws

For residents of the United States, the following rights may apply under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable state privacy laws.

Right to Know

Request disclosure of the categories and specific pieces of personal information we have collected, the sources, our purposes, and any third parties with whom we share it.

Right to Delete

Request deletion of personal information we have collected, subject to exceptions for legal compliance, safety, and fraud prevention.

Right to Correct

Request correction of inaccurate personal information we hold about you.

Right to Opt-Out of Sale/Sharing

Risus does not sell personal information and does not share personal information for cross-context behavioural advertising.

Right to Limit Sensitive Data Use

Request that we limit our use of sensitive personal information to what is necessary to provide the Services.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights.

Submitting Requests

Submit requests by emailing privacy@risus.io. We will verify your identity by comparing the information you provide with our records before processing your request.

09

Data Breach Notification

We maintain security measures designed to protect your personal data. In the event of a data breach that poses a risk to your rights and freedoms, we have procedures to promptly identify, assess, and respond.

1

Detection and Containment

Security monitoring helps detect anomalous activity. Upon detection, we work to contain the breach and assess its scope and impact.

2

Regulatory Notification

Where required by applicable law (for example, the GDPR 72-hour rule), we notify the relevant supervisory authority within the legally required timeframe.

3

Individual Notification

Where a breach is likely to result in high risk to your rights and freedoms, we will notify affected users promptly with information about what happened and what steps to take.

4

Remediation and Support

We take steps to remediate the breach and provide guidance to affected individuals on how to protect themselves.

If you have questions about a potential breach or believe your account may have been compromised, contact us immediately at privacy@risus.io.

Get in Touch

Have questions about our privacy policy? We're here to help.

© 2026 Risus. All rights reserved.

Your privacy is our priority.