Privacy Policy

VikiViki - AI Character Roleplay Chat

Last Updated: May 1, 2026

1. Introduction

Welcome to VikiViki. We operate the VikiViki mobile application (the "App"), an AI character roleplay chat platform. This Privacy Policy explains how GACMeta TECHNOLOGY., LIMITED ("we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our App. Please read this Privacy Policy carefully. By using VikiViki, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect information you provide directly, including:

  • Name or display name
  • Email address
  • Profile avatar
  • Authentication data from third-party sign-in providers (Google, Apple)

2.2 Usage Data

We automatically collect certain information when you use the App, including:

  • App usage patterns and feature interactions
  • Session duration and frequency
  • In-app actions and preferences

2.3 Device Information

We may collect device-specific information such as:

  • Device model and operating system version
  • Unique device identifiers
  • IP address
  • Language and timezone settings

2.4 Chat Messages with AI Characters

Your chat history stays on your device.

  • We do not upload your chat history to the cloud.
  • Your conversations are stored on the device you are currently using.
  • If you uninstall the App or switch to a new device, your chat history cannot be recovered.
  • Your privacy belongs to you.

Your chat history is shared between your devices only when you explicitly enable "Cross-device chat history sync" in the App. This option is turned off by default.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and maintain the Service: To operate the App, process your chat messages, and deliver AI character responses.
  • Improve the App: To understand how users interact with VikiViki and enhance our features, content, and user experience.
  • Analytics: To analyze usage trends, monitor the effectiveness of our services, and diagnose technical issues.
  • Communicate with you: To send service-related notices, updates, security alerts, and support messages.

4. Third-Party Services and SDKs

We integrate the following third-party services and SDKs in the App. Each provider operates under its own privacy policy. We disclose them here in compliance with Apple App Review Guideline 5.1.2(i) and Google Play's SDK disclosure requirements.

4.1 Attribution & Marketing Analytics

  • Adjust GmbH (Adjust SDK): Used to measure marketing campaign effectiveness, attribute installs to specific ad campaigns, and detect fraud. Adjust collects device identifiers (IDFA on iOS where authorized via ATT, GAID on Android), IP address, and install / session events. Tracking domains: app.adjust.com, app.adjust.world, app.adjust.net.in, app.adjust.com.cn. See Adjust Privacy Policy.
  • Meta Platforms, Inc. (Facebook App Events SDK): Used to report install and in-app events back to Facebook Ads Manager for ad campaign optimization (this is our primary user-acquisition channel). Collects advertising identifiers and event data when tracking is authorized. Tracking domains: facebook.com, graph.facebook.com, connect.facebook.net. See Meta Privacy Policy.

4.2 Authentication

  • Google LLC (Google Sign-In): Used when you choose to sign in with your Google account. Receives only the OAuth credentials you authorize (typically email and basic profile). See Google Privacy Policy.
  • Apple Inc. (Sign in with Apple): Used when you choose to sign in with your Apple ID. Receives only the credentials you authorize. See Apple Privacy Policy.

4.3 In-App Purchases

  • Apple App Store (iOS): All purchases on iOS are processed by Apple. Apple receives your Apple ID, payment information, and purchase data. We receive only an opaque purchase token used to verify the transaction.
  • Google Play Billing (Android): All purchases on Android are processed by Google Play. Google receives your Google account, payment information, and purchase data. We receive only an opaque purchase token used to verify the transaction.

4.4 AI Content Generation Providers

Your chat messages and image-generation prompts are sent to the following providers for the sole purpose of generating responses / images. We list each one by name to comply with Apple App Review Guideline 5.1.2(i). Depending on the model configured for the character you are chatting with, your text may be sent directly to the provider's API or routed through an aggregation gateway (OpenRouter, Inc.). In either case, the text of your message, the recent conversation context, and the character's configuration (system prompt and personality parameters) are transmitted.

  • OpenAI, L.L.C. (Text Generation): Used when the character is configured with an OpenAI model (e.g., GPT-4 family). Connections may be made directly to OpenAI or through OpenRouter. See OpenAI Privacy Policy.
  • Anthropic, PBC (Text Generation): Used when the character is configured with a Claude model (Claude 3 / 3.5 / 4 family). Connections may be made directly to Anthropic or through OpenRouter. See Anthropic Privacy Policy.
  • Google LLC (Text Generation): Used when the character is configured with a Gemini model. Connections may be made directly to Google's Generative Language API or through OpenRouter. See Google Privacy Policy.
  • OpenRouter, Inc. (Aggregation Gateway): When a character is configured to be served through OpenRouter, we proxy the request through OpenRouter's API to reach the upstream model provider above (and, in some configurations, additional upstream providers including Meta's Llama and Mistral AI). See OpenRouter Privacy Policy.
  • Meta Platforms, Inc. (Llama, optional): If a character is configured to use a Llama model, the request is routed through OpenRouter to Meta's Llama-hosted endpoint. See Meta Privacy Policy.
  • Mistral AI (optional): If a character is configured to use a Mistral model, the request is routed through OpenRouter to Mistral's endpoint. See Mistral AI Privacy Policy.
  • VastAI / Self-Hosted ComfyUI (Image Generation Infrastructure): Image-generation requests (including the prompt text you provide) are sent to GPU-server instances we operate, hosted on rented compute infrastructure provided by VastAI or equivalent providers. These servers run open-source ComfyUI / Stable-Diffusion models and act as our infrastructure rather than as an independent third-party AI vendor. See VastAI Privacy Policy.

4.5 Cloud Infrastructure

  • Amazon Web Services (AWS): Hosts our backend servers, databases, and S3 object storage (used for user-generated content and AI-generated images). All transmissions are encrypted via HTTPS / TLS.

5. AI Data Processing Disclosure (Apple Guideline 5.1.2(i))

VikiViki transmits user input to third-party AI providers in order to generate AI-character responses and AI-generated images. We disclose the following:

  • Specific Providers Receiving Your Data: Text chat messages are sent — directly or via the OpenRouter aggregation gateway — to one or more of the following large-language-model providers, depending on the model configured for the character you are chatting with: OpenAI, L.L.C., Anthropic, PBC, Google LLC (Gemini), and, when accessed via OpenRouter, OpenRouter, Inc. itself plus optionally Meta Platforms, Inc. (Llama) or Mistral AI. Image-generation prompts are sent to our infrastructure on VastAI running open-source diffusion models.
  • Data Types Transmitted: the text of your message, the most recent messages in the current conversation (used as context), the character configuration (system prompt and personality parameters), and image-generation prompts. We do not send your account email, real name, payment information, or device identifiers to AI providers.
  • Server Locations: AI providers may process your data on servers located in the United States, the European Union, or other regions, depending on the provider's infrastructure.
  • Retention by AI Providers: Each provider retains data according to its own policy. As of the "Last Updated" date above, OpenRouter and the upstream model providers we use generally retain request data only for abuse detection and do not use it to train models when accessed through their privacy-aware API tiers.
  • No Training on Your Conversations: We do not use your conversations to train, fine-tune, or improve any AI model ourselves, and we configure third-party providers to disable training-on-input where the provider exposes that option.
  • Your Choice: If you do not want your messages transmitted to AI providers, do not send messages in the App. Your chat history is kept on your device; deleting the App or your account also removes any associated data.

6. Data Sharing

  • No Selling of Data: We do not sell your personal information to third parties.
  • Service Providers: We may share your information with trusted third-party service providers who assist us in operating the App, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
  • Legal Requirements: We may disclose your information where required to do so by law, or in response to valid requests by public authorities (e.g., a court or government agency).

7. Data Storage & Security

Your data is stored on secure cloud servers. We implement industry-standard security measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and authentication for internal systems
  • Regular security assessments and monitoring
  • Secure data backup procedures

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

Chat messages: Your chat history is kept on your device. Uninstalling the App or switching devices removes your local chat history. Cross-device chat history sync is disabled by default; you can opt in from Settings > Privacy & Data.

Account information: We retain account information (such as your email and profile) for as long as your account is active or as needed to provide you with our services. If you request deletion of your account, we will delete your account information within 30 days of the request, except where we are required to retain certain information for legal or regulatory purposes.

9. Children's Privacy

VikiViki is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@vikiviki.cc.

10. Your Rights

You have the following rights regarding your personal data:

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may request that we correct inaccurate or incomplete personal data.
  • Deletion: You may request deletion of your personal data by deleting your account through the App (Settings > Account > Delete Account) or by contacting us.
  • Opt-Out: You may opt out of receiving promotional communications from us by following the unsubscribe instructions in those messages.

11. For EU Users (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent local laws.

  • Data Controller: GACMeta TECHNOLOGY., LIMITED, located at WEST WING, 2/F., 822 LAI CHI KOK ROAD, CHEUNG SHA WAN HONG KONG, is the data controller responsible for processing your personal data.
  • Legal Basis for Processing: We process your personal data based on your consent (e.g., when you create an account), contractual necessity (to provide the service), and our legitimate interests (to improve and secure the App).
  • Privacy Inquiries / Data Protection Contact: For GDPR-related inquiries, please contact us at support@vikiviki.cc or via our general support email at support@vikiviki.cc.
  • Your Rights: In addition to the rights listed above, you have the right to data portability, the right to restrict processing, the right to object to processing based on legitimate interests, and the right to lodge a complaint with the supervisory authority of your country of residence.
  • International Transfers: Your data may be transferred to and processed in countries outside the EEA (notably the United States, where some of our AI providers and cloud servers operate). Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms to protect your data.

12. For California Users (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Categories of Information Collected: Identifiers (name, email), internet or electronic network activity (usage data, device information), and user-generated content (chat messages).
  • Right to Know: You have the right to request disclosure of the personal information we have collected about you.
  • Right to Delete: You have the right to request deletion of your personal information.
  • Right to Opt-Out: We do not sell personal information. If this changes, we will provide you with the right to opt out.
  • Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.

14. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at: