Blog

Privacy Policy

Effective Date: [12.02.2025]

Version: 1.2 (initial realese)

Welcome to Ruj.app

Operated by Lycia Creative LTD (Company No. 14906091), registered at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, UK. Ruj.app (“we,” “us,” or “our”) provides AI-driven adult content creation and interaction services via Telegram. By using our services, you agree to this Privacy Policy.

1. Information We Collect

a. Personal Information

  • Creators: Name, surname, date of birth, email, Telegram ID, payment details (bank/crypto wallet), and KYC verification data (processed by third-party didit.me; we do not store ID/face scans).
  • Users: Telegram ID, interactions with AI characters, and preferences.

b. Chat Data

All chat logs (text) are encrypted and retained for 1 year, even if deleted via /clear. This retention is necessary to comply with legal obligations such as the UK Online Safety Act, which requires platforms to take measures against illegal content and ensure user safety by enabling content moderation and detection of harmful content. We store user conversations with AI characters, but do not store generated images.

c. Image Generation

Images are generated via third-party APIs, including but not limited to: fal.ai, replicate.com, novita.ai, modelslab.com, openrouter.com, runpod.io. We do not store these generated images. Please be aware that these third-party image providers may store images depending on their individual service policies. We recommend reviewing their respective privacy policies for details on their data handling practices.

d. Usage Data

We do not collect IP addresses, locations, or device data. Interaction occurs solely via Telegram.

2. Legal Basis for Processing (GDPR)

We process data under the following legal bases:

  • Contractual necessity: Processing is necessary for delivering our services to you as outlined in our Terms of Service.
  • Legal obligations: Processing is necessary for compliance with legal obligations, such as fraud prevention, age verification, and responding to valid legal requests.
  • Consent: We obtain your explicit consent for processing adult content and related data practices. This consent is obtained through a clear and affirmative action when you sign up for each bot and accept our Terms of Service and Privacy Policy. This consent covers the processing of data related to the provision of adult content services, personalization of your experience, and data practices as described in this policy.

3. How We Use Your Data

We use your data for the following purposes:

  • Provide, personalize, and improve our AI services, enhancing user experience and content relevance.
  • Process payments and comply with financial regulations, including Anti-Money Laundering (AML) checks conducted via didit.me for creator payouts.
  • Respond to law enforcement requests and legal processes as required by applicable laws, such as the UK Investigatory Powers Act.
  • Send service updates, announcements, and relevant information related to Ruj.app. You can opt-out of non-essential service updates at any time.

4. Data Sharing

We may share your data with the following categories of recipients:

  • Service Providers: We share data with essential service providers who assist us in delivering our services, including payment processors, KYC vendors (didit.me), and cloud infrastructure and storage providers such as Amazon Web Services (AWS), Hetzner, Runpod, Digital Ocean, and Cloudflare . These providers operate under strict confidentiality agreements and are contractually obligated to protect your data in accordance with applicable data protection laws.
  • Legal Compliance: We may disclose data if required by law, legal process, or governmental request, including disclosures to UK courts, EU authorities, or other relevant legal bodies.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, user data may be transferred as part of the business transaction. You will be notified via Telegram channels or email if such a transfer occurs and provided with choices regarding your data.

5. Data Retention

We retain your data for the following periods:

  • Chat logs: Chat logs are retained for 1 year from the date of the conversation to meet legal hold obligations under the UK Online Safety Act and for content moderation purposes.
  • Account data: Account data is retained while your account is considered active. An account is considered active based on ongoing bot subscriptions and creator status. Upon your request to delete your account, we will process your request within 30 days and delete your non-essential account data, unless we are legally required to retain it for a longer period to comply with legal obligations.

6. Security Measures

We employ industry-standard technical and organizational safeguards to protect your data. We utilize a multi-layered security approach, including:

a. Technical Protections

  • Encryption: Chat logs and payment data are encrypted with AES-256 encryption both at rest and in transit. We also utilize end-to-end encryption for sensitive communications, such as KYC documents.
  • Access Controls: Access to user data is strictly limited to authorized personnel on a role-based access control basis.
  • Multi-factor authentication (MFA): We enforce multi-factor authentication for all internal systems to prevent unauthorized access.
  • Network Security: We implement firewalls, intrusion detection systems, and conduct regular vulnerability scans to protect our network infrastructure.

b. Operational Protections

  • Staff Training: All employees handling user data undergo annual privacy and security training to ensure awareness of data protection best practices.
  • Third-Party Audits: We conduct annual penetration testing and SOC 2 compliance checks by independent third-party auditors to assess and validate our security controls.
  • Data Minimization: We adhere to the principle of data minimization, only collecting and processing data that is essential for service delivery and specified purposes.

c. Incident Response

  • Breach Notification: In the event of a data breach, we will notify the relevant regulators (e.g., UK ICO) and affected users within 72 hours of discovering the breach, where legally required under applicable data protection laws.
  • Forensic Readiness: We maintain comprehensive logging systems to enable tracing of any unauthorized access or security incidents for forensic analysis and incident response.

d. Limitations & Commitment to Support

While we implement robust security measures, please be aware that no system is 100% secure.

We are not liable for breaches caused by:

  • User error, such as sharing Telegram credentials or neglecting account security best practices.
  • Vulnerabilities or breaches within third-party services, such as Telegram or didit.me, which are outside our direct control.

However, we are committed to assisting users as much as reasonably possible in case of security issues. We will investigate reported security concerns and work with third-party providers to address any identified vulnerabilities to maintain a secure environment for our users.

7. Your Rights (GDPR/UK DPA 2018)

Under the GDPR and UK Data Protection Act 2018, you have the following rights regarding your personal data:

  • Access/Portability: You have the right to request access to the personal data we hold about you and to receive a copy of your data in a structured, commonly used, and machine-readable format (data portability).
  • Rectification: You have the right to request the correction of any inaccurate or incomplete personal data we hold about you. For example, you can update your payment details through your account settings.
  • Deletion (Right to be Forgotten): You have the right to request the erasure of your personal data in certain circumstances. However, this right is not absolute and does not extend to chat logs which we are required to retain for legal compliance purposes.
  • Restriction of Processing: You have the right to request the restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to the processing.
  • Withdraw Consent: Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. This includes withdrawing consent for marketing communications or other non-essential processing.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days of receipt.

8. International Data Transfers

Your data is primarily stored in the UK and EU. However, please be aware that some of our third-party service providers, such as Telegram and payment processors, may operate globally and process data in locations outside of the UK and European Economic Area (EEA).

When transferring personal data outside the UK/EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), reliance on adequacy decisions issued by the European Commission or the UK government, or other legally recognized GDPR-compliant transfer mechanisms.

9. Age Restrictions

Our services are strictly for users aged 18 and above.

Creators are required to verify their age through KYC & AML checks conducted by didit.me

Users are required to declare that they are over 18 years of age by providing their birthday during the bot signup process. This birthday declaration serves as confirmation of their age for using our services.

We have a strict policy against underage access. If we suspect that a user is under the age of 18, we terminate the account immediately.

10. Third-Party Services

We rely on and integrate with the following third-party services:

  • Telegram: We utilize Telegram as our primary platform for user authentication and messaging. All user interactions occur through Telegram’s interface. We strongly advise you to review Telegram’s Privacy Policy, available at: https://telegram.org/privacy, to understand their data practices.
  • KYC Providers (didit.me): We use didit.me for identity and age verification purposes. Please be aware that didit.me’s processing of your data is governed by their own privacy policy, and we do not control their data practices. Please review didit.me’s Information security policy on this link: https://didit.me/terms/information-security
  • Image APIs: We utilize various third-party image generation APIs, including but not limited to: fal.ai, replicate.com, novita.ai, modelslab.com, openrouter.com, runpod.io, to generate images as part of our services. We disclaim any liability for the content generated by these services or for any data breaches that may occur on their platforms.

11. AI Content Disclaimer & Content Moderation

AI-generated content is produced based on user interactions and prompts and does not reflect the views or opinions of Ruj.app.

Users and creators are solely responsible for the content they generate and the interactions they have on the platform, even if generated by AI.

However, Ruj.app implements robust content moderation measures. We utilize both automated and manual filtering to detect and prevent the generation and distribution of illegal content, including but not limited to: Child Sexual Abuse Material (CSAM), non-consensual explicit material, hate speech, content promoting violence or gore, zoophilia or bestiality, pedophilia, necrophilia, rape, scat, drug abuse, and hacking activities.

We filter system prompts and user-generated content for prohibited words and phrases and employ third-party AI moderation services to assess and block inappropriate content. We also continuously monitor bot behavior to ensure compliance. Violations of our content policies will result in content removal, account suspension, and reporting to relevant authorities as required by law.

12. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or service offerings. We will notify you of any significant changes by posting a notice on our official Telegram channels and/or via email. For policy updates, please monitor our policy archive page.

Continued use of our services after 30 days following the notification of changes constitutes your acceptance of the updated Privacy Policy.

Prior versions of this Privacy Policy are archived and available for review here: https://ruj.app/policy-archives.

13. Contact Us

Data Protection Officer:

Lycia Creative LTD
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, UK
Email: [email protected]

For complaints or concerns regarding our data processing practices, you also have the right to contact the UK Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues:

Information Commissioner’s Office (ICO)
www.ico.org.uk

14. Governing Law

This Privacy Policy and any disputes arising out of or in connection with it are governed by and construed in accordance with the laws of England and Wales, and the UK Data Protection Act 2018 and UK GDPR.