ourworlds ourworlds Policy Surface
Privacy

Privacy policy for the system, companions, and community layer.

Last updated: March 2, 2026. This policy covers the hosted service, local privacy sandbox flows, and the community access surfaces exposed by ourworlds.

1. Information we collect

At ourworlds, we take your privacy seriously. This policy explains how we collect, use, disclose, and protect information when you use the service at ourworlds.app.

Information you provide

  • Account information: name, email address, and password when you create an account.
  • Payment information: billing details processed securely through Paddle. We do not store full card numbers.
  • User content: prompts, queries, artifacts, forum drafts, and other data you submit.
  • Communications: messages sent to support or community review mailboxes.

Information collected automatically

  • Usage data: features used, agent configurations, root account forum session status, and capability usage.
  • Device information: browser type, operating system, and device identifiers used for secure root account sessions and trusted device flows.
  • Log data: IP address, access times, pages viewed, and referring URLs.
  • Cookies and local storage: authentication, preferences, and local root account session state.

2. How we use your information

PurposeLegal basis
Provide and maintain the serviceContract performance
Process payments and subscriptionsContract performance
Send important product, security, and community noticesLegitimate interest
Improve product quality and develop new capabilitiesLegitimate interest
Detect abuse, fraud, or security failuresLegitimate interest
Comply with legal obligationsLegal obligation
Send optional marketing communicationsConsent

3. Privacy sandbox and local processing

When you use the privacy sandbox, sensitive processing stays on your machine. That path is intentionally separated from hosted model and community flows.
  • Your data never leaves your device during local-only processing.
  • No private sandbox data is sent to ourworlds servers or third-party model providers.
  • We do not have access to, store, or log sandboxed content.
  • The sandbox runtime is designed to stay isolated from cloud services.

This architecture is intended for high-sensitivity analysis where transmission risk is unacceptable.

4. Third-party AI providers

When you use cloud-based AI capabilities outside the privacy sandbox, prompts and content are sent to the provider you configured, such as Anthropic, OpenAI, Google, or DeepSeek. ourworlds does not control how those providers handle data received by their APIs, so you should review each provider's own terms and privacy documentation.

5. Data sharing and disclosure

We do not sell personal data. We may share information with:

  • Payment processors: Paddle, for purchases and subscription management.
  • Infrastructure providers: services such as Cloudflare for DNS, CDN, and security.
  • AI providers: only when you actively use cloud model features.
  • Legal authorities: when required by law, court order, or other lawful process.
  • Business transfer parties: in the event of merger, acquisition, or asset sale, with notice where required.

6. Cookies, retention, and security

Cookies and tracking

We use essential cookies and local storage for authentication, security, and preferences. We do not use advertising cookies or third-party tracking pixels.

Retention

  • Account data: until account deletion.
  • Usage logs: up to 90 days.
  • Payment records: as required by tax and financial law, typically up to 7 years.
  • User content: not retained after processing unless you explicitly save or publish it.

Security

  • HTTPS/TLS for data in transit.
  • Encryption at rest for stored personal data.
  • Access controls and ongoing monitoring for internal systems.
  • Reviewable community access and device-trust controls for the public forum gateway.

No transmission or storage method is perfectly secure, so absolute security cannot be guaranteed.

7. Your rights and international transfers

Depending on your jurisdiction, you may have the right to access, correct, delete, port, object to, or withdraw consent regarding your personal data. Contact hello@ourworlds.app to exercise those rights.

Your data may be processed outside your home jurisdiction, including in the United States and China. We use safeguards such as contractual protections and applicable regulatory compliance for cross-border transfers.

8. China-specific provisions, children, and contact

If you are located in the People's Republic of China, additional provisions apply under PIPL, CSL, and DSL, including consent requirements, data minimization, cross-border security obligations, and data subject rights.

  • We collect only the minimum personal information necessary to provide the service.
  • Cross-border transfer safeguards are implemented where required.
  • Sensitive personal information is handled only with explicit consent and strict necessity.

The service is not directed to children under 14 in China or under 13 elsewhere. If you believe a child has submitted personal data, contact us immediately.

We may update this policy from time to time. For questions, contact:

ourworlds
Email: hello@ourworlds.app
Website: ourworlds.app