Privacy Policy:

VIRL Privacy Policy

Effective Date: 05/01/2026 Last Updated: 04/28/2026

This Privacy Policy describes how Wooz Inc. ("Wooz," "we," "us," or "our"), a Delaware corporation with principal offices at 32 Willow Road, Menlo Park, CA 94025, United States, collects, uses, discloses, and protects information when you visit our website at virl.app (the "Site") or use the VIRL mobile application and related services (collectively, the "Service").

By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

1. Quick Summary

We've written this section so you can understand the essentials in 60 seconds. The full sections below are legally binding.

Camera, microphone, photos, contacts, and location are the inputs VIRL needs to work. We process them on your device when possible.

Auto-clips ("Receipts") are recorded as part of gameplay and shared with named friends you choose. We do not publish them to the public internet without your action.

Faces in group game frames are detected, not recognized. We use on-device computer vision to find faces in frames. We do not match faces to identities or build a biometric database.

You must be at least 13 to use VIRL. If you are under 18, your parent or guardian must consent.

You can ask us to delete your data at any time through in-app settings or by emailing privacy@virl.app.

California, Illinois, EU, and UK residents have specific rights described in Sections 12–15.

2. Information We Collect

2.1 Information You Provide Directly

Account information: name or chosen username, date of birth, email address, mobile phone number, profile photo or selected avatar.
School affiliation (optional): the school you select on our waitlist or in-app, used to populate school leaderboards.
User content: game scores, captured images and video clips ("Receipts"), gameplay results, messages you send to other users, reactions, and reports you submit.
Payment information: if you make in-app purchases, our payment processors (Apple App Store, Google Play, Stripe, or others) handle your payment details. We receive a transaction confirmation but not your full card number.

Communications: when you contact us at support@virl.app or through in-app support.

2.2 Information Collected Automatically When You Use the Service

Device information: device model, operating system version, unique device identifiers (IDFA, AAID where available and permitted), language settings, time zone.
Usage information: sessions, games played, scores, in-app navigation, features used, in-app purchases, push-notification interactions.
Network information: IP address, mobile network carrier, approximate location derived from IP (city / region level only unless you grant precise location permission).
Cookies and similar technologies on the Site: see Section 9.

2.3 Camera, Microphone, and Sensor Data

VIRL gameplay requires access to your device's camera and microphone. We access these sensors only while you have the app open and a game session is active.

Camera frames are processed on your device to score gestures (the 67 Game), detect faces in group captures (Hide from the Camera), and produce video clips of your gameplay (the Shooting Game's "kill cam"). Final video clips are stored in association with your account.
Microphone audio is recorded only during gameplay that uses voice input or that records audio alongside video. You can revoke microphone access at any time in your device settings, though this will limit functionality.
Motion sensors (gyroscope, accelerometer) may be used to enhance gameplay (for example, detecting a "scoping" motion in the Shooting Game). This data is processed on your device.

2.4 Face Detection (Not Facial Recognition)

In Hide from the Camera and certain other games, we use on-device computer vision to detect the presence and location of human faces within a captured frame so that the game can identify who is "visible." We do not:

  • generate, store, or share a biometric template, faceprint, or face geometry that uniquely identifies a person;

  • match faces against a database of known persons;

  • use face data for advertising or for any purpose other than the immediate gameplay function.

This processing occurs on your device. The bounding-box coordinates of detected faces are not transmitted off-device for identity-matching purposes.

2.5 Location Information

VIRL may use approximate (IP-based) location to populate school and city leaderboards and to schedule local-time events. With your explicit permission, VIRL may use precise location for proximity-based features such as verifying that two players were physically near each other (a requirement for certain Shooting Game features).

You can revoke location permission at any time in your device settings.

2.6 Contacts

If you grant contacts permission, VIRL will check which of your contacts have VIRL accounts so that we can suggest friends. We hash contact phone numbers and email addresses on your device before transmitting them to our servers, and we do not retain non-matching hashes for longer than necessary to complete the matching operation.

2.7 Information from Third Parties

  • Third-party sign-in: if you sign in with Apple, Google, or another third-party, we receive your name, email, and any other information you authorize that provider to share.

  • Analytics and attribution providers: we may receive information about how you discovered the Service (for example, which TikTok creator's content led to your install), via providers such as AppsFlyer, Adjust, or similar.

  • Splash Party Games: if you have an existing Splash account, we may receive limited account information to link the accounts at your direction.

3. How We Use Information

We use the information we collect to:

  1. Provide the Service — run gameplay, generate Receipts, deliver Receipts to recipients you specify, populate leaderboards, run events.

  2. Personalize the experience — recommend friends, suggest games, surface daily content.

  3. Communicate with you — send transactional notifications (a Receipt arrived, a streak is expiring, a friend joined), product announcements, and support responses.

  4. Process payments — facilitate in-app purchases through Apple, Google, or other processors.

  5. Improve the Service — debug, analyze usage patterns, A/B test new features.

  6. Keep the Service safe — detect harassment, abuse, spam, fraud, and policy violations; respond to user reports.

  7. Comply with law — respond to legal process; comply with COPPA, CCPA/CPRA, GDPR, UK GDPR, the UK Online Safety Act, and other applicable laws.

  8. Enforce our terms — investigate violations and take appropriate action.

We do not sell your personal information to third parties for monetary consideration. See Section 13 for disclosures relevant to "share" and "sale" under California law.

4. How We Share Information

4.1 With Other Users

  • Receipts and clips you create are shared with the named recipient(s) you choose. Recipients can save, react to, or block resharing of any Receipt sent to them.

  • Public profile elements (username, avatar, score history, school affiliation if selected, public leaderboard placement) are visible to other VIRL users.

  • Friend graph signals — which users have added each other — are visible to those users.

4.2 With Service Providers

We share information with vendors that help us run the Service, including cloud hosting (e.g., AWS), analytics (e.g., AppsFlyer, Adjust, Mixpanel), customer support tools, payment processors, push-notification infrastructure (e.g., Apple Push Notification service, Firebase Cloud Messaging), trust-and-safety vendors (e.g., for content moderation), and email service providers. These vendors are contractually limited to using your information only on our behalf.

4.3 With Affiliates

We may share information within the Wooz Inc. corporate group, including with Splash Party Games entities, for the purposes described in this Policy.

4.4 In Connection with a Corporate Transaction

If Wooz Inc. is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you (by email or in-app) before your information becomes subject to a different privacy policy.

4.5 For Legal Reasons

We may disclose information when we believe in good faith it is necessary to:

  • comply with a subpoena, court order, or other legal process;

  • enforce our Terms of Use;

  • protect the rights, property, or safety of Wooz, our users, or the public;

  • detect, prevent, or address fraud, abuse, or technical issues;

  • respond to a government request consistent with applicable law.

4.6 With Your Consent

We may share information for additional purposes if you give us specific permission.

5. Auto-Recorded Clips and User Content

VIRL gameplay automatically records short video clips ("Receipts") that capture your gameplay session and, in some games, the people you are playing with or have targeted in-game.

  • You retain ownership of the user content you create. By creating it on the Service, you grant Wooz a license to process, host, and deliver it as described in our Terms of Use.

  • Recipients have a 60-second veto window on Receipts sent to them before public-share buttons activate. If a recipient blocks resharing, the Receipt cannot be posted to TikTok, Instagram, or other public platforms through VIRL's share flow.

  • Faces of bystanders who are not signed-in VIRL participants in a game session are blurred via on-device computer vision before the captured image is processed for game logic.

  • You can delete your Receipts at any time from the in-app Receipts inbox.

6. Children and Teens

6.1 Minimum Age

You must be at least 13 years old to create a VIRL account. If you are under 13, do not use VIRL or provide any information to us.

6.2 Users Under 18

If you are between 13 and 17, your parent or legal guardian must consent to your use of VIRL. We may require verifiable parental consent depending on your jurisdiction.

For users under 18, the following protective defaults are applied automatically:

  • Receipts default to "mutual friends only";

  • Public clip-sharing is off by default;

  • Push notifications are limited in frequency;

  • Algorithmic discovery features for users under 16 are limited or disabled;

  • Targeted advertising is disabled.

6.3 Parental Rights and COPPA

If we learn we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly. Parents who believe a child under 13 may have created a VIRL account can contact us at privacy@virl.app to request deletion.

[REVIEW WITH COUNSEL: COPPA Rule compliance, including the Safe Harbor program and verifiable parental consent flows. Confirm whether VIRL needs to register a COPPA-compliant identification process for any feature that could be considered targeted at under-13 users.]

6.4 UK Online Safety Act

If you are a UK resident, see Section 15 for additional rights and protections, including age-assurance requirements applicable to UK users.

7. Your Choices

You control your privacy through:

  • In-app privacy settings — adjust who can send you Receipts, who can target you in games, and what information is visible on your profile.

  • Device permissions — revoke camera, microphone, photos, contacts, location, or notification permissions in your device settings at any time. Some features will not function if you do.

  • Push notifications — turn off categories of notifications in app settings or device settings.

  • Marketing communications — unsubscribe from marketing emails through the link in each email.

  • Account deletion — delete your account at any time in the in-app settings or by emailing privacy@virl.app. Deletion is final and removes your data within 30 days, subject to legal retention requirements.

8. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy, including:

  • Account data — for as long as your account is active.

  • Receipts and gameplay clips — until you delete them or close your account, whichever is sooner.

  • Transaction records — for 7 years after a transaction (US tax law).

  • Trust-and-safety records (e.g., investigation files for harassment reports) — up to 24 months, or longer if required by law.

  • Backups — purged on a rolling 90-day cycle.

After account deletion, we may retain anonymized or aggregated data that cannot be linked back to you.

9. Cookies and Similar Technologies (Site)

The Site at virl.app uses cookies and similar technologies for:

  • Strictly necessary functionality (session management, security);

  • Analytics (understanding how visitors use the Site);

  • Marketing (measuring the effectiveness of ads).

You can manage cookies through your browser settings or our cookie banner where displayed. The Site responds to Global Privacy Control (GPC) signals where applicable.

10. Security

We use commercially reasonable technical, administrative, and physical safeguards to protect personal information. These include encryption in transit (TLS), encryption at rest for sensitive fields, access controls, vendor-management procedures, and incident-response procedures.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at security@virl.app.

11. International Data Transfers

Wooz Inc. is headquartered in the United States. If you access VIRL from outside the US, your information will be transferred to and processed in the US and other countries that may have different data-protection laws than your home country.

For transfers from the European Economic Area, the UK, and Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, the UK International Data Transfer Addendum.

12. Your Rights — All Users

Depending on where you live, you may have rights to:

  • Access the personal information we hold about you;

  • Correct inaccurate information;

  • Delete your information;

  • Export your information in a portable format;

  • Object to certain processing;

  • Withdraw consent for processing based on consent.

To exercise any right, email privacy@virl.app or use in-app privacy controls. We may need to verify your identity. We will respond within the time periods required by applicable law.

You may also designate an authorized agent to make a request on your behalf.

13. California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act as amended by the CPRA gives you specific rights:

  • Right to know what personal information we collect, use, share, and sell or share for cross-context behavioral advertising.

  • Right to delete personal information.

  • Right to correct inaccurate personal information.

  • Right to opt out of "sale" or "sharing" of personal information.

  • Right to limit use of sensitive personal information.

  • Right to non-discrimination for exercising your rights.

Categories of personal information collected in the past 12 months: identifiers; commercial information; internet/network activity; geolocation; audio, electronic, visual, or similar information; inferences. Sources, purposes, and recipient categories are described in Sections 2–4 above.

"Sale" / "Share" — We do not sell personal information for monetary consideration. We may "share" personal information with advertising partners as that term is defined under the CPRA. You can opt out at privacy.virl.app/do-not-share or via the "Do Not Sell or Share My Personal Information" link in our Site footer.

Sensitive personal information — We use sensitive personal information (such as precise geolocation when you grant it) only for purposes permitted by Cal. Civ. Code § 1798.121.

To submit a request, email privacy@virl.app or use the in-app form. To verify your identity, we may ask you to confirm information already on file.

14. Illinois Residents (BIPA)

VIRL does not knowingly collect, capture, store, or use biometric identifiers or biometric information as those terms are defined under the Illinois Biometric Information Privacy Act (740 ILCS 14). VIRL's face-detection processing occurs on your device, identifies the presence of faces only (not the identity of any person), and does not generate, retain, or share a biometric template, faceprint, or scan of face geometry.

[REVIEW WITH COUNSEL: This is the BIPA defense. Confirm SDK-by-SDK that the on-device-only / no-template claim is accurate. If any third-party CV library generates a template or transmits identifiable face data, this section must be revised and a BIPA written consent flow added.]

15. UK and EEA Residents (UK GDPR, EU GDPR, Online Safety Act)

If you live in the UK or EEA, the UK General Data Protection Regulation or EU General Data Protection Regulation applies to our processing.

  • Controller: Wooz Inc., 32 Willow Road, Menlo Park, CA 94025, US.

  • EU/UK Representative: [REVIEW WITH COUNSEL — appoint an Article 27 representative if processing is at scale].

  • Lawful bases: contract performance (providing the Service), consent (for marketing, optional permissions), legitimate interests (security, fraud prevention, product improvement), and legal obligation.

  • Rights: access, rectification, erasure, restriction, portability, objection, and (where consent is the basis) withdrawal of consent. You can also lodge a complaint with your local data-protection authority. In the UK, this is the Information Commissioner's Office (ICO).

  • Automated decision-making: we do not engage in solely automated decision-making with legal or similarly significant effects.

UK Online Safety Act: VIRL takes UK Online Safety Act compliance seriously. UK users may be required to complete age assurance before accessing certain features. Children's risk assessments are conducted in accordance with Ofcom guidance.

16. Do Not Track

We do not respond to "Do Not Track" browser signals because there is no industry standard. We do honor Global Privacy Control (GPC) signals as required by California law.

17. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated by email, in-app notice, or a prominent notice on the Site at least 30 days before they take effect. The "Last Updated" date at the top reflects the most recent version.

18. Contact Us

For privacy questions, exercise of rights, or any other concerns:

  • Email: privacy@virl.app

  • Mail: Wooz Inc. - Privacy, 32 Willow Road, Menlo Park, CA 94025, USA

  • DPO / EU Representative: TBD

For security incidents: security@virl.app - For abuse and trust-and-safety reports: safety@virl.app

Go Back Home

Go Back Home