Privacy Policy

Last updated: May 20, 2026

Wollice (the "Service") is an app and website for maintaining a personal media library of games, movies, books, and other collections. This policy describes what data we collect, how we use it, whom we share it with, and how we protect it.

1. Data We Collect

When you register and use the Service, we may receive:

• Email address and name (when signing in via Google OAuth)
• Username and avatar you set in your profile
• Your collection data: games, movies, books, custom cards, travels - including ratings, statuses, comments, notes, added photos and covers
• App settings: theme, icon style, language, privacy settings, active tabs, library visibility
• Your chats with the AI bot: your messages, persona descriptions, "memories" - facts about you that you asked the bot to remember, and AI response reports if you submit them
• Wollice Plus subscription data: status, expiration date, purchase and restore data through Google Play Billing
• Technical data: IP address (in server logs), browser version, device type
• Analytics and diagnostic data: app open, sign-in and sign-up events, authentication errors, app instance ID, IP address, approximate location, and device information

2. How We Use Data

• To operate the Service: storing and displaying your collections, syncing across devices
• For authentication and account identification
• For the friends feature and viewing their libraries (if they allowed it)
• For the AI bot: generating responses using your collection context and your "memories", and processing reports about unsuitable AI responses
• For improving the Service and diagnosing errors
• For processing Wollice Plus subscriptions through Google Play Billing
• For app usage analytics, sign-up and sign-in diagnostics, app diagnostics and usage analytics

3. Where and How Data Is Stored

Your collection data, profile, and bot chats are stored in the Supabase cloud database (servers in EU/US). Table access is protected by Row Level Security (RLS) - each user sees only their own data, unless they have allowed otherwise in privacy settings. Passwords are hashed by Supabase; we do not have access to them. On your device, the app stores a local copy of some data (IndexedDB, localStorage) for fast offline operation: session token, selected themes, language, library cache, saved account list. This data is cleared when you sign out.

4. Third-Party Data Sharing

We do not sell your personal data. To operate the Service, data is processed by the following partners:

• Google (google.com/privacy) - for Google OAuth sign-in; for Google Play Services on Android
• Firebase Analytics / Google Analytics for Firebase (policies.google.com/privacy) - for app usage analytics, sign-up and sign-in diagnostics, app diagnostics and usage analytics. These services may process app events, app instance ID, IP address, approximate location, device information, and technical diagnostic data
• Google AI (Gemini) (policies.google.com/privacy) - when you send a message to the AI bot, your text plus context (card titles from your library, ratings, persona name, "memories") is transmitted to the Google Gemini API for response generation. AI responses may be inaccurate. You can report unsuitable AI responses directly in the app
• Cloudflare (cloudflare.com/privacypolicy) - intermediate proxy for requests to Gemini API
• Supabase (supabase.com/privacy) - database and file storage provider
• Vercel (vercel.com/legal/privacy-policy) - website and server function hosting (account deletion, OG previews for share links)
• TMDB (themoviedb.org) - source of movie and TV series data (titles, posters). TMDB receives your search queries but does not receive your account or personal data
• Wikipedia / Wikidata (wikipedia.org) - source of data about games, books, travel locations. Wikipedia receives your search queries
• Google Play Billing - used to process Wollice Plus subscriptions. Payment data is processed directly by Google; we do not see or store bank card data

5. Cookies and Local Storage

The Service uses localStorage, sessionStorage, and IndexedDB in your browser to store the session, theme, language, your library cache, and the saved account list. In the Android app, we use Firebase Analytics / Google Analytics for Firebase and related Google services for analytics, sign-up and sign-in diagnostics, app diagnostics and usage analytics. We do not sell your personal data.

6. Your Rights

Under GDPR (for EU residents), CCPA (for California residents), and similar laws, you have the following rights:

• Right to access your data
• Right to correct inaccurate data (via profile settings)
• Right to delete data ("right to be forgotten") - via the "Delete account" button in profile settings
• Right to data portability - you may request an export by writing to support@wollice.com
• Right to restrict processing
• Right to object to processing
• Right to lodge a complaint with the data protection authority in your country
• Right to withdraw consent at any time

7. Data Deletion

You can delete your account and all associated data directly in the app: Profile → Delete account. After deletion: data is removed from the main database immediately; Supabase backups may retain data for up to 30 days before being overwritten. Restoration is not possible. If you uninstalled the app but want to delete your account, write to support@wollice.com from the account email - we will delete it manually within 7 days.

8. Security

We apply standard security measures: HTTPS encryption of all traffic, database protection via RLS, password hashing, OAuth 2.0 for Google sign-in. Nevertheless, no system can guarantee absolute security; we recommend using a unique password for Wollice.

9. Children

The Service is not intended for individuals under 13 years of age. We do not knowingly collect personal data from children under 13 and do not target this audience. If we learn that a child under 13 has provided us data without parental consent, we will delete it. For concerns: support@wollice.com

10. International Data Transfer

Your data may be transferred and processed in countries outside your country of residence (in particular, US and EU - where our partners Supabase, Vercel, Google, and Cloudflare are located). All our partners comply with GDPR requirements and use standard contractual clauses for international data transfer.

11. Policy Changes

We may update this policy. The current version is always available at wollice.com/privacy.html. The last update date is shown at the top of the document. We will notify you in the app of significant changes.

12. Contact

For privacy questions and to exercise your rights: support@wollice.com