Worldwise

Privacy Policy

Effective 15 July 2026. This policy applies to the Worldwise iOS app, Worldwise services, emails, websites, support channels, APIs, and related features (together, the “Service”). Worldwise is operated by Daniel Slater under the Kelaros product family (“Worldwise”, “Kelaros”, “we”, “us”, or “our”).

This policy is deliberately comprehensive so it can cover features that are available only to some users, are controlled by release configuration, or are introduced as the Service evolves. We collect a category only when the relevant feature, permission, transaction, or interaction requires it. We will provide additional notice or obtain consent when applicable law requires it.

1. Information we collect

Account and authentication information

We collect information you provide when creating, accessing, or maintaining an account, such as email address, display name, username, password-derived hash and salt, authentication provider identifier if an optional provider is offered, login and one-time-code records, account status, and security timestamps. We do not store your plain-text password.

Learning and gameplay information

We collect progress, course and lesson state, exercise outcomes, knowledge estimates, answers and bounded performance signals, streaks, XP, league and tournament participation, achievements, quests, learning goals, practice history, map and content interactions, hearts state, virtual currency, rewards, inventory, cosmetics, profile presentation, and related event timestamps. We may derive recommendations, difficulty, review priority, or learning-path placement from this information.

Purchase and entitlement information

Apple processes payment credentials. We receive and store the minimum StoreKit and App Store Server information needed to validate and administer access, such as product identifier, transaction and original-transaction identifiers, purchase, renewal, expiry, revocation and environment facts, entitlement state, subscription status, server-notification identifiers, and Family access state. We do not receive your full card number or Apple Account password.

Social, profile, safety, and Family information

We collect friend and follow relationships, searches, referrals, invitations, public profile fields, equipped profile style, league placement, achievements selected for display, activity events, reactions, friend streaks, Friend Quest participation, Family invitations and membership, block lists, reports, moderation state, and associated timestamps. Depending on the feature, your display name, username, profile style, selected achievements, activity, reaction, XP, or ranking may be visible to other users. Family rosters expose only the limited information needed to manage membership, such as display name, username, role, and access status; they do not expose members’ email addresses, purchase histories, balances, or detailed learning records.

Device, installation, network, and technical information

We and our infrastructure providers may process a random first-party installation identifier, app version, operating-system and device characteristics, language, time zone, notification settings, push token, request metadata, IP address, user agent, coarse region inferred by infrastructure, crash or diagnostic information, performance measurements, and security or fraud signals. The installation identifier is not Apple’s advertising identifier and is not designed for cross-company tracking.

Communications and support

We collect support messages and attachments you send, survey or feedback responses, consent choices, notification and email preferences, unsubscribe state, delivery events, and records reasonably needed to respond, prevent abuse, or document a request.

Analytics, attribution, and sharing

With consent where required, we may collect product interactions, onboarding answers, acquisition or referral source, paywall and checkout steps, bounded error categories, share-card type, broad share channel, and conversion events. Native sharing does not give us the recipient, message contents, destination account, or extension identifier. A signed-in share link may contain a random first-party identifier used to measure aggregate install, signup, and onboarding conversion.

Advertising information

If advertising is enabled for an eligible account, Google Mobile Ads and Google’s consent tools may process device, request, consent, ad-delivery, interaction, diagnostic, and approximate-location information as described by Google. Worldwise is configured to request age-appropriate, non-personalized treatment and does not request App Tracking Transparency permission or intentionally use IDFA for cross-app tracking. For reward verification and revenue reconciliation, we may store a random reward-session identifier, Worldwise account identifier, provider transaction or response identifier, ad unit, placement, format, reward, status, estimated publisher value, currency, precision, and timestamps. Ad availability is controlled remotely and may be disabled.

Sensitive information and device permissions

Worldwise is not designed to collect health, biometric, financial-account, government-identifier, precise-location, contacts, microphone, or camera data. If a future feature requires a sensitive category or protected permission, we will provide an appropriate prompt and update our disclosures before using it.

2. How we collect information

We collect information directly from you; automatically when you use the Service; from Apple, authentication providers, advertising or analytics providers when their features are used; from another user when they invite, follow, report, or include you in a Family or social feature; and from service providers that help us operate, secure, measure, support, or communicate about the Service.

3. How we use information

We may use information to provide, personalize, maintain, synchronize, and improve the Service; authenticate users; calculate progress and learning recommendations; administer subscriptions, Family access, rewards, virtual items, leagues, social and safety features; send requested service communications; send optional marketing or return reminders with consent; provide support; perform analytics; attribute referrals; prevent duplicate rewards, fraud, abuse, cheating, security incidents, and payment or entitlement errors; enforce our terms; comply with law; establish or defend legal claims; conduct audits and business planning; and develop, test, or launch new or replacement features compatible with the Service.

Where applicable, our legal bases include performing our contract with you, pursuing legitimate interests that do not override your rights, complying with legal obligations, protecting vital interests, and your consent. You may withdraw consent prospectively, but withdrawal does not affect processing already carried out lawfully.

4. Automated systems

Worldwise uses rules, statistics, and automated processing to recommend lessons, estimate knowledge, adapt difficulty, schedule review, calculate rankings and rewards, reconcile entitlements, detect suspicious referral or reward activity, enforce rate and replay limits, and prioritize safety or operational events. These systems support the Service and are not intended to make legal or similarly significant decisions about you. You may contact us to ask about a result or request human review where applicable law provides that right.

5. When we disclose information

We may disclose information:

We may use and disclose aggregated or de-identified information that cannot reasonably identify you. We require recipients not to attempt re-identification where appropriate.

6. No sale or cross-context behavioural advertising

Worldwise does not sell personal information for money and does not use personal information for cross-company behavioural advertising. If our practices materially change, we will update this policy, make required App Store disclosures, and provide any legally required notice, consent, or opt-out mechanism before the change applies.

7. International processing

Worldwise is operated from Australia, while providers may process information in Australia, the United States, the European Economic Area, and other countries where they or their subprocessors operate. Privacy laws may differ from those where you live. We use provider agreements and other safeguards appropriate to the transfer and remain responsible for our own handling under applicable law.

8. Retention

We retain information for as long as reasonably necessary for the purposes described above, including while your account is active. Retention varies by category, sensitivity, feature, operational need, dispute, fraud risk, legal requirement, and backup cycle. Unlinked installation records are designed to expire after 90 days. Short-lived export sessions expire automatically. Security, transactional, tax, accounting, dispute, fraud-prevention, or legal records may be retained longer where reasonably necessary or required. Aggregated or irreversibly de-identified information may be retained indefinitely.

Account deletion removes associated active-service records according to our deletion workflow. Limited residual copies may persist temporarily in encrypted backups, provider logs, or disaster-recovery systems until overwritten or aged out, generally within 90 days unless law, safety, fraud prevention, or an unresolved claim requires longer retention.

9. Your choices and rights

Settings lets you make your profile private, leave public Leaderboards, control optional analytics, notifications, optional email, applicable advertising consent, data export, subscription restoration, and account deletion. Private profiles are removed from public discovery and current competition while learning progress, purchases, total XP, and completed historical results remain on the account. Depending on where you live, you may also have rights to access, correct, delete, restrict or object to processing, receive portable data, withdraw consent, opt out of certain sharing or marketing, and complain to a regulator. We may verify identity, request clarification, apply lawful exceptions, and retain a minimal record of the request. See Privacy Choices.

10. Children and families

Worldwise is a general-audience educational service and is not offered as an Apple Kids Category app. It is not intended for independent account creation by a child under 13 or under the applicable digital-consent age. A parent or legal guardian must authorize and supervise use by a child who cannot consent for themselves. We do not knowingly collect personal information from such a child without legally sufficient authorization. If you believe a child has provided information without appropriate authorization, contact us so we can investigate and delete or restrict it. See Children and Families.

11. Security

We use technical and organisational measures designed to protect information, including encrypted transport, restricted credentials, hashed passwords, scoped tokens, provider access controls, rate limits, replay protection, and deletion controls. No service can guarantee absolute security. You are responsible for safeguarding your credentials and should contact us promptly if you suspect misuse. See Security.

12. Third-party services and links

Apple, Cloudflare, Google, PostHog, authentication providers, and external links operate under their own terms and privacy policies. Their independent processing is governed by those policies. Worldwise is not responsible for a third-party site or service that we do not control.

13. Changes to this policy

We may update this policy as the Service, providers, law, or our practices change. We will publish the revised policy here, update the date, and provide additional notice or seek consent when required. Continued use after an update takes effect constitutes acknowledgement of the revised policy to the extent permitted by law.

14. Contact and complaints

For privacy questions, requests, or complaints, contact support@worldwise.app. Describe your concern and the account or email involved. We will investigate and respond within a reasonable period. Australian users may also contact the Office of the Australian Information Commissioner; users elsewhere may contact their local data-protection authority.