Legal

Privacy Policy

Last updated: 5 June 2026

This policy explains what personal data RollKind collects, why, the legal bases we rely on, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR) and equivalent laws.

1. Who is responsible for your data

RollKind is operated by its founder, who is the data controller for the personal data described here. You can reach us about privacy at [email protected]. We have not appointed a Data Protection Officer because we are not legally required to; the contact above handles all privacy matters.

2. The data we collect

Data you give us

  • Account data — name, email address, password (stored only as a secure hash), and authentication identifiers (for example, a Google sign-in identifier).
  • Content and inputs — the prompts, briefs, onboarding answers, persona details, and other material you submit, and the content the Service generates for you.
  • Connected-platform data — access tokens and related identifiers for third-party platforms you choose to connect (for example X, Reddit, LinkedIn, Google), and the content you act on through them.
  • Support and communications — messages you send us.

Data we collect automatically

  • Technical and usage data — IP address, device and browser information, log data, timestamps, and how you interact with the Service, used for security, abuse-prevention, and reliability.
  • Strictly-necessary cookies — see our Cookie Policy. We do not use advertising or third-party tracking cookies.

3. Why we use your data, and our legal bases

PurposeLegal basis (GDPR Art. 6)
Create and operate your account; provide the Service and its featuresPerformance of a contract
Generate content and run the connections/automations you requestPerformance of a contract
Secure the Service, prevent fraud and abuse, keep audit logsLegitimate interests (keeping the Service safe)
Improve and debug the ServiceLegitimate interests (improving our product)
Send service and security emails (e.g. confirmation, password reset)Performance of a contract / legitimate interests
Comply with legal obligations and respond to lawful requestsLegal obligation
Anything we ask your specific permission forConsent (which you may withdraw at any time)

4. AI processing of your content

To generate content, your inputs (and relevant context such as persona and audience data) are sent to AI model providers that process them on our behalf to return a result. We pass only what is needed to perform the request. We do not sell your content, and we do not use it to serve third-party advertising. Before content is stored or reused as context, it passes through input-safety checks designed to strip hidden or malicious instructions.

5. Who we share data with (processors)

We do not sell your personal data. We share it only with service providers (“processors”) who process it on our behalf under contract, and with third parties where you direct us to (for example, the platforms you connect). Categories of processors include:

  • AI model providers — to generate content from your inputs.
  • Authentication providers — for example Google sign-in, if you use it.
  • Email/delivery providers — to send service emails.
  • Hosting and database providers — to run and store the Service.
  • Third-Party Platforms you connect — to perform the actions you request on them.

We may also disclose data where required by law, to enforce our terms, or to protect the rights, safety, and security of our users or others.

6. International transfers

Some processors may be located outside the EU/EEA. Where personal data is transferred outside the EU/EEA, we rely on an appropriate safeguard under the GDPR — typically the European Commission’s Standard Contractual Clauses or an adequacy decision — so that your data continues to receive an equivalent level of protection. You can ask us for more information using the contact details above.

7. How long we keep your data

We keep personal data only as long as necessary for the purposes above. Account and content data are kept while your account is active and for a reasonable period afterwards; we delete or anonymise data when it is no longer needed, subject to legal retention requirements. Security and short-lived tokens are retained only briefly. You can ask us to delete your account and associated data at any time.

8. Your rights

Subject to the conditions in applicable law, you have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • erase your data (“right to be forgotten”);
  • restrict or object to certain processing, including processing based on legitimate interests;
  • data portability (receive your data in a portable format);
  • withdraw consent at any time, where processing is based on consent; and
  • lodge a complaint with a supervisory authority.

To exercise any of these rights, email [email protected]. We will respond within the timeframe required by law (normally one month). You also have the right to complain to the data protection authority in your EU/EEA country of residence or work.

9. Automated decision-making

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. The Service generates content suggestions, but you decide what to do with them.

10. Security

We use technical and organisational measures to protect your data, including encryption in transit, hashed passwords, scoped and short-lived access tokens with instant revocation, rate limiting, input-injection defences, and access controls. No system is perfectly secure, but we work to protect your data and to respond promptly to incidents.

11. Children

The Service is not intended for anyone under 18, and we do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. We will change the date above and, for material changes, take reasonable steps to notify you. Your continued use of the Service after an update means you have read the revised policy.

13. Contact

For any privacy question or request, email [email protected].

See also: Terms of Service · Cookie Policy · Acceptable Use Policy