Rollen (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Rollen mobile and web applications (collectively, the “Service”).
1. Information We Collect
We collect information in three ways: (1) information you provide directly; (2) information collected automatically; and (3) information from third-party services.
1.1 Information You Provide
- Account Information: username, email address, optional profile photo.
- Content Data: photos, journal text, GPS coordinates, route recordings, and any other content you upload or share.
- Communications: feedback, support requests, or survey responses.
1.2 Information Collected Automatically
- Device Information: device model, OS version, unique device identifiers, and mobile network information.
- Log Data: IP address, crash logs, system activity, and the date/time stamps associated with your usage.
- Usage Data: features used, time spent, and interaction patterns (anonymized where possible).
- Location Data: precise GPS only when you explicitly grant location permission; coarse location derived from IP address when permission is denied.
1.3 Information from Third-Party Services
When you choose to connect Apple Sign-In, Google Sign-In, or share content to social media, we receive basic profile information (name, email) as permitted by those services and your settings.
2. How We Use Your Information
| Purpose |
Categories of Data |
Legal Basis (EEA) |
| Provide core features (cards, journal, AI ID) |
Account, Content, Location (optional) |
Contract Performance |
| Improve & debug the Service |
Device, Log, Usage |
Legitimate Interest |
| Send push notifications or emails you opt into |
Account, Preferences |
Consent |
| Comply with legal obligations |
All categories if required by law |
Legal Obligation |
3. Data Retention
- Account Data: retained until you delete your account.
- Content Data: retained until you delete the specific content or your account.
- AI Scan Thumbnails (Cloud Mode): deleted within 24 hours.
- Log & Device Data: aggregated or deleted after 90 days, except where longer retention is required for security or legal reasons.
4. Sharing & Disclosure
We never sell your personal data. We only share information as described below:
- Service Providers: cloud hosting (AWS), analytics (Firebase), crash reporting (Sentry) under strict data-processing agreements.
- Conservation Partners: anonymized, aggregated species-sighting data shared with universities and NGOs for biodiversity research.
- Legal Requirements: when necessary to comply with a subpoena, court order, or similar legal obligation.
- Business Transfers: in connection with a merger, acquisition, or sale of assets (users will receive notice).
5. International Data Transfers
If you are located outside the United States, your data will be processed on U.S.-based servers. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.
6. Security Measures
- TLS 1.3 encryption in transit; AES-256 at rest.
- Role-based access controls and annual penetration testing.
- Regular security training for staff.
7. Your Rights & Choices
- Access & Portability: download an archive of your data in Settings → Data Export.
- Rectification: edit profile or journal entries at any time.
- Erasure: delete your entire account via Settings → Account → Delete Account.
- Restrict Processing: disable cloud AI scanning or opt out of analytics in Settings → Privacy.
- Object to Processing: contact naturaljorneyro11@outlook.com.
8. Children’s Privacy
Rollen is not directed to children under 13. If we learn that a child under 13 has provided personal data without parental consent, we will delete such data promptly.
9. Third-Party Links & Services
The Service may contain links to external sites or integrate third-party SDKs (e.g., maps). We are not responsible for the privacy practices of those third parties; we encourage you to review their policies.
10. Changes to This Policy
We will notify you of material changes via in-app banner or email at least 30 days in advance. Continued use after the effective date constitutes acceptance.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact: