Last updated: 18/12/2025

1. Who we are

Rotadeck (“we”, “us”, or “our”) operates the website and SaaS product at rotadeck.com.

• Product name: Rotadeck
  
• Rotadeck is currently operated by its founders
  
• Website: rotadeck.com
  
• Contact email for GDPR related matters: privacy@rotadeck.com

We are the data controller for personal data processed through our service.

2. What personal data we collect

We may collect and process the following personal data:

• Account data: name, email address, login credentials
  
• Usage data: actions taken within the product, feature usage
  
• Technical data: IP address, browser type, device information
  
• Support data: messages you send us via email or support tools
  

3. Why we collect your data (legal basis)

We process personal data based on:

• Contractual necessity – to provide and operate the service
  
• Consent – for analytics and optional cookies
  
• Legitimate interest – to improve security, performance, and customer support
  
• Legal obligation – accounting and tax requirements
  

4. How we use your data

We use your data to:

• Create and manage user accounts
  
• Provide and maintain the service
  
• Improve our product and user experience
  
• Respond to support requests
  
• Ensure security and prevent abuse
  

5. Cookies and tracking

We use cookies that are strictly necessary for the service to function.
With your consent, we may also use analytics cookies to understand how our service is used.

You can manage your cookie preferences at any time via our cookie banner or settings.

6. Data sharing and processors

We only share personal data with trusted third-party processors, including:

• Hosting provider: OVHCloud
• Email service provider: Resend
• Analytics provider (if enabled): Google Analytics
• SMS sending provider: Twilio

All processors act under a Data Processing Agreement (DPA) and only process data on our instructions.

7. International data transfers

If personal data is transferred outside the EU/EEA, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs).

8. Data retention

We keep personal data only as long as necessary:

• Account data: for the duration of the account
  
• Billing data: as required by law
  
• Logs and analytics: limited retention periods
  

You may request deletion at any time (see Section 9).

9. Your GDPR rights

You have the right to:

• Access your personal data
  
• Correct inaccurate data
  
• Request deletion (“right to be forgotten”)
  
• Restrict or object to processing
  
• Withdraw consent at any time
  
• Request data portability
  

To exercise these rights, email: privacy@rotadeck.com

10. Data security

We use appropriate technical and organizational measures, including encryption, access controls, and secure hosting, to protect your data.

11. Complaints

If you believe your rights have been violated, you may lodge a complaint with your local supervisory authority.

12. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.