← Back to Roll

Privacy Policy

Effective Date: March 5, 2026

Roll ("we," "our," or "us") operates the Roll mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

We take your privacy seriously. Roll is built on the principle of intentional, minimal data collection. We only collect what's necessary to make the app work.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address (or Apple ID / Google account identifier)
• Display name
• Username
• Profile photo (optional)
• Short bio (optional)

Photos

When you take photos using Roll, we store:

• The photo image file
• A compressed thumbnail
• Metadata: timestamp, camera position (front/back), and week identifier

We do not collect or store EXIF data, GPS location, or any other device sensor data from your photos.

Usage Data

We collect anonymous usage data to improve the app:

• App opens and screen views
• Feature usage (photos taken, grids posted)
• Crash reports and error logs
• Device type and operating system version

Social Data

• Friend connections (mutual only)
• Appreciates sent and received
• Published photo grids visible to friends

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the App
• Create and manage your account
• Store and deliver your photos to you and your friends
• Enable social features (friend connections, appreciates, The Drop)
• Send you important notifications (friend requests, weekly cycle updates)
• Diagnose and fix technical issues
• Improve the App based on aggregate usage patterns

We never:

• Sell your personal information to third parties
• Use your photos for advertising or training AI models
• Share your data with data brokers
• Build advertising profiles from your usage
• Use algorithmic targeting or manipulation

3. Third-Party Services

Roll uses the following third-party services to operate:

• Firebase Authentication (Google LLC) — Account creation and sign-in
• Cloud Firestore (Google LLC) — Database for user profiles, social connections, and grid data
• Firebase Cloud Storage (Google LLC) — Photo storage
• Firebase Crashlytics (Google LLC) — Crash reporting and diagnostics
• Firebase Analytics (Google LLC) — Anonymous usage analytics
• Apple Sign In (Apple Inc.) — Authentication provider
• Google Sign In (Google LLC) — Authentication provider

These services have their own privacy policies. We encourage you to review them:

• Firebase Privacy Policy
• Apple Privacy Policy

4. Data Storage and Security

Your data is stored on Firebase servers located in the United States. We implement industry-standard security measures including:

• Encrypted data transmission (TLS/SSL)
• Firebase Security Rules restricting data access to authorized users
• Authentication-gated access to all user data
• Photos are only accessible to you and your mutual friends

While we use commercially reasonable efforts to protect your data, no method of electronic storage is 100% secure.

5. Data Retention

• Account data: Retained as long as your account is active
• Photos: Retained as long as your account is active. Burned photos are permanently deleted.
• Published grids: Retained as long as your account is active and visible to friends
• Analytics data: Aggregated and anonymized; retained for up to 14 months
• Crash reports: Retained for up to 90 days

6. Your Rights

You have the right to:

• Access your data: View your profile, photos, and grids within the App
• Correct your data: Edit your profile information at any time
• Delete your account: Permanently delete your account and all associated data from Settings within the App. This action is irreversible and removes your profile, photos, grids, and social connections.
• Export your data: Contact us to request a copy of your data

For California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

For EU/EEA residents (GDPR): You have additional rights including data portability, restriction of processing, and the right to lodge a complaint with a supervisory authority. Our legal basis for processing is contract performance (providing the App) and legitimate interest (improving the App).

7. Children's Privacy

Roll is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us.

8. Push Notifications

With your permission, we may send push notifications for:

• Friend requests
• Weekly cycle updates (Darkroom opens, The Drop is live)
• Appreciates received

You can disable push notifications at any time through your device settings.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy within the App and updating the "Effective Date" above. Your continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: support@rollweekly.com