Roldesk
Sign up

Legal

Privacy Policy

Last updated May 28, 2026

This Privacy Policy explains how Roldesk Digital Solutions LLC("Roldesk", "we", "our", "us") collects, uses, shares, and protects personal information when you use the Roldesk website at www.roldesk.com, the Roldesk web and mobile applications, and any related services (collectively, the "Service"). It covers the rights of individuals in the United States (including California under the CCPA/CPRA), the European Union and European Economic Area (under the GDPR), the United Kingdom (under the UK GDPR and Data Protection Act 2018), and other jurisdictions with comparable laws.

Roldesk Digital Solutions LLC is a Wyoming limited-liability company with its principal address at 30 N Gould St, Ste N, Sheridan, WY 82801, USA. For privacy questions, contact info@roldesk.com.

1. Data controller / business roles

For information we collect about you directly (account registration, billing, marketing communications, support requests, telemetry on your use of the Service), Roldesk acts as the data controller under the GDPR / UK GDPR and as a business under the CCPA/CPRA.

For information you upload, create, or process inside your workspace(your end-customers' contact details, work-order data, photos, signatures, notes, etc.), Roldesk acts as a data processor / service providerand you are the data controller / business. A Data Processing Addendum (DPA) is available on request from info@roldesk.com and applies automatically to paid customers.

2. Information we collect

2.1 Information you provide

  • Account information — name, work email, password (hashed by Supabase Auth), optional profile fields (phone, photo, job title).
  • Workspace data — anything you upload or create inside the Service: customers, work orders, invoices, quotes, photos, files, schedules, parts inventory, members, and any text you enter.
  • Billing information — billing contact details when you subscribe to a paid plan. Payment-card details are tokenised by our payment processor (Stripe, when enabled) and never stored on our servers.
  • Communications — when you contact us through forms, email, or in-product chat, we keep your messages and any attachments.
  • Demo / contact requests — name, email, company, phone, industry, team size, and any free-text notes you submit via the marketing site.

2.2 Information we collect automatically

  • Usage telemetry — pages visited, features used, session duration, click events, error logs, browser type, OS, device identifiers, IP address, and approximate location derived from IP.
  • Cookies and similar technologies — see our Cookie Policy. Strictly-necessary cookies are set on first visit; non-essential cookies are only set after you opt in via our cookie banner.
  • Location (mobile only) — if a workspace owner enables GPS tracking on the Roldesk mobile app, we collect device location while the app is in use and, when permitted, in the background, to power dispatch and routing.

2.3 Information from third parties

We may receive information about you from authentication providers (Supabase Auth), email and SMS delivery providers, bot-protection (Cloudflare Turnstile), analytics providers, payment processors (Stripe), and partners you ask to share data with us.

3. How we use information

PurposeLawful basis (GDPR / UK GDPR)
Provide and operate the Service (authentication, dispatch, scheduling, customer portal, billing, reports).Performance of a contract.
Improve and develop features, fix bugs, analyse usage trends.Legitimate interests in operating and improving a secure, performant Service.
Security, fraud prevention, abuse detection.Legitimate interests; legal obligation.
Service announcements, security alerts, support replies.Performance of a contract; legitimate interests.
Marketing emails and newsletter.Consent (which you can withdraw at any time).
Comply with legal obligations (tax, accounting, response to lawful requests).Legal obligation.

4. Who we share with — subprocessors

We do not sell or rent your personal information. We share it only with the following categories of third parties, each under a written contract that limits their use of the data:

  • Supabase, Inc. (USA) — managed Postgres, authentication, file storage, edge functions.
  • Cloudflare, Inc. (USA) — CDN, DDoS protection, Turnstile bot challenge.
  • Stripe, Inc. (USA) — payment processing (only when paid plans are enabled).
  • Anthropic, PBC (USA) — the AI agent inside the platform-admin console (only owner/team-member prompts and authorised tool reads; no end-customer data is sent unless explicitly retrieved by a tool call).
  • Email and SMS delivery providers — for transactional and (with consent) marketing communications.
  • Hosting and infrastructure providers — supporting the deployment of the Service.

A current list of subprocessors with locations is available on request from info@roldesk.com. We will notify customers of material changes before a new subprocessor begins processing customer data.

5. International data transfers

Roldesk operates in the United States. When we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States or another country that has not received an adequacy decision, we rely on appropriate safeguards — primarily the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Addendum — together with supplementary technical and organisational measures.

EU/EEA and UK users may request a copy of the relevant safeguard documentation by emailing info@roldesk.com.

6. Data retention

  • Workspace data — retained for as long as your account is active. After cancellation we retain it for a 90-day grace period so you can restore the account, then it is permanently deleted or anonymised.
  • Account and billing records — retained for up to seven (7) years after account closure to meet US tax and accounting obligations; longer if required by law.
  • Marketing-consent records — retained for up to three (3) years after withdrawal, to demonstrate compliance.
  • Audit logs — retained for up to two (2) years for security and incident-response.
  • Server / access logs — typically retained for 30–90 days.

7. Your rights — European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, you have the following rights under the GDPR / UK GDPR (subject to limitations and exemptions in the applicable law):

  • Right of access — obtain confirmation that we process your personal data and a copy of it.
  • Right to rectification — correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — request deletion of your data.
  • Right to restriction of processing.
  • Right to data portability — receive your data in a structured, commonly-used, machine-readable format.
  • Right to object — including objecting to processing based on legitimate interests and to direct marketing.
  • Right to withdraw consent at any time, without affecting the lawfulness of prior processing.
  • Right not to be subject to a decision based solely on automated processing with legal or similarly significant effects. (We do not currently use such automated decisions.)
  • Right to lodge a complaint with your local supervisory authority — for example, the EDPB members list (EU/EEA), or the Information Commissioner's Office (ICO) in the UK.

To exercise any of these rights, email info@roldesk.com. We will respond within one month, extendable by two months for complex requests, as permitted by the GDPR. We may need to verify your identity before responding.

8. Your rights — California residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to know the categories and specific pieces of personal information we have collected about you, the sources, the business or commercial purposes for collection, and the categories of third parties with whom we share it.
  • Right to delete personal information we hold about you, subject to certain exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of the "sale" or "sharing" of personal information. Roldesk does not sell or share personal information as those terms are defined under the CCPA/CPRA. Accordingly, we do not provide a "Do Not Sell or Share My Personal Information" link because there is nothing to opt out of.
  • Right to limit the use and disclosure of sensitive personal information. We do not use sensitive personal information for purposes that would require this option (we only use it as needed to provide the Service you asked for).
  • Right to non-discrimination for exercising any of these rights.
  • Authorized agents may submit requests on your behalf, with your written permission and proof of identity.

8.1 Categories of personal information (CCPA Cal. Civ. Code §1798.140)

In the past twelve (12) months we have collected the following categories of personal information:

  • Identifiers — name, email address, phone, IP address, account / device identifiers.
  • Customer records (Cal. Civ. Code §1798.80(e)) — billing address, payment information (handled by Stripe), employer.
  • Commercial information — subscription history, plan tier.
  • Internet / network activity — usage of the Service, browser/device, referring URLs.
  • Geolocation — approximate (IP-derived) and, with consent, precise GPS (mobile app, technician role).
  • Professional / employment information — job title, company, team size.
  • Inferences drawn from the above for service improvement.

To submit a CCPA request, email info@roldesk.com with the subject line "California Privacy Request". We will respond within 45 days (extendable by 45 days where reasonably necessary).

9. Your rights — other US states

If you live in Colorado, Connecticut, Virginia, Utah, Texas, Oregon, or another US state with a comprehensive consumer privacy law, you have similar rights to access, correct, delete, and port your personal information, and to opt out of targeted advertising and sales. We do not engage in targeted advertising or the sale of personal information. To exercise any state-law right, email info@roldesk.com with the subject line "Privacy Request — [state]".

10. Security

We implement administrative, technical, and physical safeguards designed to protect personal information — including encryption in transit (TLS 1.2+), encryption at rest where supported by our infrastructure, hashed passwords (Supabase Auth), access controls, audit logging, and regular security reviews. No method of transmission over the internet or electronic storage is 100% secure, however, and we cannot guarantee absolute security. We will notify affected users and regulators of a personal-data breach within 72 hours where required by the GDPR / UK GDPR or applicable US state laws.

11. Children

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16 (or under 13 where the COPPA applies). If you believe a child has provided us with personal information, please contact us so we can delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we update the "Last updated" date and, for material changes, give additional notice through the Service or by email. Your continued use after the effective date constitutes acceptance of the updated policy.

13. Contact and EU/UK representative

Controller: Roldesk Digital Solutions LLC
30 N Gould St, Ste N, Sheridan, WY 82801, USA
Email: info@roldesk.com
Web: www.roldesk.com

We do not currently process personal data on a scale that requires the appointment of an Article 27 GDPR EU representative or an Article 27 UK-GDPR UK representative. We will appoint one if our processing footprint changes and update this policy accordingly. In the meantime, EU/EEA and UK residents can contact us directly using the details above.