Privacy Notice

1. Who we are

ROIify is operated by Sole trader, an unincorporated sole trader trading as ROIify. Sole trader is the data controller for personal data collected through roiify.app. You can contact us at support@roiify.app.

2. What data we collect and why

Category	Purpose	Legal basis
Name, email, login credentials	Account creation and access	Contract performance
Calculation inputs and saved scenarios	Providing the Service	Contract performance
Support messages	Responding to your enquiries	Legitimate interests
Usage, telemetry, device identifiers, IP address	Security, fraud prevention, debugging, product improvement	Legitimate interests
Marketing email address (if you opt in)	Sending product updates and tips	Consent

Payment data is collected directly by Paddle when you check out — we do not see or store your card details.

3. Who we share data with

Paddle — our Merchant of Record. Paddle handles checkout, subscription management, payments, tax compliance, and invoicing on our behalf. See Paddle's Privacy Policy.
Service providers and subprocessors — including our hosting and database provider (Supabase) and analytics tooling. They process data only on our instructions.
Professional advisers — legal and accounting advisers where necessary.
Authorities — where required by law, court order, or to protect our rights.

We do not sell your personal data.

4. International transfers

Some of our providers (including Paddle and Supabase) may process data outside the UK and EEA. Where this happens we rely on appropriate safeguards such as the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or adequacy decisions.

5. How long we keep your data

We keep account data for as long as your account is active. After you delete your account, we remove personal data within 90 days, except where we are required to retain it for legal, accounting, or fraud-prevention reasons (typically up to 7 years for financial records). Anonymised aggregate data may be retained indefinitely.

6. Your rights

Under UK GDPR and EU GDPR you have the right to: access your data; rectify inaccurate data; erase your data; restrict or object to processing; data portability; and withdraw consent at any time where processing is based on consent. To exercise any of these rights, email support@roiify.app. We will respond within one month.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.

7. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. No system is perfectly secure, so we cannot guarantee absolute security.

8. Cookies

We use essential cookies and local storage required to keep you signed in and remember your preferences. We may also use privacy-friendly analytics cookies to understand how the Service is used. You can manage cookies through your browser settings; disabling essential cookies will prevent the Service from functioning correctly.

9. Changes to this notice

We may update this notice from time to time. Material changes will be notified by email or in-app notice.

10. Contact

For any privacy questions or to exercise your rights, contact support@roiify.app.