Privacy Policy

1. Introduction and Scope

This Privacy Policy ("Policy") is entered into by and between JoinRollin Inc ("Company," "we," "our," or "us"), the operator of the ROLLIN platform, and you ("User," "you," or "your"), the individual accessing or using the ROLLIN website, application, API, or any related services (collectively, the "Service" or "Platform"). This Policy governs the collection, use, processing, storage, disclosure, and protection of personal information and data obtained through the Service located at joinrollin.com and all associated subdomains, APIs, and endpoints.

By accessing, browsing, or otherwise using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy in its entirety. If you do not agree with any provision of this Policy, you must immediately discontinue use of the Service. This Policy is incorporated by reference into our Terms of Service and should be read in conjunction therewith.

JoinRollin Inc reserves the right to modify, amend, or update this Policy at any time, in its sole discretion. Material changes will be communicated through reasonable means, including but not limited to posting a revised Policy on this page with an updated "Last Updated" date, sending notification via email to registered users, or displaying a prominent notice within the Service. Your continued use of the Service following the posting of any modifications constitutes your binding acceptance of such changes.

2. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them below:

• "Personal Information" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular individual or household. This includes, without limitation, name, email address, IP address, device identifiers, and account credentials.
• "Usage Data" means information automatically collected through your interaction with the Service, including but not limited to pages visited, features used, search queries, API call metadata, timestamps, referring URLs, and interaction patterns.
• "Community Contribution Data" means any accessibility feedback, ratings, reviews, venue reports, feature requests, bug reports, or other user-generated content submitted to the Platform.
• "API Data" means information related to the use of the ROLLIN Application Programming Interface, including API key identifiers, request metadata, rate limit counters, endpoint usage statistics, and associated account information.
• "Payment Data" means financial information processed in connection with paid subscriptions or API tier upgrades, including billing address, subscription status, and payment method identifiers (but expressly excluding full payment card numbers, which are handled exclusively by our payment processor).
• "Aggregated Data" means data that has been de-identified, anonymized, or combined in such a manner that it can no longer reasonably be used to identify a specific individual.

3. Information We Collect

3.1 Account Registration Information

When you create an account on the ROLLIN platform, we collect the following categories of Personal Information:

• Email Address: Required for account creation, authentication, transactional communications, and account recovery. Your email address serves as your primary account identifier.
• Display Name: An optional, user-selected identifier that may be displayed in connection with your community contributions. You are not required to use your legal name.
• Password: Your account password is cryptographically hashed using industry-standard algorithms prior to storage. We do not store, access, or have the ability to retrieve your plaintext password at any time.
• OAuth Profile Data: If you elect to authenticate via a third-party identity provider (such as Google Sign-In), we receive limited profile information as authorized by you through the provider's consent flow, which may include your name, email address, and profile image URL. We do not receive or store your third-party account password.

3.2 API Developer Account Information

When you register for API access through the ROLLIN Developer Portal, we additionally collect:

• API Key Identifiers: Unique key identifiers generated for your account. API keys are cryptographically hashed (SHA-256) prior to storage in our database. The plaintext key is displayed to you exactly once at the time of generation and is not retrievable thereafter.
• Tier and Subscription Information: Your selected API tier (Free, Developer, Business, or Enterprise), associated rate limits, usage quotas, and subscription status.
• API Usage Metrics: Per-key request counts aggregated by minute, hour, day, and month; endpoint-specific usage statistics; error rates; and rate limit events. These metrics are retained for billing, abuse prevention, and service optimization purposes.
• Intended Use Description: Information you voluntarily provide about your intended use of the API, collected during registration to ensure compliance with our acceptable use policies.

3.3 Payment and Billing Information

When you subscribe to a paid API tier or make any purchase through the Service, payment processing is handled exclusively by Stripe, Inc. ("Stripe"), our third-party payment processor. In connection with payment transactions:

• Information Sent to Stripe: Your email address and selected subscription plan are transmitted to Stripe to initiate the checkout session.
• Information Stored by Stripe: Full payment card numbers, CVV/CVC codes, and complete billing details are collected, processed, and stored exclusively by Stripe in accordance with PCI DSS Level 1 compliance standards. We never receive, transmit, or store your full payment card number.
• Information Returned to Us: Upon successful payment, Stripe returns to us a Stripe Customer ID, Stripe Subscription ID, payment status, billing cycle dates, and a truncated card identifier (last four digits and card brand) for your reference. This information is stored in our database to manage your subscription lifecycle.
• Webhook Event Data: Stripe transmits webhook notifications to our servers regarding subscription lifecycle events (e.g., successful payments, failed charges, cancellations, renewals). These events contain subscription metadata but do not include full payment card information.

3.4 Community Contribution Data

When you submit accessibility feedback, venue reports, or other community contributions through the Platform, we collect:

• Accessibility Feedback: Your ratings, reviews, and assessments of venue accessibility features, including but not limited to wheelchair access, ramp availability, restroom accessibility, door widths, and surface conditions.
• Submission Metadata: Timestamps, the venue or location associated with your submission, and your account identifier (used internally for trust scoring but not displayed publicly).
• Trust and Accuracy Metrics: We maintain internal trust scores derived from the consistency and approval history of your contributions. These scores are used algorithmically to weight the reliability of submissions and are never disclosed to other users or third parties.
• Saved Places: Venues you choose to save or bookmark within the Platform, stored in association with your account for your personal reference.

3.5 Platform Feedback Data

We may collect feedback you voluntarily provide regarding the Platform itself, including:

• Bug Reports: Descriptions of technical issues, errors, or unexpected behavior you encounter while using the Service, along with any supporting context you choose to provide (such as browser type, steps to reproduce, or screenshots).
• Feature Requests: Suggestions, ideas, or requests for new features or improvements to the Platform.
• General Feedback: Satisfaction surveys, usability feedback, or other evaluative information you voluntarily submit.

Platform feedback is collected only with your affirmative consent at the time of submission. You are never required to submit feedback as a condition of using the Service. Feedback may be associated with your account for follow-up purposes but will not be publicly attributed to you without your express permission.

3.6 Location Data

We collect location-related information in the following limited circumstances:

• Explicit Location Queries: When you use the "near me" search feature or grant browser or device geolocation permission, your approximate geographic coordinates are used to return relevant nearby results. This data is processed in real-time and is not persistently stored on our servers.
• Venue-Associated Location Data: When you submit accessibility feedback, the geographic coordinates of the venue (not your personal location) are recorded in association with your submission.
• Search Queries: Geographic search terms you enter (e.g., city names, zip codes, neighborhood names) are processed to return relevant results. Anonymized, aggregated search query data may be retained for service improvement purposes.

Important: On the ROLLIN website, we do not continuously track, monitor, or store your real-time geographic location. Browser geolocation access is requested only when you explicitly invoke location-based features, and you may deny or revoke this permission at any time through your browser settings without any degradation of core Platform functionality.

3.6.1 Mobile Application Location Data

The ROLLIN iOS mobile application ("App") collects and uses location data differently from the website in order to provide enhanced features. By using the App, you may grant location permissions that enable the following:

• Foreground Location: When you use the App's Browse, Discover, or search features, your current location is used to find accessible venues near you. This requires "When In Use" location permission.
• Background Location: If you grant "Always" location permission, the App uses significant location change monitoring to detect when you are near a saved or previously visited accessible venue. This enables proximity-based notifications and automatic check-in detection. Background location uses cell-tower-level accuracy (approximately 500 meters) and does not continuously track GPS coordinates.
• Geofencing: The App may register geofences (up to 20 at a time) around your saved places to trigger arrival notifications. Geofence entry and exit events are logged to your visit history if you are signed in.
• Visit Tracking: When you check in at a venue (either manually or via automatic detection), the App records the visit including the venue, entry time, exit time, and your location at the time of check-in. This data is stored in your account and used for personalized recommendations and community impact statistics.
• On-Device Storage: Your last known latitude and longitude may be cached locally on your device (via UserDefaults) to provide faster search results on subsequent app launches. This data is not transmitted to our servers.

You may revoke location permissions at any time through your device's Settings app. Revoking "Always" location permission will disable background notifications and automatic check-in detection but will not affect core App functionality. Revoking all location permissions will require you to search by city or state name instead of using "near me" features.

3.6.2 Apple App Store Purchase Information

If you purchase the ROLLIN Concierge iOS application from the Apple App Store, the purchase transaction is processed entirely by Apple Inc. under Apple's terms and privacy policy. We do not receive your payment method, full Apple ID, billing address, or transaction details. We may receive from Apple an anonymized app-install confirmation and aggregate, non-identifying purchase counts for the purpose of measuring distribution. In-app purchase receipts, if any are introduced in the future, would be verified with Apple's servers using the opaque receipt identifier provided by Apple, and would not expose your Apple account information to us.

3.6.3 Natural-Language Search Queries (Ask ROLLIN)

When you use the "Ask ROLLIN" natural-language search feature on the website or in the iOS application, your query text is processed to return ranked venue matches. Queries are logged in aggregate form for service-quality improvement, debugging, and to improve ranking over time. We do not link individual queries to identifying information about you when you are not signed in. When you are signed in, queries may be associated with your account for the limited purpose of improving your personalized recommendations; you can request deletion of this query history at any time by contacting us. We do not sell, share, or license query data with any third party.

3.7 Device and Technical Information

When you access the Service, our hosting infrastructure and analytics tools may automatically collect certain technical information, including:

• IP address (anonymized where technically feasible)
• Browser type, version, and language settings
• Operating system and device type
• Screen resolution and viewport dimensions
• Referring URL and exit pages
• Pages visited and features used within the Service
• Date, time, and duration of access

We use Simple Analytics, a privacy-first analytics service that does not use cookies, does not collect personal data, and does not track users across websites. Simple Analytics is fully compliant with GDPR, CCPA, and PECR without requiring cookie consent banners. For more information, see Simple Analytics' privacy policy.

3.7.1 Mobile Application Data

The ROLLIN iOS App collects the following additional technical information:

• App Analytics: The App collects anonymous usage events (screen views, searches, saves, shares) associated with a randomly generated session identifier. These events are batched and sent to our analytics endpoint. No device identifiers (IDFA, IDFV) are collected. No third-party analytics SDKs are used.
• Authentication Data: When you sign in via Google or Apple, the App receives your name, email address, and profile photo URL from the identity provider. This data is stored in your ROLLIN profile. You may update or delete this information at any time.
• On-Device Preferences: The App stores your preferences (notification settings, accessibility priorities, cuisine preferences, haptic feedback settings) locally on your device using Apple's UserDefaults system. This data is not transmitted to our servers unless you explicitly save preferences to your account.
• Offline Queue: If you submit accessibility feedback or a new location while offline, the submission is stored locally on your device and automatically transmitted when network connectivity is restored.
• Live Activities: When you check in at a venue, the App may display a Live Activity on your Lock Screen and Dynamic Island showing the venue name, your elapsed time, and accessibility facts. This data is processed entirely on your device and is not transmitted to any server.
• Push Notifications: If you enable notifications, the App sends both local notifications (geofence-triggered, on-device) and remote push notifications via Apple Push Notification service (APNs). To deliver remote push notifications, your device token (a unique identifier assigned by Apple, not an advertising identifier) is stored on our servers. Push notifications may include personalized content such as your first name. You may disable push notifications at any time through iOS Settings. We enforce quiet hours (no push notifications between 10:00 PM and 10:00 AM local time) and respect your Concierge Mode preferences.
• Concierge Mode Preferences: The App offers three notification modes (Active, Gentle, Quiet) that control how proactively the App communicates with you. Your selected mode is stored in your profile and determines push notification frequency, geofence detection behavior, celebration display style, and dashboard content density.
• Experience Feedback: The App allows you to share anonymous qualitative feedback about your experience at venues (staff accommodation, accessibility needs met, willingness to return, and optional free-text comments limited to 280 characters). This feedback is stored on our servers, associated with your user account, and displayed publicly only as anonymous aggregates (percentages). Free-text comments undergo moderation before public display. You may submit one experience feedback per venue per 30-day period.
• Device Motion Data: The App uses Apple's CoreMotion framework to detect device tilt for visual parallax effects (starfield and aurora backgrounds). This motion data is processed entirely on your device in real-time and is never transmitted to our servers or any third party.

The App does not collect or transmit any advertising identifiers (IDFA, IDFV), does not use device fingerprinting, and does not share data with any third-party advertising or analytics networks.

4. How We Use Your Information

We process your information for the following purposes, each of which constitutes a legitimate and lawful basis for processing:

4.1 Service Provision and Operation

• Authenticate your identity and manage your account
• Display accessibility scores, venue information, and community-sourced feedback
• Process and fulfill API requests associated with your developer account
• Manage subscription billing cycles, upgrades, downgrades, and cancellations
• Maintain saved places, preferences, and personalized settings
• Deliver search results based on geographic and categorical queries

4.2 Data Quality and Trust

• Calculate and maintain trust weight scores to determine the reliability of community contributions
• Detect and flag potentially inaccurate, fraudulent, or spam submissions
• Prioritize high-confidence accessibility information in scoring algorithms
• Aggregate community feedback into composite accessibility scores using our proprietary scoring methodology

4.3 Platform Improvement and Analytics

• Analyze anonymized, aggregated usage patterns to improve Platform features and user experience
• Monitor API endpoint performance, availability, and error rates
• Identify geographic areas with high demand to inform coverage expansion decisions
• Evaluate and prioritize bug reports and feature requests

4.4 Communications

• Transactional Communications (Non-Optional): Account verification, password reset, security alerts, subscription confirmations, API key notifications, and material service changes. These communications are essential to the operation of the Service and cannot be opted out of while maintaining an active account.
• Marketing Communications (Opt-In Only): Newsletter updates regarding new coverage areas, accessibility resources, community highlights, feature announcements, and developer ecosystem news. Marketing communications are sent exclusively to users who have affirmatively opted in and may be unsubscribed from at any time.

4.5 Security and Abuse Prevention

• Monitor for and prevent unauthorized access, fraud, spam, denial-of-service attacks, and other malicious activity
• Enforce API rate limits and usage quotas
• Identify and suspend accounts engaged in abusive behavior or terms of service violations
• Automatically clean up inactive free-tier API keys to maintain system integrity

4.6 Legal Compliance

• Comply with applicable laws, regulations, and legal processes
• Respond to lawful requests from governmental authorities
• Establish, exercise, or defend legal claims
• Enforce our Terms of Service and other agreements

5. Email Newsletter and Marketing Communications

When you voluntarily subscribe to our email newsletter, we collect your email address for the purpose of delivering periodic communications, which may include:

• New region launches and expanded geographic coverage areas
• Accessibility tips, guides, and community highlights
• New features, platform updates, and service improvements
• API and developer ecosystem announcements
• Accessibility industry news and advocacy updates

You maintain full control over your subscription. You may unsubscribe at any time by: (a) clicking the "unsubscribe" link included in the footer of every marketing email; (b) adjusting your communication preferences in your account settings; or (c) contacting us directly at hello@joinrollin.com. Unsubscribe requests are processed within two (2) business days.

Email Service Provider: We use Mailchimp (operated by Intuit Inc.) to manage our mailing list and deliver marketing communications. When you subscribe, your email address is transmitted to and stored by Mailchimp on servers located in the United States. Mailchimp processes your information in accordance with their privacy policy. Mailchimp is certified under applicable data protection frameworks and maintains industry-standard security measures for the protection of subscriber data.

6. Information Sharing and Disclosure

We do not sell, rent, lease, or trade your Personal Information to third parties for their marketing purposes. We have never sold Personal Information and have no plans to do so.

We may share or disclose your information only in the following limited and specifically enumerated circumstances:

6.1 Public Community Contributions

Accessibility feedback and ratings you submit are aggregated with other community contributions and displayed publicly as part of composite venue accessibility scores. Individual submissions are anonymized and are not publicly attributed to your account or identity. Your display name is never attached to specific venue scores or feedback visible to other users unless you have explicitly opted into public attribution.

6.2 Service Providers and Sub-Processors

We engage the following third-party service providers to facilitate the operation of the Service. Each provider processes data solely on our behalf, pursuant to contractual obligations that restrict their use of your information to the purposes specified herein:

• Supabase: Authentication services and database hosting. Supabase stores account information, community contributions, API key hashes, and related operational data. (Privacy Policy)
• Stripe, Inc.: Payment processing for paid API subscriptions. Stripe collects and processes payment card information in a PCI DSS Level 1 compliant environment. (Privacy Policy)
• Netlify: Website hosting, content delivery, and serverless function execution. Netlify processes HTTP request data including IP addresses and request metadata. (Privacy Policy)
• Mailchimp (Intuit): Email newsletter management and delivery. Mailchimp stores subscriber email addresses and engagement metrics. (Privacy Policy)
• Simple Analytics: Privacy-first, cookie-free website analytics. Simple Analytics does not collect Personal Information and does not track individual users. (Privacy Policy)

6.3 Third-Party Data Providers

ROLLIN's accessibility data is sourced through a proprietary data pipeline that integrates information from multiple verified sources and third-party data providers. Data obtained from these providers is processed, transformed, and enriched through our proprietary algorithms. We do not share your Personal Information with our data providers, and the data exchange with these providers pertains solely to venue and location information, not user data.

6.4 Legal Obligations and Protection of Rights

We may disclose your information if we believe in good faith that such disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or enforceable governmental request
• Enforce our Terms of Service or other agreements, including investigation of potential violations
• Detect, prevent, or otherwise address fraud, security, or technical issues
• Protect the rights, property, or safety of JoinRollin Inc, our users, or the public as required or permitted by law

6.5 Business Transfers

In the event that JoinRollin Inc is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy proceeding, your information may be transferred as part of that transaction. We will provide notice before your Personal Information is transferred and becomes subject to a different privacy policy. In such event, we will use commercially reasonable efforts to ensure that the acquiring entity maintains protections for your information that are no less protective than those described in this Policy.

6.6 Aggregated and De-Identified Data

We may share Aggregated Data that cannot reasonably be used to identify you with third parties for research, analytics, industry benchmarking, or other lawful purposes. This includes, without limitation, aggregate accessibility statistics, anonymized usage trends, and de-identified geographic coverage metrics.

7. API Usage Data Collection and Processing

If you access the ROLLIN API (whether through a Free, Developer, Business, or Enterprise tier), we collect and process the following categories of API-specific data:

7.1 Request Metadata

• API key identifier (hashed) associated with each request
• Timestamp of each API call
• HTTP method, endpoint path, and query parameters
• Response status code and response time
• IP address of the requesting client
• User-Agent header value

7.2 Rate Limiting and Quota Enforcement

We maintain real-time counters for API requests per key, tracked at per-minute, per-hour, per-day, and per-month intervals. These counters are used to enforce the rate limits and usage quotas associated with your subscription tier. Rate limit data is retained for the duration of the applicable billing period plus a reasonable archival period for dispute resolution.

7.3 Abuse Detection

API request patterns are monitored for indicators of abuse, including but not limited to: excessive request volumes, systematic scraping, unauthorized redistribution of data, circumvention of rate limits through multiple keys, and requests originating from known malicious IP ranges. Automated systems may temporarily or permanently restrict API access in response to detected abuse, subject to review and appeal.

7.4 Inactive Key Cleanup

Free-tier API keys that have been inactive (zero API requests) for an extended period may be automatically deactivated and removed from our systems as part of routine maintenance. You will receive advance email notification prior to key deactivation where feasible. Paid-tier keys are not subject to automatic inactivity cleanup for the duration of an active subscription.

8. Cookies, Local Storage, and Similar Technologies

8.1 Cookies

ROLLIN uses a minimal number of cookies that are strictly necessary for the operation of the Service:

• Authentication Cookies: Session cookies issued by Supabase to maintain your authenticated session. These cookies are essential for login functionality and expire when your session ends or after a defined inactivity period.
• Security Cookies: CSRF (Cross-Site Request Forgery) tokens and related security cookies used to protect against unauthorized form submissions and cross-site attacks.

We do not use third-party advertising cookies, retargeting cookies, or cross-site tracking cookies of any kind. Because our analytics provider (Simple Analytics) is cookie-free, no analytics cookies are set.

8.2 Browser Local Storage

We use browser Local Storage (HTML5 Web Storage API) for the following purposes:

• Location Data Caching: Accessibility data for previously viewed regions may be cached locally to improve page load performance and reduce network requests. This cache can be cleared at any time through your browser settings.
• User Preferences: Your saved places, accessibility filter settings, search preferences, and display settings are stored locally for convenience.
• Authentication Tokens: Supabase authentication tokens are stored in Local Storage to maintain your login session across page navigations.

Local Storage data resides entirely on your device and is not transmitted to our servers except as necessary for authenticated API requests. You may clear Local Storage at any time through your browser's developer tools or settings without affecting your server-side account data.

8.3 Do Not Track Signals

ROLLIN honors Do Not Track ("DNT") signals transmitted by your browser. Because we do not engage in cross-site tracking or serve targeted advertisements, our data collection practices remain the same regardless of DNT signal status. We do not alter our data collection or usage practices in response to DNT signals because our default practices already align with the privacy expectations expressed by such signals.

9. Data Retention

We retain your information for as long as reasonably necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods are as follows:

• Account Information: Retained for the duration of your active account plus thirty (30) days following account deletion to allow for recovery in case of accidental deletion. After this grace period, account data is permanently deleted from our primary databases.
• Community Contributions: Accessibility feedback and ratings are retained indefinitely in anonymized, aggregated form as part of the Platform's accessibility database, even after account deletion. Your individual identity is disassociated from contributions upon account deletion.
• API Usage Logs: Detailed request logs are retained for ninety (90) days for operational and debugging purposes. Aggregated usage statistics (without request-level detail) are retained for the duration of your subscription plus twelve (12) months for billing reconciliation and trend analysis.
• Payment Records: Transaction records, invoices, and subscription history are retained for seven (7) years following the end of the applicable subscription period, as required by tax and financial record-keeping regulations.
• Email Newsletter Subscriptions: Your email address is retained in our Mailchimp subscriber list until you unsubscribe. Upon unsubscription, your email is moved to Mailchimp's suppression list to prevent re-subscription without your consent, in accordance with anti-spam regulations.
• Platform Feedback: Bug reports and feature requests are retained for as long as they remain relevant to Platform development. You may request deletion of specific feedback submissions by contacting us.
• Security and Abuse Logs: Logs related to security incidents, abuse detection, and rate limit violations are retained for up to two (2) years for forensic analysis and legal compliance purposes.
• Inactive Free-Tier API Keys: Automatically deactivated and purged on a periodic basis as described in Section 7.4.

10. Data Security

JoinRollin Inc implements and maintains a comprehensive set of administrative, technical, and physical security measures designed to protect your Personal Information against unauthorized access, alteration, disclosure, or destruction. While no method of electronic storage or transmission over the Internet is 100% secure, we employ the following safeguards:

10.1 Encryption

• In Transit: All data transmitted between your browser/client and our servers is encrypted using TLS 1.2 or higher (HTTPS). Unencrypted HTTP connections are automatically redirected to HTTPS.
• At Rest: Sensitive data stored in our database, including password hashes and API key hashes, is encrypted at rest using AES-256 encryption or equivalent.
• Password Hashing: User passwords are hashed using bcrypt with appropriate cost factors, rendering them computationally infeasible to reverse.
• API Key Hashing: API keys are hashed using SHA-256 prior to database storage. Plaintext API keys are not stored and cannot be recovered after initial generation.

10.2 Access Controls

• Row Level Security (RLS): Our Supabase database enforces Row Level Security policies that ensure users can only access data associated with their own account.
• Principle of Least Privilege: Internal access to production systems and databases is restricted to authorized personnel on a need-to-know basis.
• Environment Variable Isolation: API keys, secrets, database credentials, and other sensitive configuration values are stored in encrypted environment variables and are never committed to source code repositories or exposed in client-side code.

10.3 Infrastructure Security

• The Service is hosted on Netlify's globally distributed infrastructure, which maintains SOC 2 Type II compliance and implements DDoS mitigation, Web Application Firewall (WAF), and automated threat detection.
• Our database is hosted on Supabase's managed infrastructure, which provides automated backups, point-in-time recovery, and network isolation.
• Serverless functions execute in isolated environments with no persistent state between invocations, reducing the attack surface for server-side vulnerabilities.

10.4 Incident Response

In the event of a data breach or security incident that may affect your Personal Information, we will: (a) investigate and contain the incident promptly; (b) assess the scope and severity of the breach; (c) notify affected users without unreasonable delay and in no event later than seventy-two (72) hours after becoming aware of the breach, where required by applicable law; and (d) notify relevant regulatory authorities as required. Breach notifications will include a description of the incident, the categories of data affected, and recommended protective measures.

11. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights with respect to your Personal Information. To exercise any of these rights, please contact us at hello@joinrollin.com. We will respond to verified requests within thirty (30) days, or within the timeframe required by applicable law.

11.1 Right of Access

You have the right to request a copy of the Personal Information we hold about you, including your account data, submission history, API usage records, and any other data associated with your account. We will provide this information in a commonly used, machine-readable format (such as JSON or CSV).

11.2 Right of Rectification

You have the right to request correction of inaccurate or incomplete Personal Information. You may update your email address, display name, and other account settings directly through your account profile. For corrections to other data, please contact us.

11.3 Right of Deletion (Right to Be Forgotten)

You have the right to request deletion of your Personal Information, subject to certain exceptions. Upon a verified deletion request, we will: (a) delete your account and associated Personal Information from our primary databases within thirty (30) days; (b) anonymize your community contributions so they are no longer linked to your identity; (c) instruct our sub-processors to delete your data from their systems; and (d) retain only such information as is required by law or necessary for legitimate business purposes (e.g., financial records, abuse prevention). Please note that deletion is irreversible and that anonymized community contributions will not be removed from the Platform, as they serve the public interest.

11.4 Right to Data Portability

You have the right to receive your Personal Information in a structured, commonly used, and machine-readable format and to transmit that data to another controller. Upon request, we will provide an export of your account data, contribution history, and saved places.

11.5 Right to Restrict Processing

You have the right to request that we restrict the processing of your Personal Information under certain circumstances, such as when you contest the accuracy of your data or object to our processing. During the restriction period, we will continue to store your data but will not process it for purposes other than storage without your consent.

11.6 Right to Object

You have the right to object to the processing of your Personal Information for certain purposes, including direct marketing. If you object to marketing communications, we will cease sending such communications promptly. You may also object to processing based on our legitimate interests, in which case we will evaluate whether our legitimate interests override your rights and freedoms.

11.7 Right to Withdraw Consent

Where we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

11.8 Right to Lodge a Complaint

If you believe that your privacy rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. We encourage you to contact us first so that we may attempt to resolve your concern directly.

12. California Privacy Rights (CCPA/CPRA)

If you are a resident of the State of California, you are afforded additional rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA"). This section supplements the information contained in the rest of this Privacy Policy and applies solely to California residents.

12.1 Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected the following categories of Personal Information as defined under the CCPA:

• Identifiers: Email address, display name, IP address, API key identifiers, Stripe Customer ID
• Commercial Information: Subscription tier, payment history, transaction records
• Internet or Electronic Network Activity: Browsing history within the Service, API request logs, search queries
• Geolocation Data: Approximate location derived from IP address or browser geolocation (only when explicitly requested)
• Inferences: Trust scores derived from contribution history, accessibility preferences inferred from usage patterns

12.2 Sale and Sharing of Personal Information

We do not sell your Personal Information. We have not sold Personal Information in the preceding twelve (12) months and have no intention of doing so. We do not share Personal Information for cross-context behavioral advertising purposes. Because we do not sell or share Personal Information as defined under the CCPA, there is no need to opt out of such practices. However, if you wish to submit a "Do Not Sell or Share My Personal Information" request, you may do so by contacting us at hello@joinrollin.com, and we will confirm that no sale or sharing is occurring.

12.3 Your CCPA Rights

As a California resident, you have the right to:

• Right to Know: Request disclosure of the categories and specific pieces of Personal Information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete: Request deletion of your Personal Information, subject to certain statutory exceptions.
• Right to Correct: Request correction of inaccurate Personal Information.
• Right to Limit Use of Sensitive Personal Information: We do not collect or process sensitive Personal Information as defined under the CCPA for purposes beyond those permitted by the statute.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you the Service, charge you different prices, provide a different level of quality, or suggest that you would receive different treatment for exercising your rights.

12.4 Submitting a Verifiable Request

To exercise your CCPA rights, submit a verifiable consumer request to hello@joinrollin.com. You must provide sufficient information to allow us to reasonably verify your identity (we will typically confirm your identity through the email address associated with your account). You may also designate an authorized agent to submit a request on your behalf, provided that you furnish the agent with signed written permission and we can verify your identity. We will respond to verifiable requests within forty-five (45) calendar days, with the possibility of a one-time forty-five (45) day extension if reasonably necessary, with prior notice to you.

13. Rights of International Users and GDPR Compliance

ROLLIN is operated by JoinRollin Inc from the United States of America. If you access the Service from outside the United States, including from the European Economic Area ("EEA"), the United Kingdom ("UK"), or any other jurisdiction, please be aware that your information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from and may be less protective than those in your country of residence.

13.1 Legal Bases for Processing (EEA/UK Users)

If you are located in the EEA or UK, we process your Personal Information on the following legal bases under the General Data Protection Regulation ("GDPR"):

• Performance of a Contract: Processing necessary to provide you with the Service pursuant to our Terms of Service (e.g., account management, API access, subscription fulfillment).
• Legitimate Interests: Processing necessary for our legitimate interests, provided that such interests are not overridden by your data protection rights (e.g., fraud prevention, service improvement, security monitoring).
• Consent: Processing based on your freely given, specific, informed, and unambiguous consent (e.g., marketing emails, platform feedback submission, geolocation access).
• Legal Obligation: Processing necessary to comply with a legal obligation to which we are subject (e.g., tax record-keeping, law enforcement requests).

13.2 International Data Transfers

Your Personal Information may be transferred to and processed in the United States and other countries where our service providers maintain facilities. Where such transfers occur, we take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy. For transfers from the EEA/UK, we rely on: (a) Standard Contractual Clauses approved by the European Commission; (b) adequacy decisions where applicable; or (c) other lawful transfer mechanisms recognized under applicable data protection law.

13.3 Additional Rights for EEA/UK Residents

In addition to the rights described in Section 11, EEA and UK residents have the right to lodge a complaint with their local data protection supervisory authority. A list of EU data protection authorities can be found at https://edpb.europa.eu.

13.4 Data Protection Officer

For privacy-related inquiries, data protection concerns, or to exercise your rights under GDPR, please contact us at hello@joinrollin.com. Please include "Data Protection" in your subject line to ensure prompt routing to the appropriate team.

14. Children's Privacy

The ROLLIN platform and Service are not directed to, and are not intended for use by, children under the age of thirteen (13) years, or under the age of sixteen (16) years in jurisdictions where the GDPR or equivalent legislation applies. We do not knowingly collect, solicit, or process Personal Information from children under these age thresholds.

If we become aware that we have inadvertently collected Personal Information from a child under the applicable age threshold, we will take immediate steps to delete such information from our servers and systems and, where applicable, instruct our sub-processors to do the same. If you are a parent or legal guardian and believe that your child has provided us with Personal Information without your consent, please contact us immediately at hello@joinrollin.com so that we may take appropriate action.

We encourage parents and guardians to monitor their children's Internet usage and to instruct their children never to provide Personal Information through any online service without parental permission.

15. Accessibility Data and Proprietary Data Pipeline

ROLLIN's accessibility scores and venue information are generated through a proprietary data pipeline that aggregates, cross-references, and enriches data from multiple verified sources, including third-party data providers, publicly available datasets, and community contributions. Our proprietary scoring engine applies weighted algorithms to produce composite accessibility assessments.

All data obtained from third-party sources undergoes substantial transformation, enrichment, and algorithmic processing through our proprietary scoring engine before being incorporated into the Service. The accessibility scores, feature assessments, and composite ratings output by our data pipeline constitute original works of analysis and compilation created by JoinRollin Inc and are not representations of, or substitutes for, the underlying third-party source data. Third-party source data is periodically refreshed, revalidated, and reconciled against multiple independent signals to maintain accuracy and currency; stale or unverifiable source data is subject to automated deprecation, reduced confidence weighting, or removal from active scoring calculations.

The specific data sources, enrichment methodologies, transformation processes, and scoring algorithms employed by our data pipeline constitute trade secrets and confidential business information of JoinRollin Inc. Information about data sourcing practices will not be disclosed beyond what is stated in this Policy.

Community contributions are incorporated into our data pipeline as one of multiple input signals and are subject to quality control measures, including trust weighting and anomaly detection, before influencing publicly visible accessibility scores. In addition to proprietary first-party data collection and administrative verification processes, the Service's data pipeline may incorporate, as supplementary input signals subject to the transformation and enrichment processes described above, information derived from publicly available geographic datasets and community-maintained open data repositories, including without limitation data made available by contributors to collaborative mapping initiatives under applicable open data licenses such as the Open Database License (ODbL v1.0, available at openstreetmap.org/copyright), governmental open data portals, and other publicly accessible structured datasets. The inclusion of any publicly available data source is subject to change without notice as our data pipeline evolves, and no representation is made that any particular third-party dataset is or will continue to be utilized. All such data, regardless of origin, is processed through the same proprietary transformation, cross-referencing, and scoring methodologies described in this Section and is not surfaced to end users in its original or unprocessed form.

16. Third-Party Links and Integrations

The Service may contain links to third-party websites, applications, or services that are not owned or controlled by JoinRollin Inc. This Privacy Policy applies solely to information collected through the ROLLIN platform. We are not responsible for the privacy practices, content, or data collection activities of any third-party websites or services. We encourage you to review the privacy policies of any third-party websites you visit or services you use. The inclusion of a link to a third-party website does not imply endorsement of the linked site or its privacy practices by JoinRollin Inc.

17. Automated Decision-Making

ROLLIN employs automated processing in the following contexts:

• Trust Scoring: Community contribution trust weights are calculated algorithmically based on submission history, approval rates, and consistency metrics. Trust scores affect the weight given to your contributions in aggregate accessibility scores but do not restrict your ability to use the Service.
• API Rate Limiting: Automated systems enforce rate limits and may temporarily block API access when usage thresholds are exceeded. Rate limit events are logged and access is automatically restored when the applicable rate window resets.
• Abuse Detection: Automated monitoring systems may flag or restrict accounts exhibiting patterns consistent with spam, fraud, or terms of service violations. Flagged accounts are subject to human review before permanent action is taken.

You have the right to request human review of any significant automated decision that affects your account or access to the Service. To request review, contact us at hello@joinrollin.com.

18. Governing Law and Jurisdiction

This Privacy Policy and any dispute arising out of or relating to it shall be governed by and construed in accordance with the laws of the State of New York, United States of America, without regard to its conflict of laws principles. Any legal action or proceeding arising under this Policy shall be brought exclusively in the federal or state courts located in New York County, New York, and you hereby irrevocably consent to the personal jurisdiction and venue therein.

Notwithstanding the foregoing, nothing in this section shall be construed to limit or restrict any rights you may have under applicable data protection laws in your jurisdiction of residence, including the GDPR, the UK Data Protection Act 2018, or the CCPA, to the extent that such laws provide for mandatory application regardless of governing law provisions.

19. Changes to This Policy

We reserve the right to modify, amend, or update this Privacy Policy at any time, in whole or in part, at our sole discretion. When we make changes:

• Material Changes: For changes that materially affect your rights or our data processing practices, we will provide prominent notice at least thirty (30) days before the changes take effect, via email notification to registered users, a conspicuous banner on the Service, or both.
• Non-Material Changes: For minor or clarifying changes, we will update the "Last Updated" date at the top of this Policy. We encourage you to review this page periodically.

Your continued use of the Service following the effective date of any modifications to this Policy constitutes your acknowledgment of and agreement to the modified Policy. If you do not agree to the modified Policy, you must discontinue use of the Service and may request account deletion in accordance with Section 11.3.

20. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, your Personal Information, or our data practices, please contact us through any of the following means:

• Email: hello@joinrollin.com
• Subject Line Guidance: For data protection and privacy rights requests, please include "Privacy Request" in the subject line. For CCPA-specific requests, please include "CCPA Request." For GDPR-related inquiries, please include "Data Protection."

We will acknowledge receipt of your inquiry within two (2) business days and will endeavor to provide a substantive response within thirty (30) days, or within the timeframe required by applicable law.

This Privacy Policy constitutes the entire agreement between you and JoinRollin Inc with respect to the subject matter hereof and supersedes all prior or contemporaneous privacy notices, statements, or policies relating to the Service.