Politique de Confidentialite

This policy explains what personal data Rollerstat processes and how it is handled.

Last updated: March 7, 2026

This legal page is currently published in English for legal consistency. In case of any conflict, the English version controls.

1. Who we are

Rollerstat is operated by Asadullah Khan (individual operator). In this policy, "Rollerstat", "we", "our", and "us" refer to this operator and website.

Rollerstat currently operates as an individual-run service. If and when a company is incorporated later, this policy will be updated to reflect the new legal entity details.

  • Controller/Owner: Asadullah Khan
  • Public contact (email-only): rollerstat@rollerstat.com
  • Website: rollerstat.com

2. Scope

This policy applies to the public Rollerstat website, newsletter subscription flows, comment/reaction features, and related admin moderation operations.

3. Data we collect

3.1 Account and sign-in data (Google sign-in)

  • Name
  • Email address
  • Profile image (if provided by your Google account)
  • Technical identifiers needed for session/auth handling

3.2 Comment and interaction data

  • Comment text, timestamps, moderation status
  • Reaction choice and aggregated reaction counts
  • Device-derived pseudonymous identifier/hash for reaction controls

3.3 Newsletter data

  • Email address
  • Optional first/last name
  • Locale preference and subscription lifecycle metadata

3.4 Contact form data

  • Name
  • Email address
  • Message content

3.5 Technical and security data

  • Server logs and basic request metadata needed for security/operations
  • Session/cookie values required for login and feature integrity

4. Why we process data

  • To authenticate users and maintain secure sessions
  • To publish and moderate comments and reactions
  • To run newsletter subscribe/unsubscribe flows
  • To answer contact form submissions
  • To operate, secure, and improve service reliability
  • To comply with legal obligations (for example unsubscribe compliance records)

5. Legal bases (GDPR)

  • Performance of a contract/service request (account/session and requested features)
  • Consent (newsletter subscriptions and similar opt-ins)
  • Legitimate interests (security, abuse prevention, product operation)
  • Legal obligation (where required by law)

6. Processors and recipients

We use third-party providers to operate the service. These may process data on our behalf:

  • Supabase (database and backend services)
  • Google OAuth/Auth services (user sign-in)
  • Brevo (newsletter and transactional email workflows)
  • Cloudinary (media hosting/processing)
  • Hosting/infrastructure provider(s) used to serve the apps

7. International transfers

Data may be processed in countries other than your own, including the United States and other regions where our providers operate infrastructure. Where applicable, we rely on provider contractual safeguards for cross-border processing.

8. Data retention

Retention windows currently used by policy:

  • Comments: retained until user/admin deletion or moderation action; records marked deleted are purged within 30 days.
  • User profile/auth linkage records: retained while account is active, then up to 30 days after deletion flow.
  • Reaction/device hash records: retained up to 12 months on a rolling basis.
  • Contact form submissions: retained up to 12 months for support/operations.
  • Newsletter records: retained until unsubscribe and compliance lifecycle handling.
  • Backups: disaster-recovery snapshots may retain deleted records for up to 90 days before purge.

Backup retention does not mean public display. It only means historical encrypted backup copies may continue to exist for recovery for a limited period.

9. Your rights

Depending on your jurisdiction, you may have rights to:

  • Access your personal data
  • Correct inaccurate data
  • Delete data (subject to legal/operational limits)
  • Object to or restrict specific processing
  • Withdraw consent for consent-based processing
  • Lodge a complaint with your local supervisory authority

To submit a request, contact rollerstat@rollerstat.com.

10. Cookies and similar technologies

Rollerstat currently uses essential cookies/storage for session/auth behavior and feature integrity (for example comment/reaction state and login sessions). We do not currently run ad-tech profiling on these legal pages.

If non-essential analytics or marketing trackers are introduced later, this policy and user controls will be updated accordingly.

11. Security

We apply reasonable technical and organizational measures to protect data from unauthorized access, loss, misuse, or alteration. No internet system is perfectly secure, and absolute security cannot be guaranteed.

12. Children

Rollerstat is not intended for users under 16 years of age.

13. Changes to this policy

We may update this policy from time to time. Updates are posted on this page with a revised "Last updated" date.

14. EU representation notice

Under GDPR Article 27, Rollerstat's EU representative is:

  • Name: Naved Ahmad
  • Address: 3 Rue de Gorges, 44000 Nantes, France
  • Email: navedmoin67@gmail.com
  • Phone: +33 6 42 35 57 58

15. Contact

  • Email-only legal contact: rollerstat@rollerstat.com
  • Operator: Asadullah Khan