Rolio← Back to home

Privacy Policy

Effective: June 22, 2026  |  Last Updated: June 22, 2026

Blue Athena LLC (“Company,” “we,” “us,” or “our”) operates the Rolio platform accessible at https://getrolio.app (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you or your organization uses our Service.

This Privacy Policy applies to all users of Rolio, including organization administrators (“Admins”), organization members whose data is stored in the directory (“Members”), and visitors to our website.

1. Information We Collect

1.1 Information Provided by Organization Administrators

  • Name, email address, and password for the Admin account
  • Organization name, type, and subdomain slug
  • Billing information (processed securely through Stripe — we never store raw card data)
  • Organization logo, color preferences, and visibility settings
  • Email template customizations and broadcast email content

1.2 Member Directory Data

Admins may add member records including: first/last name, email, phone, address, profile photo, cover photo, birthday, social media links, bio, group memberships, custom fields, join date, and member status.

Important: The organization Admin is the data controller for all member data. Blue Athena LLC acts as a data processor on behalf of the Admin organization. Admins are responsible for ensuring they have proper consent to store member data.

1.3 Magic Link and Authentication Data

  • Email address used to request access or profile updates
  • IP address and timestamp of link requests (for security)
  • Session tokens stored in the Member’s browser localStorage

1.4 Usage and Technical Data

  • Log data (IP addresses, browser type, pages visited, timestamps)
  • Device information (operating system, screen resolution)
  • Cookies and similar tracking technologies
  • API usage metrics for billing and rate limiting

1.5 Payment Information

All payment processing is handled by Stripe, Inc. We do not store credit card numbers or CVV codes. We store only the Stripe Customer ID and subscription status. See Stripe’s Privacy Policy at https://stripe.com/privacy.

1.6 Communications

If you contact us for support, we collect the content of your communications and your contact information to respond to you.

2. How We Use Your Information

2.1 Providing and Improving the Service

  • Creating and managing organization accounts and member directories
  • Processing payments and managing subscriptions
  • Sending transactional emails (magic links, confirmations, billing receipts)
  • Monitoring and improving performance, security, and reliability
  • Developing new features based on usage patterns

2.2 Security and Fraud Prevention

  • Verifying identity through magic link authentication
  • Detecting and preventing unauthorized access and fraud
  • Enforcing rate limits to prevent spam and bot activity
  • Maintaining audit logs of data changes

2.3 Communications

  • Sending service-related notifications
  • Sending product updates and newsletters (you may opt out at any time)
  • Responding to support requests

2.4 Legal Compliance

  • Complying with applicable laws and legal processes
  • Enforcing our Terms of Service
  • Protecting rights and safety of users and the public

2.5 AI-Powered Features

If your organization subscribes to the AI Power Bundle, we may process member directory data through AI models (including Anthropic’s Claude API) to provide features such as natural language search and automated reports. This processing is not used to train AI models and can be disabled by contacting support.

3. How We Share Your Information

We do not sell your personal information. We share only in these circumstances:

3.1 Service Providers

  • Stripe, Inc. — payment processing
  • Resend, Inc. — transactional email delivery
  • Cloudflare, Inc. — DNS, CDN, security, and file storage
  • MongoDB, Inc. — database hosting
  • Vercel, Inc. — application hosting
  • Anthropic, PBC — AI processing (AI Power Bundle subscribers only)

3.2 Organization Administrators

Member data is accessible to Admins of the organization that created the record.

3.3 Other Members of Your Organization

Member data may be visible to authenticated members per Admin visibility settings.

3.4 Public Directory

If Admin enables public directory, certain fields may be publicly visible. Contact information is hidden by default.

3.5 Legal Requirements

We may disclose information when required by law or to protect rights and safety.

3.6 Business Transfers

If Blue Athena LLC is acquired, data may transfer with notice and opportunity to export.

4. Data Retention

  • Active organization data: retained while subscription is active
  • Cancelled accounts: 90 days retention, then permanent deletion
  • Billing records: 7 years (tax law requirement)
  • Security logs: 12 months
  • Magic link tokens: auto-deleted by TTL index after expiry
  • Support communications: 2 years

5. Data Security

  • All data transmitted over HTTPS/TLS
  • Passwords hashed with bcrypt (cost factor 12)
  • Magic link tokens hashed with SHA-256
  • Cloudflare Turnstile bot protection on public forms
  • Rate limiting on all public API endpoints
  • MongoDB Atlas with encryption at rest
  • API keys stored as environment variables, never in code

6. Your Rights and Choices

  • 6.1 Access and Correction — via Rolio dashboard or magic link
  • 6.2 Deletion — contact legal@getrolio.app
  • 6.3 Data Portability — export CSV/vCard/JSON anytime from dashboard
  • 6.4 Opt-Out of Marketing — unsubscribe link in emails or contact support
  • 6.5 California Residents (CCPA) — right to know, delete, opt-out of sale (we don’t sell), non-discrimination
  • 6.6 EU/EEA Residents (GDPR) — right of access, rectification, erasure, restriction, portability, objection, withdrawal of consent. Contact legal@getrolio.app. Legal basis: contract performance, legitimate interests, consent, legal obligation.

7. Cookies and Tracking

  • Essential cookies: Required for authentication. Cannot be disabled.
  • Preference cookies: Remember settings.
  • Analytics cookies: Privacy-respecting analytics only.
  • Member sessions stored in localStorage, not used for advertising.

8. Children’s Privacy

The Service is not directed to children under 13. Organizations managing directories of minors are responsible for obtaining parental consent.

9. Third-Party Links

We are not responsible for the privacy practices of linked third-party websites.

10. International Data Transfers

The Service is operated from the United States. EU/EEA users: we ensure appropriate safeguards including standard contractual clauses where applicable.

11. Changes to This Privacy Policy

We will notify you of material changes by email and by posting an updated policy.

12. Contact Us

Blue Athena LLC — Privacy Officer
Email: legal@getrolio.app
Support: support@getrolio.app
Website: https://getrolio.app

We aim to respond within 5 business days.