Privacy Policy

The short version

Rollby uses your phone's location to notify you when you physically pass a participating business. We collect the minimum data needed to make that work and nothing else. We do not sell your data, share it with advertisers, or use it to build a profile about you.

What we collect

• A user identifier. When you enroll, we generate an anonymous ID stored on your device and in our database. We do not require your name, phone number, or email.
• Location, when a geofence event fires. The Android operating system tells the app when you enter or exit a participating business's geofence. The app sends that event (your user ID, the business's ID, the timestamp, and a coarse location reading) to our server so we can deliver the notification.
• Notification delivery status. Whether the notification was delivered successfully (used for retry and to avoid sending you a duplicate within five minutes).
• Web Push subscription. A device-specific token issued by Apple/Google that lets us deliver notifications. We do not see your phone number or email through this.

What we do NOT collect

• Continuous location tracking. We only see your location at the moment a geofence event fires — not your movements in between.
• Contacts, photos, microphone, camera, or any other device data.
• Advertising identifiers.
• Third-party analytics or tracking SDKs.

Why background location?

Rollby's entire product is the notification you get when you pass a business with your phone in your pocket. That cannot happen unless the Android operating system can monitor a small set of geofences on our behalf while the app is closed. We use the standard OS geofencing API for this — your location is not streamed to our server in the background, and the app does not run a hidden tracking service. The notification you see in your phone's status bar (“Rollby is watching for nearby businesses”) is the OS-required foreground service indicator that confirms the app is using location only for the purpose you allowed.

Who we share with

We share data only with the infrastructure providers Rollby runs on, strictly as needed to deliver the service:

• Supabase — our database. Stores your anonymous user ID and geofence event log.
• Vercel — the server that runs rollby.app. Routes geofence events to the notification system.
• Apple Push Notification service / Google Cloud Messaging — the OS-level notification delivery systems. They receive the notification payload (text only — no location data is included in the push itself).

We do not share your data with advertisers, data brokers, or any other third party. We do not sell your data.

How long we keep it

• Geofence event history: 90 days, then automatically deleted.
• User account / push subscription: until you delete the app or request deletion.

Your controls

• Turn off background location. In your phone's Settings → Apps → Rollby → Permissions → Location, switch to “While using the app” or “Don't allow.” Rollby will stop receiving geofence events; the app will continue to work in the foreground only.
• Delete your account and data. Email privacy@rollby.app and we'll delete your record from the database within 30 days. Or uninstall the app and your push subscription is invalidated immediately; your event history then ages out under the 90-day retention above.

Children

Rollby is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has enrolled, contact privacy@rollby.app and we will delete the record.

Changes to this policy

When we make material changes, we update the “Last updated” date above and notify enrolled users via in-app notification. Continuing to use Rollby after the update means you accept the revised policy.