Privacy Policy - RoleDream

1. Introduction and Data Controller

Welcome to RoleDream. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our work mapping platform and related services (collectively, the "Services").

RoleDream is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller Information

Company Name: RoleDream
Jurisdiction: European Union / European Economic Area
Contact Email: privacy@roledream.com

As the data controller, RoleDream determines the purposes and means of processing your personal data. For Business-to-Business (B2B) customers, we may also act as a data processor when processing data on your behalf according to your instructions.

2. Data We Collect

We collect personal data through various means to provide and improve our Services. Below are the categories of data we collect:

2.1 Account Information

When you create an account, we collect:

Name (first and last name)
Email address
Company or organization name (if applicable)
Authentication credentials (password stored in encrypted form)
Profile information you choose to provide

2.2 Team Data

When you use our team features, we collect:

Team member names and email addresses
Roles and job titles within your organization
Organizational structure information
Permission levels and access settings

2.3 Integration Data

When you connect third-party tools and services, we may collect:

Data from connected third-party applications
API connection information and tokens
Integration configuration settings
Synchronization data between systems

2.4 Usage Analytics

We automatically collect certain information about how you use our Services:

Feature usage patterns and frequency
Session data (login times, duration, pages visited)
Performance metrics and error logs
Device information (browser type, operating system)
IP address and approximate location

2.5 Customer Work Data

When you use our work mapping features, we process:

Workflow mappings and process diagrams
Task definitions and relationships
Organizational procedures and documentation
Any data you input into your work maps, which may include your clients' information

Note: You are responsible for ensuring you have appropriate consent or legal basis to input any third-party personal data into our Services.

3. How We Use Your Data

We use the personal data we collect for the following purposes:

Service Provision

To create and manage your account, provide the work mapping platform, and deliver the features you request.

Service Improvement

To analyze usage patterns, identify issues, and improve our platform's functionality and user experience.

AI-Powered Insights

To provide intelligent analysis of your workflows, identify bottlenecks, and suggest improvements through our AI features.

Communication

To send transactional emails, service updates, security alerts, and (with your consent) marketing communications.

Security and Fraud Prevention

To protect our Services, detect suspicious activity, and prevent unauthorized access.

Legal Compliance

To comply with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

Processing Activity	Legal Basis
Account creation and management	Contract performance (Article 6(1)(b))
Providing work mapping services	Contract performance (Article 6(1)(b))
Analytics and service improvement	Legitimate interests (Article 6(1)(f))
AI-powered insights and analysis	Contract performance (Article 6(1)(b))
Anonymous data aggregation for recommendations	Legitimate interests (Article 6(1)(f)) with opt-out
Marketing communications	Consent (Article 6(1)(a))
Security and fraud prevention	Legitimate interests (Article 6(1)(f))
Legal compliance	Legal obligation (Article 6(1)(c))

5. Data Sharing and Third-Party Processors

We share your personal data only as necessary to provide our Services and as described below. All third-party processors are bound by data processing agreements that comply with GDPR requirements.

5.1 Payment Processors

We use third-party payment processors to handle subscription billing and payment transactions. These processors receive only the payment information necessary to complete your transactions and are PCI-DSS compliant. We do not store complete credit card numbers on our servers.

5.2 Analytics Services

We use analytics services (such as Google Analytics and similar tools) to understand how users interact with our Services. These services collect usage data and help us improve our platform. You can opt out of analytics tracking through your browser settings or by using browser extensions designed for this purpose.

5.3 Email Service Providers

We use third-party email service providers to send transactional emails (account confirmations, password resets, notifications) and, where you have consented, marketing communications.

5.4 AI/LLM Service Providers

To provide AI-powered insights and analysis features, we integrate with Large Language Model (LLM) providers. See Section 10 for detailed information about how your data is processed by these services.

5.5 Other Disclosures

We may also disclose your personal data:

To comply with legal obligations or valid legal processes
To protect our rights, privacy, safety, or property
In connection with a merger, acquisition, or sale of assets (with notice to you)
With your explicit consent

6. International Data Transfers

RoleDream stores your data primarily in AWS data centers located within the European Union (Frankfurt or Ireland regions) to ensure GDPR-compliant data residency.

However, some of our third-party processors may process data outside the EEA. When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

Transfer Mechanisms

EU-U.S. Data Privacy Framework (DPF): For transfers to certified U.S. organizations participating in the EU-U.S. Data Privacy Framework.
Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision, we use the European Commission's Standard Contractual Clauses.
Adequacy Decisions: For transfers to countries that the European Commission has determined provide adequate data protection.

You may request information about the specific safeguards applied to transfers of your data by contacting us at privacy@roledream.com.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal obligations.

Data Category	Retention Period
Account Information	Duration of account + 30 days after deletion request
Team Data	Duration of account + 30 days after deletion request
Integration Data	Until integration is disconnected + 7 days
Usage Analytics	26 months (rolling)
Customer Work Data	Duration of account + 30 days after deletion request
Payment Records	7 years (legal requirement)
Security Logs	12 months

After the retention period, data is securely deleted or anonymized. Some data may be retained longer if required by law or for legitimate business purposes (such as resolving disputes).

8. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and to access that data along with information about how it is processed.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure / Right to Be Forgotten (Article 17)

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose.

Right to Restriction of Processing (Article 18)

You have the right to request that we restrict processing of your personal data in certain situations, such as when you contest its accuracy.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests, including profiling and direct marketing.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affect you, with exceptions for contract performance or consent.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: privacy@roledream.com

We will respond to your request within 30 days. In complex cases, we may extend this period by an additional 60 days, in which case we will notify you.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not adequately addressed your concerns.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide, secure, and improve our Services.

Types of Cookies We Use

Essential Cookies

Required for the operation of our Services. These include cookies for authentication, security, and session management. You cannot opt out of these cookies.

Functional Cookies

Enable enhanced functionality and personalization, such as remembering your preferences and settings.

Analytics Cookies

Help us understand how visitors interact with our Services by collecting and reporting information anonymously. You can opt out of analytics cookies.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

View what cookies are stored and delete them individually
Block third-party cookies
Block cookies from specific sites
Block all cookies
Delete all cookies when you close your browser

Please note that blocking or deleting cookies may affect your experience with our Services. For more information, see our Cookie Policy.

10. AI and LLM Data Processing

RoleDream uses artificial intelligence and Large Language Models (LLMs) to provide intelligent analysis of your workflows and suggest improvements. We are committed to transparency about how your data is used in these features.

How AI Features Work

When you use our AI-powered features (such as bottleneck analysis, improvement suggestions, or workflow optimization), portions of your work data may be sent to our LLM service providers to generate insights.

Data Protection Measures

Contractual Protections: Our LLM providers are bound by data processing agreements that prohibit them from using your data to train their models or for any purpose other than providing the service.
Data Minimization: We send only the minimum data necessary to generate the requested analysis.
No Permanent Storage: Data sent to LLM providers for analysis is processed in real-time and is not permanently stored by them.
EU Data Processing: Where possible, we use EU-based processing endpoints to minimize international data transfers.

Your Control

AI-powered features are part of our core service offering. If you prefer not to have your data processed by AI systems, you may choose not to use these specific features. Your workflow data will still be stored and accessible without AI analysis.

Transparency Note: AI-generated suggestions are provided to assist your decision-making but should be reviewed by humans. We label AI-generated content clearly within the platform.

11. Anonymous Data Aggregation

To improve our recommendation engine and provide better insights to all users, we aggregate anonymized data from usage patterns across our platform.

What We Aggregate

We create anonymized, aggregated datasets from workflow patterns, process structures, and improvement outcomes. This aggregated data:

Cannot be used to identify you or your organization
Does not include personal information
Removes all identifying details from workflow content
Focuses on structural patterns and improvement outcomes

How It Benefits You

This aggregated data powers our recommendation engine, enabling us to suggest improvements based on what has worked for similar workflow patterns across our user base. The more data we can aggregate, the better our recommendations become for everyone.

Your Right to Opt Out

Anonymous data aggregation is enabled by default, but you have the right to opt out at any time. Opting out will:

Exclude your data from future aggregation
Not affect your access to any features
Not affect recommendations you receive (which are based on the broader aggregated dataset)

To opt out: Go to your Account Settings and toggle off "Contribute to Recommendation Engine" in the Privacy section, or contact us at privacy@roledream.com.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Security Measures

Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
Access Controls: Role-based access controls and principle of least privilege
Infrastructure: Hosted on AWS with industry-standard security certifications
Monitoring: Continuous security monitoring and logging
Incident Response: Documented procedures for security incident handling
Employee Training: Regular security awareness training for our team

While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

13. Children's Privacy

Our Services are not directed to children under the age of 16 in the European Economic Area, or under 13 in other jurisdictions. We do not knowingly collect personal data from children.

If you believe we have inadvertently collected personal data from a child, please contact us immediately at privacy@roledream.com, and we will take steps to delete the information.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

Update the "Last Updated" date at the top of this policy
Notify you via email or through a notice on our Services
Where required by law, obtain your consent to the changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Contact

Email: privacy@roledream.com
Subject Line: Privacy Inquiry

Response Time: We aim to respond to all privacy inquiries within 30 days.

Supervisory Authority

If you are located in the EEA, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities can be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en