Rollout
Legal · GDPR

GDPR Statement

Last updated · May 5, 2026

This page summarizes how Rollout complies with the EU General Data Protection Regulation (Regulation 2016/679, “GDPR”) and how you can exercise your rights. It supplements — rather than replaces — our Privacy Policy.

1. Data controller

The data controller is Drexler Andrei-Florin, Timișoara, Romania. Contact: support@getrollout.app. We are not currently required to appoint a Data Protection Officer (DPO) under GDPR Art. 37, but you can use the same email for any data-protection question.

2. What rights you have

If you are in the EU/EEA, the GDPR gives you the right to:

  • Be informed(Art. 13–14) — what we collect and why. That's what this page and the Privacy Policy are for.
  • Access (Art. 15) — get a copy of the personal data we hold about you.
  • Rectification (Art. 16) — correct inaccurate or incomplete data.
  • Erasure / “right to be forgotten” (Art. 17) — have your data deleted, subject to legal retention duties (e.g. tax invoices).
  • Restriction of processing (Art. 18) — pause processing while a dispute is being resolved.
  • Data portability (Art. 20) — receive your data in a machine-readable format.
  • Object (Art. 21) — object to processing based on legitimate interest, including profiling.
  • Withdraw consent(Art. 7(3)) — at any time, for anything that's based on consent (e.g. product update emails).
  • Lodge a complaint (Art. 77) — with your local supervisory authority. In Romania this is ANSPDCP at dataprotection.ro.

3. How to exercise them

You have two paths:

  1. Self-serve, from the app: the Settings page lets you update your profile, export your data, disconnect YouTube, and delete your account.
  2. By email: send a request to support@getrollout.app from the email address on your account. We'll reply within 30 days (Art. 12(3)). For complex requests we may extend this by up to 2 months and we'll explain why.

We may need to verify your identity before fulfilling certain requests, especially erasure or export.

4. Lawful bases at a glance

  • Contract (Art. 6(1)(b)) — operating the Service for you: account, subscription, projects, YouTube uploads, transactional emails.
  • Legal obligation (Art. 6(1)(c)) — issuing invoices and meeting Romanian / EU tax retention rules.
  • Legitimate interest (Art. 6(1)(f)) — security logging, abuse prevention, fixing bugs via crash reports. Balanced against your rights; you can object.
  • Consent (Art. 6(1)(a)) — product update emails, optional analytics. Always opt-in, always revocable.

5. International transfers

Some of our processors (e.g. Clerk, Stripe, Sentry, Vercel) are headquartered in or process data in the United States. Where personal data is transferred outside the EU/EEA, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, or
  • EU–US Data Privacy Framework certification, where the processor participates.

6. Automated decision-making

Rollout does not subject you to decisions based solely on automated processing that produce legal or similarly significant effects (Art. 22 GDPR). The Service automates technical actions you have configured (rendering, scheduling, uploading), but it does not make decisions about you.

7. Children

Rollout is not directed at minors and we do not knowingly process the data of anyone under 18.

8. Data breaches

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the supervisory authority within 72 hours (Art. 33) and inform affected users without undue delay (Art. 34).

9. Contact

For any GDPR-related question or to exercise a right, email support@getrollout.app.

← Back to home