Privacy Policy

Last updated: February 11, 2026

1. Introduction

Your privacy is important to us. It is RollSheet's policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website and the RollSheet platform ("the Service").

Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and information about how you use the Service.

In the event our Service contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy. This Privacy Policy does not apply to any of your activities after you leave our Service.

2. Information We Collect

Information we collect falls into one of two categories: "voluntarily provided" information and "automatically collected" information.

2.1 Account Information

When you register, we collect:

  • Name, email address, and password (managed via Clerk authentication)
  • Organization/center name and details
  • Billing information (processed by Stripe; we do not store full card numbers)

2.2 Student Data

Center administrators and staff may enter student information into the Service, including:

  • Student names, dates of birth, and grade levels
  • Academic program levels and enrollment dates
  • Check-in/check-out times and session notes
  • Media release consent status

2.3 Parent/Guardian Data

Center staff may enter parent/guardian information, including:

  • Names, email addresses, and phone numbers
  • Relationship to student
  • Notification preferences

2.4 Employee Data

The Service stores employee/staff information, including:

  • Names, email addresses, phone numbers, and roles
  • Work schedules and time clock records
  • Hourly rates and payroll information

2.5 Log Data

When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device's Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.

Additionally, if you encounter certain errors while using the Service, we may automatically collect data about the error and the circumstances surrounding its occurrence. Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.

2.6 Transaction Data

Transaction data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.

3. How We Use Information

We may collect, hold, use, and disclose information for the following purposes:

  • Provide, maintain, and improve the Service
  • Process subscriptions and payments
  • Send service-related communications (e.g., billing notices, security alerts)
  • Send parent/guardian notifications when enabled by center staff
  • Enable you to customize or personalize your experience of the Service
  • Provide customer support
  • Comply with legal obligations

We do not sell, rent, or share personal information with third parties for marketing purposes.

4. Children's Privacy (COPPA)

The Service is not directed at children under 13. Children do not create accounts or interact with the Service directly. Student data is entered by authorized center staff, not by the students themselves.

Center operators ("you") are responsible for:

  • Obtaining any required parental consent before entering student data into the Service
  • Ensuring that your use of the Service complies with COPPA, FERPA, and any applicable state laws regarding children's data
  • Responding to parent requests to access, correct, or delete their child's data

We act as a "service provider" or "processor" of student data on your behalf. We only use student data to provide the Service and do not use it for any other commercial purpose.

5. Data Storage and Security

Your Data is stored on secure servers hosted by Google Cloud Platform in the United States. We implement industry-standard security measures, including:

  • Encryption in transit (TLS/HTTPS)
  • Encrypted database connections
  • Role-based access controls within the Service
  • Authentication managed by Clerk (SOC 2 certified)

Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security.

You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services.

6. Third-Party Services

We may disclose personal information to third-party service providers for the purpose of enabling them to provide their services. We use the following third-party services to operate the platform:

  • Clerk — Authentication and user management
  • Stripe — Payment processing
  • Google Cloud Platform — Hosting and infrastructure
  • Twilio — SMS/WhatsApp notifications (when enabled)
  • QuickBooks Online — Optional payroll integration (user-initiated)

Each third-party service has its own privacy policy. We encourage you to review them.

7. Data Retention

We keep your personal information only for as long as we need to. Upon account termination:

  • You may request a data export within 30 days.
  • We will delete Your Data within 90 days of termination, unless required by law to retain it longer.
  • Anonymized or aggregated data may be retained for analytics purposes.

However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.

8. Your Rights

Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of the Service.

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent at any time where processing is based on consent

Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service, we will not deny you goods or services, charge you different prices, or provide you with a different level of quality for exercising your rights.

To exercise these rights, contact us at bd@roll-sheet.com. We will respond within 30 days.

9. Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.

10. Additional Disclosures for GDPR Compliance (EU)

Data Controller / Data Processor

The GDPR distinguishes between organisations that process personal information for their own purposes (known as "data controllers") and organizations that process personal information on behalf of other organizations (known as "data processors"). We, RollSheet, are a Data Controller with respect to the personal information you provide to us, and a Data Processor with respect to student data entered by center operators.

Legal Bases for Processing Your Personal Information

We will only collect and use your personal information when we have a legal right to do so. Our lawful bases depend on the services you use and how you use them:

  • Consent: Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time.
  • Performance of a Contract: Where you have entered into a contract with us, or in order to take preparatory steps prior to entering into a contract. For example, if you purchase a subscription, we may need to use your personal and payment information to process and deliver your order.
  • Legitimate Interests: Where we assess it is necessary for our legitimate interests, such as providing, operating, improving, and communicating our services.
  • Compliance with Law: In some cases, we may have a legal obligation to use or keep your personal information.

International Transfers Outside the EEA

We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or other legally accepted means.

Additional GDPR Rights

In addition to the rights listed in Section 8, EU residents may also:

  • Restrict processing if you are concerned about accuracy, believe data was unlawfully processed, or need us to maintain it solely for a legal claim.
  • Object to processing based on our legitimate interests or public interest. We must then provide compelling legitimate grounds to continue.
  • Data portability: Request a copy of the personal information we hold about you in a machine-readable format.

11. Additional Disclosures for California Compliance (US)

CCPA/CPRA Rights

California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.

Right to Know and Delete

If you are a California resident, you have the right to request the following from us:

  • The categories of personal information we have collected about you
  • The categories of sources from which the personal information was collected
  • The business or commercial purpose for collecting the personal information
  • The categories of third parties to whom the personal information was disclosed
  • The specific pieces of personal information we have collected about you

To exercise any of these rights, please contact us at bd@roll-sheet.com.

Do Not Track

Some browsers have a "Do Not Track" feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser "Do Not Track" signals. We adhere to the standards outlined in this privacy policy, ensuring we collect and process personal information lawfully, fairly, transparently, and with legitimate, legal reasons for doing so.

Shine the Light

Under California Civil Code Section 1798.83, if you live in California and your business relationship with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organizations for their marketing purposes. We do not share personal information with third parties for their marketing purposes.

12. Additional Disclosures for Texas Compliance

Texas residents may have rights under the Texas Data Privacy and Security Act, including the right to access, correct, delete, and obtain a portable copy of personal data.

13. Cookies

We use essential cookies required for authentication and Service functionality. We do not use advertising or tracking cookies. Third-party services (such as Clerk) may set their own cookies necessary for authentication.

At all times, you may decline cookies from our site if your browser permits. Most browsers allow you to activate settings on your browser to refuse the setting of all or some cookies. Accordingly, your ability to limit cookies is based only on your browser's capabilities.

14. Notification of Data Breaches

We will comply with laws applicable to us in respect of any data breach. In the event of a breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify affected users and relevant authorities as required by law.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If we decide to change this privacy policy, we will post the changes here. If the changes are significant, or if required by applicable law, we will contact you and all our registered users with the new details. The "Last updated" date at the top reflects the most recent revision.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

bd@roll-sheet.com