Privacy Policy
RollMind is a personal knowledge tool. Your library and your graph belong to you. This policy explains exactly what data we collect, why, where it goes, and how to get it back or delete it.
01Who we are
RollMind ("RollMind", "we", "us") is a mobile application that turns Brazilian Jiu-Jitsu YouTube content into a personal technique graph and game-plan tool. The app and the website at rollmind.app are operated by [LEGAL ENTITY NAME], registered in [JURISDICTION]. For privacy questions, contact hi@rollmind.app.
We are the data controller for personal data you provide directly through the app. The third-party processors listed in section 04 act on our instructions to store, process, or transmit that data on our behalf.
02Data we collect
We try to collect as little as possible. Here is the full list.
| Category | What it is | Why we have it |
|---|---|---|
| Account | Email address. We use passwordless one-time codes — there is no password to store. | To sign you in and contact you about your account. |
| Profile | Belt rank, training focus, and onboarding choices you set in the app. | To personalize the seed graph and starter recommendations. |
| Library | YouTube URLs you save and the video titles, channels, and durations we resolve from them. Public YouTube transcripts we read from your device. | To extract techniques and build your graph. |
| Graph & notes | Techniques, positions, transitions, submissions, edges, and any notes or "drilled / in my game" tags you add. | The product itself. This is the data that makes RollMind useful. |
| Coach chat | Messages you send to the in-app coach and the responses generated. Optional voice input is converted to text on our server and the audio is discarded. | To answer your questions, grounded in your graph, and to maintain a conversation history you can scroll back through. |
| Subscription | If you subscribe to Pro, Stripe stores your payment method. We store your customer ID, plan, and renewal status — never your card number. | To grant Pro access and process renewals. |
| Microphone | Audio recorded only while you are actively using the voice coach. Captured on-device, sent for transcription, and not retained after the response is generated. | So you can speak to the coach instead of typing. |
| Diagnostics | Crash reports and error events from Sentry: device model, OS version, app version, OTA channel, anonymized stack traces. | To find and fix bugs. We do not collect IP-based geolocation or behavioral analytics. |
We do not collect: contacts, photos, location, advertising identifiers, browsing history outside the app, or biometric data. We do not run third-party advertising, behavioral analytics, or session-replay tools.
03How we use it
We use the data above to:
- Operate the app: sign you in, build and store your graph, generate game plans, answer coach questions.
- Process your subscription: charge the recurring fee, grant Pro features, send renewal and receipt emails.
- Communicate: sign-in codes, transactional emails (receipts, account changes), occasional product announcements you can opt out of.
- Keep it working: diagnose crashes, monitor for abuse of the extraction queue, prevent fraud.
- Comply with the law when we are required to.
We do not sell your personal data. We do not share it with advertisers. We do not use it to train large language models — coach prompts are sent to Anthropic for inference only, and Anthropic's API does not retain prompts for model training under our agreement (commercial terms).
04Service providers
RollMind runs on a handful of vendors. Each one only sees the data it needs to do its job.
| Provider | What they do for us | Where |
|---|---|---|
| Supabase | Hosts the database, authentication, and Edge Functions that power the app. | United States |
| Anthropic | Runs the Claude models that extract techniques from transcripts and answer coach questions. | United States |
| Stripe | Processes Pro subscription payments. Stores payment methods on its own PCI-compliant systems. | United States |
| Resend | Sends transactional and sign-in emails on our behalf. | United States |
| Sentry | Collects crash and error reports. | United States |
| Expo (EAS) | Distributes over-the-air JavaScript updates to installed apps. | United States |
| Apple App Store / Google Play | Distributes the app and, if you subscribe through the store, processes payment. | Per platform terms |
| YouTube | Source of the public video transcripts the app reads. Your device fetches transcripts directly from YouTube; we do not proxy this traffic. | Per Google terms |
05Sharing & disclosure
We disclose personal data only:
- To the service providers above, under contracts that limit them to processing data on our instructions.
- If we are legally compelled (subpoena, court order, regulatory request) and only the minimum required.
- To a successor entity in the event of a merger, acquisition, or asset sale, with notice to you and continued protection under this policy or one no less protective.
- With your explicit consent, for anything else.
06Retention
We keep your account and graph data for as long as your account exists. When you delete your account (see section 08), we delete your library, graph, notes, coach history, and profile within 30 days. Backups roll off within 90 days.
We retain a minimal billing record (invoices, subscription history) for 7 years as required by tax law in most jurisdictions. Crash reports auto-expire from Sentry after 90 days.
07Your rights
Depending on where you live, you have some or all of these rights:
- Access — request a copy of the personal data we hold about you.
- Correction — fix anything inaccurate. Most profile fields are editable in the app.
- Deletion — erase your account and personal data (see section 08).
- Portability — receive your graph and library in a machine-readable format. Pro users can export to Markdown / Anki from inside the app today; full JSON export is available on request.
- Objection / restriction — object to or restrict certain processing.
- Withdraw consent — where processing is based on consent.
- Complain — to your local data-protection authority. EU/EEA users can find theirs here.
To exercise any of these, email hi@rollmind.app from the address on your account. We respond within 30 days.
08Account & data deletion
You can delete your account and all associated data at any time, two ways:
- From the app: Settings → Account → Delete account.
- By email: send a deletion request to hi@rollmind.app from your account email. We confirm within 72 hours and complete deletion within 30 days.
See the dedicated Account Deletion page for full details, including what is deleted, what is retained for billing/legal reasons, and the timeline.
09Security
We use industry-standard safeguards: TLS for all network traffic, encrypted storage at rest, access controls and audit logging on the Supabase project, row-level security so users can only read their own data, and short-lived authentication tokens. No system is perfectly secure — if you spot an issue, please email hi@rollmind.app and we will respond promptly.
10Children
RollMind is not directed to children under 13, and we do not knowingly collect data from anyone under 13. In the EU/EEA and the UK, the minimum age is 16 unless your country has set a lower age (between 13 and 16). If you are a parent or guardian and believe your child has created an account, contact hi@rollmind.app and we will delete it.
11International transfers
Our service providers are primarily in the United States. If you access RollMind from outside the US, your data is transferred to and stored in the US under the standard contractual clauses approved by the European Commission and equivalent mechanisms in other jurisdictions. By using the app, you understand and consent to this transfer.
12Changes to this policy
If we make material changes, we will notify you by email and inside the app at least 30 days before they take effect. Minor changes (typos, clarifications, new sub-processors of the same type) take effect when posted, and the "Effective" date at the top of this page is updated.
13Contact
Questions, requests, or complaints:
Email — hi@rollmind.app
Postal — [LEGAL ENTITY NAME], [STREET ADDRESS], [CITY, POSTAL CODE], [COUNTRY]
For users in the EU/EEA, our representative under Article 27 GDPR is [EU REPRESENTATIVE OR "not applicable — no EU establishment"]. For UK users, our representative under Article 27 UK GDPR is [UK REPRESENTATIVE OR "not applicable"].