Network Data: IP address, approximate location, and referral URLs
2How We Use Your Information
We use the information we collect for the following purposes:
Service Delivery: Processing pack purchases, marketplace transactions, and item shipments
Account Management: Creating and maintaining your account, verifying identity and age
Communication: Sending transaction confirmations, shipping updates, and support responses
Improvement: Analyzing usage patterns to improve our platform, fix bugs, and develop new features
Security: Detecting and preventing fraud, abuse, and unauthorized access
Legal Compliance: Meeting regulatory requirements, tax reporting, and responding to legal requests
Marketing: Sending promotional communications (only with your opt-in consent, easily unsubscribable)
We process your data based on: (a) performance of our contract with you, (b) your consent, (c) our legitimate interests, or (d) legal obligations.
3Sharing Your Information
We do not sell your personal information to third parties. We may share information with:
Payment Processors: Stripe, PayPal, and other payment providers to process transactions securely
Shipping Partners: Fulfillment and delivery services to ship your items
Service Providers: Cloud hosting, analytics, email delivery, and customer support tools that process data on our behalf
Legal Requirements: When required by law, court order, or to protect our rights and safety
Business Transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)
All third-party service providers are contractually required to protect your data and use it only for the purposes we specify.
Key Sub-Processors: Our current sub-processors include Stripe and PayPal (payment processing), Amazon Web Services (cloud hosting), Google Analytics (usage analytics), SendGrid (email delivery), and Zendesk (customer support). A complete and current list of sub-processors is available upon request by emailing [email protected]. We will notify users of any material changes to our sub-processor list.
4Cookies & Tracking Technologies
We use cookies and similar technologies to enhance your experience:
Essential Cookies: Required for the platform to function (authentication, security, preferences). Cannot be disabled.
Analytics Cookies: Help us understand how users interact with our platform (page views, session duration, feature usage).
Marketing Cookies: Used to deliver relevant promotional content and measure campaign effectiveness.
Preference Cookies: Remember your settings like theme preference, language, and display options.
Manage your cookie preferences below:
Essential Cookies
Required for core platform functionality. Always active.
Analytics Cookies
Help us improve the platform by tracking usage patterns.
Marketing Cookies
Used to deliver relevant promotions and measure campaigns.
Preference Cookies
Remember your theme, language, and display settings.
5Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Access: Request a copy of the personal data we hold about you
Rectification: Request correction of inaccurate or incomplete data
Erasure: Request deletion of your personal data ("right to be forgotten")
Portability: Request your data in a structured, machine-readable format
Restriction: Request that we limit how we process your data
Objection: Object to processing based on legitimate interests or for marketing purposes
Withdraw Consent: Withdraw any consent you have previously given
To exercise any of these rights, use the data export tool below or contact us at [email protected]. We will respond within 30 days.
Export Your Data
Download a copy of all personal data we hold about you in JSON format.
Data export request submitted. You will receive a download link via email within 48 hours.
6Data Retention
We retain your personal data for as long as necessary to provide our services and fulfill the purposes described in this policy:
Account Data: Retained for the duration of your account plus 30 days after deletion request
Transaction Data: Retained for 7 years for financial and tax compliance
Communication Data: Retained for 2 years after the conversation ends
Usage/Analytics Data: Retained for 26 months in identifiable form, then aggregated and anonymized
Marketing Data: Retained until you opt out or withdraw consent
When data is no longer needed, it is securely deleted or anonymized so it can no longer be associated with you.
7Data Breach Notification
In the event of a data breach that affects your personal information, Rollick will:
Notify affected users via email within 72 hours of becoming aware of the breach, as required by GDPR and applicable state laws
Notify relevant authorities including the applicable Data Protection Authority (for EEA/UK users) and state attorneys general (for U.S. users) within the legally required timeframes
Provide details including the nature of the breach, the categories of data affected, the approximate number of users impacted, and the measures taken to address and mitigate the breach
Offer remediation including free credit monitoring services for a minimum of 12 months when financial data is compromised
We maintain an incident response plan that is tested and updated annually. Our security team can be reached at [email protected] for reporting potential vulnerabilities.
8Children's Privacy
Rollick is intended for users who are 18 years of age or older. We do not knowingly collect personal information from individuals under 18.
If we become aware that we have collected data from a minor, we will promptly delete the account and all associated personal data. If you believe a minor has provided us with personal information, please contact us immediately at [email protected].
Parents or guardians who discover their child has created a Rollick account may request immediate deletion by contacting our support team.
Age Verification Measures: Rollick employs a multi-layered age verification system including date-of-birth confirmation at registration, periodic re-verification every 30 days, and geolocation-based checks that enforce jurisdiction-specific age requirements (21+ in Nevada, New Jersey, and Louisiana). We reserve the right to request government-issued photo identification for additional verification at any time.
9California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know: Request details about the categories and specific pieces of personal information we collect
Right to Delete: Request deletion of personal information we have collected from you
Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information (Rollick does not sell personal information)
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
Right to Correct: Request correction of inaccurate personal information
Right to Limit: Limit the use and disclosure of sensitive personal information
To submit a request, email [email protected] or use the data export tool above. We will verify your identity before processing. You may also designate an authorized agent to submit requests on your behalf.
Categories of data collected in the past 12 months: Identifiers, commercial information, internet activity, geolocation data, and inferences drawn from the above. We do not collect biometric data or sell personal information.
10International Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
All rights listed in Section 5 (Your Rights) are guaranteed under GDPR
You have the right to lodge a complaint with your local Data Protection Authority
Data transfers outside the EEA are protected by Standard Contractual Clauses (SCCs) approved by the European Commission
Consent: Marketing communications, non-essential cookies, and optional data collection
Legitimate Interest: Security, fraud prevention, platform improvement, and analytics
Legal Obligation: Tax reporting, compliance with applicable laws
Data Protection Officer: For GDPR inquiries, contact our DPO at [email protected].
11Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes:
We will update the "Last Updated" date at the top of this page
We will notify you via email and/or a prominent notice on our platform at least 30 days before changes take effect
For significant changes, we may require you to review and accept the updated policy
We encourage you to review this policy periodically. Your continued use of Rollick after changes become effective constitutes acceptance of the revised policy.
12Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your personal data: