Privacy
Last updated: April 2026
What we collect
When you use Roterly we collect the information you provide directly — your email address, password (stored only as a salted hash), and the reminder/ledger content you create. We also collect basic technical information about visits to our public pages: IP address, browser user-agent, the path you requested, and any email address you submit on the sign-in, sign-up, or password-reset forms.
Why we collect it
Account data is required to operate the service. The technical access logs above exist to detect abuse and protect accounts — for example, identifying credential-stuffing attacks, password-reset enumeration, or automated probes against our public pages. This falls under the “legitimate interest” lawful basis under GDPR.
How long we keep it
Public-page access logs are retained for 30 days, then permanently deleted by an automated nightly job. Account data is retained for as long as your account is active; deleting your account removes the associated data within a short retention window for backups.
Who can see it
Access logs are visible only to Roterly administrators. We do not share or sell this data to third parties. We do use third-party services to operate Roterly (email delivery, payment processing); those providers see only the data necessary for their function.
Contact
Questions about this policy or your data? Email hello@roterly.app.