Privacy Policy

Effective Date: 12/27/2025

Last Modified: 12/27/2025

1. Introduction and Scope

This Privacy Policy ("Policy") describes how Roulette Inc. ("Roulette", "we", "us", or "our") collects, uses, discloses, and protects information from users of our Services. This Policy applies to all information collected through:

• Our website located at useroulette.com (the "Website")
• Our SaaS CRM platform (the "Platform")
• Our browser extensions (the "Extension")
• Our mobile applications (the "Apps")
• Our application programming interfaces (the "API")
• Any other services, features, content, or applications we offer (collectively, the "Services")

By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Policy and our Terms of Service. If you do not agree with this Policy, you must not access or use the Services.

This Policy is incorporated into and is subject to our Terms of Service. Capitalized terms not defined in this Policy have the meanings given to them in our Terms of Service.

2. Information We Collect

We collect several types of information from and about users of our Services to provide and improve our Services, communicate with you, and ensure security. The information we collect falls into the following categories:

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you:

Account Registration Information:

• Personal Identification: Full legal name, email address, phone number
• Professional Information: Job title, company name, company website, professional bio
• Account Credentials: Username, password (encrypted), security questions and answers
• Profile Information: Profile picture, time zone, language preferences, notification settings

Billing and Payment Information:

• Payment Details: Credit card information, billing address, tax identification number (processed securely through Stripe)
• Transaction History: Subscription plan details, payment dates, invoice history, AI credit purchases

User Content and Deal Flow Data:

• Company Information: Company names, descriptions, website URLs, contact information, sectors, stages
• Documents: Pitch decks, financial documents, business plans, investment memos, meeting notes
• Investment Data: Deal flow information, pipeline stages, investment theses, due diligence notes, valuations
• Communications: Emails forwarded to the platform, internal notes, comments, @mentions, team discussions
• Custom Fields: Any custom data fields you create and populate in your CRM
• Tags and Metadata: Tags, labels, categories, and organizational structures you create

Browser Extension Data:

• Captured Content: Website content you explicitly choose to capture using our Extension
• URLs: Website addresses where you activate the Extension
• Screenshots: Visual captures of web pages you choose to analyze

Communications with Us:

• Support Requests: Information you provide when contacting customer support
• Feedback: Survey responses, feature requests, bug reports
• Correspondence: Emails, chat messages, and other communications

2.2 Information Collected Automatically

When you access or use the Services, we automatically collect certain information about your device and usage:

Usage Data:

• Access Logs: IP addresses, access times, pages viewed, links clicked
• Feature Usage: Which features you use, how often, and for how long
• Search Queries: Search terms and filters you use within the Platform
• AI Credit Usage: Number of AI credits consumed and which features used them
• Performance Metrics: Page load times, errors, technical issues

Device Information:

• Device Identifiers: Device type, operating system, browser type and version
• Network Information: IP address, internet service provider, connection type
• Hardware Information: Screen resolution, device capabilities

Cookies and Tracking Technologies:

• Essential Cookies: Session management, authentication, security
• Functional Cookies: User preferences, language settings, interface customizations
• Analytics Cookies: Usage patterns, feature adoption, performance monitoring

For detailed information about cookies and how to manage them, please see our Cookie Policy.

2.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

• Authentication Providers: If you sign up using Google OAuth or other single sign-on services, we receive basic profile information
• Payment Processors: Stripe provides payment confirmation and billing information
• Integration Partners: If you connect third-party services (Zapier, etc.), we may receive data necessary to provide integrated functionality
• Public Data Sources: Company information from publicly available databases to enrich your CRM data

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Maintain the Services

• Create and manage your account and user profile
• Process your transactions and manage billing
• Provide customer support and respond to your inquiries
• Process and analyze your User Content using our AI systems
• Enable collaboration features within your team
• Store and organize your deal flow data and documents
• Facilitate email forwarding and automatic company creation
• Enable browser extension functionality for content capture

3.2 To Improve and Develop the Services

• Analyze usage patterns to understand how users interact with the Services
• Identify and fix bugs, errors, and technical issues
• Develop new features and functionality
• Improve the accuracy and performance of our AI models
• Conduct research and analytics to enhance user experience
• Test new features and interface designs

3.3 To Communicate with You

• Send transactional emails (account confirmations, password resets, billing notifications)
• Provide customer support and respond to your requests
• Send service announcements and important platform updates
• Send marketing communications about new features (with your consent, where required)
• Request feedback through surveys and user research

3.4 To Ensure Security and Prevent Fraud

• Monitor for suspicious activity and security threats
• Investigate and prevent fraud, abuse, and violations of our Terms of Service
• Verify user identity and authenticate access
• Enforce our policies and terms
• Comply with legal obligations and respond to law enforcement requests

3.5 For Legal and Compliance Purposes

• Comply with applicable laws, regulations, and legal processes
• Respond to lawful requests from governmental authorities
• Enforce our Terms of Service and other agreements
• Protect our rights, property, and safety, and that of our users and the public
• Resolve disputes and enforce our policies

4. How We Share Your Information

4.1 Service Providers and Processors

We may share your information with trusted third-party service providers who perform services on our behalf, subject to strict confidentiality obligations:

• Cloud Infrastructure: Amazon Web Services (AWS) for hosting and data storage
• Payment Processing: Stripe for payment processing and billing
• Email Services: Resend or similar services for transactional emails
• AI/ML Services: OpenAI API for AI-powered analysis (your data is not used for model training)
• Analytics: Privacy-focused analytics tools for understanding platform usage
• Customer Support: Support ticketing and communication tools
• Security Services: Security monitoring and threat detection services

Important: All service providers are contractually required to: (a) use your information only to perform services on our behalf; (b) maintain the confidentiality and security of your information; (c) not use your information for their own purposes; and (d) comply with applicable data protection laws. We carefully vet all service providers for security and privacy practices.

4.2 Team Members within Your Organization

Within the Roulette Platform, your team members may have access to shared data based on the permissions you configure. This includes:

• Company records and deal flow data marked as "shared" or "team-visible"
• Documents and notes designated for team collaboration
• Activity logs and @mentions involving team members
• Pipeline and status information visible to your team

You control what information is shared within your team through permission settings and visibility controls. Private information marked as such remains visible only to you.

4.3 Legal Requirements and Protection of Rights

We may disclose your information if we believe in good faith that such disclosure is necessary to:

• Comply with applicable laws, regulations, legal processes, or governmental requests
• Enforce our Terms of Service or other agreements
• Detect, prevent, or address fraud, security, or technical issues
• Protect the rights, property, or safety of Roulette, our users, or the public as required or permitted by law
• Respond to lawful requests from law enforcement or government authorities with proper legal basis (e.g., valid subpoena or court order)

Transparency Commitment: If we receive a legal request for your information, we will attempt to notify you in advance (unless prohibited by law) and will challenge overly broad or inappropriate requests.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our Website before your information is transferred and becomes subject to a different privacy policy. The acquiring entity will be required to honor the commitments made in this Privacy Policy.

4.5 With Your Consent

We may share your information for any other purpose with your explicit consent or at your direction. For example, if you choose to share a specific company record with an external party using our sharing features, we will facilitate that sharing as you direct.

4.6 Aggregated and De-Identified Data

We may share aggregated, anonymized, and de-identified data that cannot reasonably be used to identify you or your specific deal flow information. For example, we may share industry trends or general platform usage statistics. This data is processed to remove all personally identifiable information and specific company details.

5. Data Security and Protection

We take the security of your information extremely seriously and implement comprehensive technical, organizational, and physical security measures to protect your data from unauthorized access, alteration, disclosure, or destruction.

5.1 Technical Security Measures

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security)
• Encryption at Rest: All data stored in our databases is encrypted using AES-256 encryption
• Secure Key Management: Encryption keys are managed using AWS KMS (Key Management Service) with strict access controls
• Database Security: Multi-layer database security including firewalls, access controls, and encrypted connections
• Application Security: Regular security code reviews, dependency scanning, and vulnerability assessments
• DDoS Protection: Distributed denial-of-service attack mitigation and traffic filtering
• Intrusion Detection: Real-time monitoring for suspicious activity and security threats

5.2 Access Controls and Authentication

• Multi-Factor Authentication (MFA): Optional MFA for additional account security
• Strong Password Requirements: Enforced password complexity and regular rotation policies
• Role-Based Access Control (RBAC): Granular permissions controlling who can access what data
• Session Management: Secure session handling with automatic timeout and token rotation
• API Security: API key authentication, rate limiting, and request validation
• Employee Access: Strict least-privilege access for Roulette employees with detailed audit logs

5.3 Organizational Security Measures

• Security Training: Regular security awareness training for all employees
• Background Checks: Background screening for employees with access to sensitive systems
• Confidentiality Agreements: All employees and contractors sign confidentiality agreements
• Incident Response Plan: Documented procedures for responding to security incidents
• Business Continuity: Disaster recovery and business continuity plans
• Vendor Management: Security assessments of third-party service providers

5.4 Regular Security Assessments

• Penetration Testing: Annual third-party penetration testing and vulnerability assessments
• Security Audits: Regular internal and external security audits
• Compliance Certifications: SOC 2 Type II certification (in progress)
• Monitoring and Logging: Comprehensive logging and monitoring of all system access and activities

5.5 Data Backup and Recovery

• Regular Backups: Automated daily backups of all user data
• Encrypted Backups: All backups are encrypted using the same standards as production data
• Geographic Redundancy: Backups stored in multiple geographically dispersed locations
• Disaster Recovery: Documented recovery procedures with regular testing

5.6 Limitations

While we implement industry-leading security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You use the Services at your own risk and are responsible for maintaining the security of your account credentials.

If you believe your account has been compromised or you notice any unauthorized access, please immediately contact us at security@useroulette.com and change your password.

6. Data Retention and Deletion

6.1 Retention Periods

We retain your information for as long as necessary to provide the Services and fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

• Account Information: Retained while your account is active and for 90 days after account termination
• User Content and Deal Flow Data: Retained while your account is active and for 90 days after account termination (unless you request immediate deletion)
• Billing Information: Retained for 7 years to comply with tax and accounting regulations
• Usage Logs: Retained for 12 months for security and analytics purposes
• Support Communications: Retained for 3 years for customer service and legal purposes
• Backups: Backups containing your data are retained for 30 days and then permanently deleted

6.2 Account Deletion

You may request deletion of your account at any time by:

• Using the account deletion feature in your settings
• Contacting us at privacy@useroulette.com

Upon account deletion:

• Your account will be immediately deactivated
• Your User Content will be deleted within 90 days
• Some information may be retained in backups for up to 30 additional days
• Information required for legal, tax, or regulatory compliance will be retained as necessary
• Aggregated, anonymized data may be retained indefinitely

6.3 Data Portability and Export

You have the right to export your data at any time. You can:

• Export your data in machine-readable formats (JSON, CSV) through the Platform
• Request a complete data export by contacting privacy@useroulette.com
• Use our API to programmatically export your data

7. Your Rights and Choices

You have certain rights regarding your personal information, subject to applicable laws:

7.1 Access and Correction

• Access: You can access your personal information through your account settings
• Correction: You can update and correct your information at any time through the Platform
• Request: You can request a copy of your personal information by contacting privacy@useroulette.com

7.2 Deletion and Restriction

• Deletion: You can request deletion of your personal information (subject to legal retention requirements)
• Restriction: You can request restriction of processing of your personal information in certain circumstances

7.3 Objection and Portability

• Objection: You can object to certain processing of your personal information
• Portability: You can request your data in a portable, machine-readable format

7.4 Communication Preferences

• Marketing Emails: Unsubscribe from marketing emails using the link in any email
• Notifications: Manage in-app notification preferences in your account settings
• Note: You cannot opt out of transactional or service-related communications

7.5 Cookie Controls

You can control cookies through your browser settings. See our Cookie Policy for detailed information.

7.6 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@useroulette.com. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

8. International Data Transfers

8.1 Data Location

Roulette is based in the United States, and our servers are primarily located in the United States. By using the Services, you acknowledge that your information will be transferred to and processed in the United States.

8.2 European Economic Area (EEA), United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, we process your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws. When we transfer your data to the United States or other countries, we use appropriate safeguards including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Other legally recognized transfer mechanisms

8.3 Legal Basis for Processing (GDPR)

If you are in the EEA, UK, or Switzerland, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary to provide the Services under our Terms of Service
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving the Services, security, fraud prevention)
• Consent: Processing based on your explicit consent (e.g., marketing communications)
• Legal Obligations: Processing necessary to comply with legal requirements

9. Children's Privacy

The Services are not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are under 18, do not use the Services or provide any information through the Services. If you believe we have collected information from a child under 18, please contact us at privacy@useroulette.com and we will delete such information.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

10.1 Right to Know

You have the right to request that we disclose what personal information we collect, use, disclose, and sell about you.

10.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

10.3 Right to Correct

You have the right to request correction of inaccurate personal information.

10.4 Right to Opt-Out

We do not sell or share your personal information for cross-context behavioral advertising. Therefore, there is no opt-out necessary.

10.5 Right to Non-Discrimination

You have the right to not receive discriminatory treatment for exercising your CCPA/CPRA rights.

10.6 California "Shine the Light" Law

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

10.7 Exercising California Rights

To exercise any of these rights, contact us at privacy@useroulette.com or call us at [phone number to be added]. We will verify your identity and respond within 45 days.

11. Nevada Privacy Rights

Nevada residents have the right to opt out of the sale of certain personal information. We do not sell personal information as defined under Nevada law. If you still wish to submit an opt-out request, you may do so by contacting us at privacy@useroulette.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by:

• Sending an email to the address associated with your account
• Posting a notice on our Website
• Displaying a prominent notification when you log into your account

Material changes will take effect 30 days after we provide notice, except for changes required by law which may take effect immediately. Your continued use of the Services after the effective date of the revised Policy constitutes your acceptance of the changes.

We encourage you to review this Policy periodically. The "Last Modified" date at the top of this Policy indicates when it was last updated.

13. Third-Party Links and Services

The Services may contain links to third-party websites, applications, or services that are not owned or controlled by Roulette. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices of third parties. We encourage you to read the privacy policies of any third-party services you access.

When you use integrations with third-party services (e.g., Zapier), you may be sharing information directly with those services subject to their own privacy policies.

14. Data Protection Officer and Contact

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

14.1 EEA/UK Data Protection Authority

If you are located in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local supervisory authority or with the Irish Data Protection Commission (our lead supervisory authority in the EU).

14.2 Response Time

We will respond to your privacy-related inquiries within 30 days of receipt. For urgent security issues, please contact security@useroulette.com and we will respond within 24-48 hours.