RoosPlus Privacy Policy

1) Who we are

RoosPlus is a multi-tenant SaaS platform that enables businesses to publish pages, manage profiles, accept bookings/orders, and communicate with customers. The data controller for customer account holders and end users is RoosPlus (or our regional affiliate where applicable). Contact details are at the end of this Policy.

2) Categories of Personal Data We Collect

We collect personal data necessary to provide and improve the Service. Categories include:

• Account data: name, email address, password hash, business name, role, billing/contact info.
• Profile & content data: business profile details, logos, cover images, posts, menu items, service descriptions.
• Transactional & payment metadata: order/booking identifiers, amounts, transaction IDs (payments processed by third-party providers).
• Usage & device data: IP addresses, device/browser information, pages visited, timestamps, logs, and cookies.
• Communications: support messages, chat transcripts and email correspondence.
• Sensitive categories: we do not intentionally collect special category data (e.g., health, race) except when a user voluntarily provides such information in free-form fields; where such data is provided, we will rely on explicit consent or other lawful basis where required.

3) How We Use Personal Data

We process personal data for the following primary purposes:

• Service provision: create and manage accounts, host content, process orders/bookings, deliver pages and APIs.
• Payments & billing: support billing, invoicing, refunds, and tax compliance (payment processing performed by third-party gateways).
• Security & fraud prevention: detect abuse, protect accounts, prevent fraud and enforce our Terms of Service.
• Support & communications: respond to support requests, send service notifications, status alerts, and transactional emails.
• Product improvement & analytics: aggregate usage metrics, run A/B tests, and improve functionality and performance.
• Legal compliance: comply with applicable laws, respond to lawful requests, and enforce our agreements.

We retain and use data only to the extent necessary for the purposes described and subject to retention limits described below.

4) Legal Bases for Processing (GDPR)

Where applicable under European data protection law, we rely on the following legal bases:

• Contractual necessity: processing necessary to perform the contract with you (e.g., providing the Service).
• Legitimate interests: security, fraud prevention, platform operation and product improvement, balanced against individuals’ rights.
• Consent: when we obtain explicit consent for optional features (e.g., marketing emails, certain cookies) — you may withdraw consent at any time.
• Legal obligation: where required to comply with law (e.g., taxation, subpoenas, investigations).

5) Sharing, Subprocessors & Third Parties

We share personal data with:

• Service providers: hosting, storage, email delivery, analytics, payments, and monitoring providers who act as processors under contract and only process data for our documented purposes.
• Operational partners: third parties that help provide specific features (e.g., mapping, SMS providers).
• Legal & safety: law enforcement, regulators or other parties where required by law, or to protect rights, safety or property.

We maintain a list of our subprocessors and will use contractual protections (Data Processing Agreements) and where required standard contractual clauses, binding corporate rules, or other transfer mechanisms for cross-border transfers.

6) Cookies & Tracking Technologies

We use cookies, local storage, and similar technologies for core functionality (session, authentication), security, and analytics. You can manage cookie preferences via your browser or our cookie controls where provided. Disabling essential cookies may impair the Service.

7) Data Retention

We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods may vary by data category; when feasible we anonymize or securely delete data once it is no longer required.

8) International Data Transfers

RoosPlus operates global infrastructure and may transfer data to countries where we or our subprocessors are located. When transferring personal data from the EEA or other regions with data transfer restrictions, we rely on appropriate safeguards, such as the EU Standard Contractual Clauses, adequacy decisions, or other lawful mechanisms.

9) Security Measures

We implement administrative, technical and organizational measures designed to protect data against unauthorized access, loss, disclosure, or alteration. These measures include encryption in transit (TLS), access controls, vulnerability management and logging. However, no service can be guaranteed fully secure. Report suspected incidents to our privacy team at the contact below.

10) Your Rights

Subject to applicable law, you may have rights to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Request deletion or restriction of processing (subject to legal exceptions).
• Object to certain processing activities and withdraw consent where applicable.
• Receive a machine-readable copy of your data (data portability) where applicable.

To exercise rights or for privacy inquiries, contact: privacy@roosplus.net. EU/UK data subjects may lodge a complaint with their supervisory authority. California residents have additional rights under the CCPA/CPRA; see below.

11) California Privacy Notice & CCPA Rights

If you are a California resident, you may have the right to request disclosure of categories of personal information collected, the sources, purposes, categories of recipients, and the right to request deletion or opt out of sale (we do not sell personal information). Submit verifiable consumer requests to privacy@roosplus.net.

12) Automated Decision-Making

We may perform automated processing for security, fraud detection, or product analytics (e.g., anomaly detection, rate-limiting). We do not currently make solely automated decisions that produce legal or similarly significant effects for individuals without human review.

13) Children

The Service is not directed to children under the age of 13 (or the relevant age in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, contact us to request deletion.

14) Changes to this Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be posted with an updated effective date, and where required, we will provide notice. Continued use of the Service after changes means you accept the updated Policy.

15) Contact & Data Protection Officer

For privacy requests, data subject rights, or questions about this Policy:

• Email: privacy@roosplus.net
• Mail: RoosPlus — Privacy Team, 123 Platform Way, City, Country (replace with your address)

We will respond to verifiable requests in accordance with applicable law and our verification procedures.

16) Legal Disclaimers & Limitation of Liability

We implement reasonable security practices, but we cannot guarantee absolute protection. Except to the extent prohibited by law, RoosPlus and its affiliates shall not be liable for incidental or consequential damages arising from data breaches or privacy incidents.