Privacy Policy
Last updated: June 5, 2026
rostermaxx ("we," "us," or "our") operates the rostermaxx relationship management platform. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and what rights you have.
TL;DR: Your relationship data stays private to you. We don't sell it, share it with advertisers, or use it to target you. Your Rostercard is the one exception — it's intentionally shareable, and you control exactly what's on it.
2. Data We Collect
Account Data: Email address (for auth) and password (hashed; we never see plaintext).
Profile Data: Display name, birthday, birth time/location, astro placements, availability grid, interests, bio, love language, date budget, card theme, and preferences.
Connection Data: People profiles, date logs, score history, exit data, and astro placements for others.
Rostercard Data: Card content you choose to share (controlled by privacy toggles), card metadata, and Living Card subscriptions.
Trip Data: Trip details, destination coordinates, budget, and date-trip links.
Voice Debrief Data: Speech is converted to text locally via Web Speech API. We do not receive or store audio recordings.
Location Data: Birth location geocoded via Nominatim; venue coordinates for date ideas via Google Maps.
Contacts (mobile, optional): If you tap "Pick from Contacts" when adding a person, the iOS or Android contact you explicitly select is read locally to prefill the new entry — name, phones, emails, birthday, and image. We never bulk-access or upload your address book.
Uploaded Images: Profile photos and Rostercard gallery images you upload are screened by an automated content-moderation service before being stored. Images that fail screening are rejected and never persisted. Approved images are stored privately and served only to you and people you've shared your card with.
Payment Data: All subscription payments are processed by Stripe. Card details are handled entirely by Stripe and never touch our servers. We only store subscription status.
3. How We Use Your Data
| Purpose | Data Used |
|---|---|
| Account auth | Email, hashed password, session tokens |
| Core app functionality | All portfolio data |
| Astrology engine | Birthday, birth time, birth lat/lng |
| AI insights (Pro) | Notes, transcripts, scores sent to Anthropic Claude API |
| Rostercard | Selected profile fields on your shareable card |
| Subscription management | Email, subscription status, Stripe customer ID |
| Image moderation | Uploaded images sent server-side to Google Cloud Vision for SafeSearch screening; images are not retained by the provider |
We do not use your data to train AI models, show you advertisements, or build behavioral profiles for third-party use.
4. Couples Mode & Relationship Status
When you enter Relationship Mode, your profile status may be updated on rosters of other users who have imported your card via Living Card subscriptions. You can exit at any time from Settings.
5. Third-Party Services
| Service | Purpose |
|---|---|
| Supabase | Database, authentication, edge functions, image storage |
| Anthropic | AI analysis (Claude API) — Pro only |
| Stripe | Subscription payment processing (web and mobile) |
| Google Cloud Vision | Automated image moderation (SafeSearch) on uploads |
| Nominatim | Geocoding birth locations |
| Google Maps | Venue suggestions for date ideas |
6. Data Sharing & Selling
We do not sell your personal data. Portfolio data is private to your account. We may disclose data when required by law.
7. Data Retention
Your data is retained while your account is active. When you delete your account, all data is permanently deleted within 30 days. You can export a full backup at any time from Settings.
8. Security
All data is transmitted over HTTPS/TLS. Supabase enforces row-level security so users can only access their own records. Passwords are stored hashed and salted (we never see plaintext). AI features verify Pro status server-side on every request. Uploaded images pass through server-side content moderation before being stored, and rejected uploads are never persisted.
9. Your Rights
- Access — view all your data within the app
- Export — download a full backup via Settings
- Correction — edit any data directly in the app
- Deletion — delete individual entries or your entire account
10. Children's Privacy
You must be at least 18 years old to use the Service. We do not knowingly collect information from anyone under 18.
11. California & GDPR Rights
California residents may submit CCPA requests via support@rostermaxx.app. EEA residents have rights under GDPR including access, rectification, erasure, and data portability.
12. Changes to This Policy
For material changes, we will notify you by email at least 14 days before the change takes effect.
13. Contact Us
Email: support@rostermaxx.app
Address: 30 N Gould St Ste R, Sheridan, WY 82801, United States