Privacy Policy

Last updated: 2026-06-24. Version: 2026-06-24.

This policy explains what personal data we collect, why, how long we keep it, and the rights you have. We aim to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), Canada's PIPEDA, and Australia's Privacy Act.

1. Data controller

The data controller is the operator of Roaming Roadsters, an individual based in the United States. Contact: privacy@roamingroadsters.com.

2. What we collect

• Account data — your email address and a stable user ID from our identity provider (Cloudflare Access). Optionally a display name.
• Chat history — the messages you send to the FSM assistant and the responses. We retain these so you can pick up old conversations.
• Notes — content you save as personal or community notes.
• Consent records — which version of these Terms and this Privacy Policy you accepted, and when.
• Technical data — request logs (IP address, user agent, timestamps), rate-limit counters, error reports. IPs are hashed in long-term audit records.
• AI Gateway logs— model inputs and outputs are logged through Cloudflare AI Gateway for abuse prevention, cost control, and quality improvement. Retention is governed by Cloudflare's AI Gateway policy and our internal retention policy below.

We do not currently collect payment information; the Service is free.

3. Why we use it (legal basis under GDPR)

• Contract — to provide the Service you requested.
• Legitimate interests — abuse prevention, fraud detection, debugging, and improving the Service.
• Consent — for any optional analytics or marketing emails (we currently do not run either).
• Legal obligation — to respond to lawful requests, DSARs, and DMCA notices.

4. Who has access

Service data is hosted on Cloudflareinfrastructure (Workers, D1, R2, AI Gateway, Workers AI, Access). Cloudflare is our sole sub-processor. AI inference is performed on Cloudflare's servers; no model providers (e.g., OpenAI) receive your data unless explicitly noted in a future update.

We do not sell personal information to third parties. (CCPA “Do Not Sell”: we do not sell.)

5. How long we keep it

• Account profile: until you delete your account.
• Chat history and notes: until you delete them, your account, or 36 months of inactivity.
• Audit logs: up to 24 months (anonymised after account deletion).
• AI Gateway logs: subject to Cloudflare retention; we configure deletion of the oldest entries beyond our quota.

6. Your rights

Subject to your jurisdiction, you have the right to:

• Access — download a copy of your data (Account → Download my data).
• Rectify — correct inaccurate data; email us.
• Erase — delete your account (Account → Delete).
• Restrict / object — pause processing while we investigate a complaint.
• Portability — your data export is in machine-readable JSON.
• Withdraw consent — at any time, with no effect on prior lawful processing.
• Lodge a complaint with your local data protection authority.
• (California) Right to know, right to delete, right to non-discrimination.

To exercise rights, email privacy@roamingroadsters.com or use the self-service tools in your Account page. We respond within 30 days.

7. International transfers

Cloudflare operates a global network and may process your data in countries outside your own, including the United States. Cloudflare relies on Standard Contractual Clauses for transfers out of the EU/UK.

8. Children

The Service is not directed to children under 13 (or 16 where applicable). We do not knowingly collect personal data from children under those ages. If we learn we have, we will delete it.

9. Cookies and similar tech

See our Cookie Policy for details. We use a Cloudflare Access authentication cookie and a small consent cookie. We do not use third-party advertising cookies or trackers.

10. Security

We use TLS for all traffic, Cloudflare WAF, rate limiting, Turnstile bot protection, and least-privilege API tokens. No system is perfectly secure; report suspected vulnerabilities to security@roamingroadsters.com.

11. Changes

Material changes will be announced on this page and acknowledged on next sign-in.