ProbablyRollingPrivacy Policy
Last updated: May 2026
What we collect
When you sign up and use ProbablyRolling, we collect information you provide directly: your name, email address, date of birth, a profile photo, and a check-in PIN. We also record your attendance each time you check in at your gym.
How we use it
Your data powers the core features of ProbablyRolling — attendance tracking, streak and gamification stats, belt progression, and gym management tools. We use your email to send account-related messages like magic-link logins and important updates.
Who can see your data
Only the administrators of the gym you belong to can view your profile and attendance records. We do not sell, rent, or share your personal information with third parties. Your data stays between you and your gym.
Data storage
Your data is stored securely on Supabase-hosted infrastructure with encryption at rest and in transit. We use industry-standard security practices to protect your information.
Data retention
We keep your data for as long as your account is active. If you delete your account, we remove your profile, attendance records, and associated data. You can request deletion at any time through the app or by emailing us.
Your rights
You have the right to access, correct, or delete your personal data. You can update your profile directly in the app, or contact us to request a full export or deletion of your data. We will respond to requests within 30 days.
GDPR (European users)
If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR). Legal basis for processing: We process your data based on (a) your consent when you create an account, (b) contractual necessity to provide the service, and (c) legitimate interest in improving our platform. Your GDPR rights: You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. You may also withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Data controller: ProbablyRolling, Zurich, Switzerland. Contact: [email protected]. Cross-border data transfers: Your data is stored on Supabase (AWS eu-central-1). We do not transfer data outside the EEA without appropriate safeguards. Data Protection Officer: Given the scale of our operations, we are not required to appoint a DPO. For any data protection inquiries, contact [email protected]. To exercise any of these rights, email [email protected]. We will respond within 30 days.
Cookies
We use minimal, session-only cookies to keep you logged in and remember your preferences. We do not use tracking cookies or third-party analytics that follow you across the web.
Children
Users under 18 need consent from a parent or legal guardian to create an account. Gym administrators are responsible for verifying guardian consent for minor members.
Changes to this policy
If we make meaningful changes to this privacy policy, we will notify you through the app before the changes take effect. We encourage you to review this page periodically.
Contact
If you have questions about this policy or your data, reach out to us at [email protected]. We are happy to help.