top of page
rollingbagel.com-logo
Download

Privacy Policy


This Privacy Policy is incorporated into and made part of this Agreement. It describes how Rolling Bagel, LLC collects, uses, retains, and shares information in connection with your use of the Software. This Privacy Policy is designed to comply with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), as well as all other applicable California privacy laws.
1 Information We Collect
Rolling Bagel collects the following categories of personal information in connection with your use of the Software:
a) Account and Identity Information
When you register for an account or purchase a subscription, we collect:
Name and email address
Billing information (processed and stored by our payment processor, Stripe; we do not store full payment card numbers)
Account credentials (password hashes stored securely via Supabase)
License keys and subscription status
b) Usage and Technical Data
When you install or use the Software within Autodesk Revit, we may collect:
Plugin version in use and feature activation events (e.g., which tools are launched)
License validation requests (including timestamps and license key identifiers)
Error or crash reports, if any are submitted
c) Communications Data
If you contact us for support or through the plugin’s contact features, we collect:
The content of your messages
Your email address and any other contact information you provide
d) Information We Do Not Collect
We do not collect:
Revit project data, drawings, models, or any design files
Sensitive personal information as defined under the CPRA (e.g., Social Security numbers, financial account credentials, precise geolocation, racial or ethnic origin, health data)
Information from minors under the age of 16

2 How We Collect Information
We collect information in the following ways:
Directly from you when you create an account, purchase a subscription, or contact us
Automatically when the Software communicates with our backend services to validate your license or deliver download links
From our payment processor when you complete a transaction
From our email service provider in connection with transactional emails such as download links and account notifications

3 How We Use Your Information
We use the information we collect for the following purposes:
To create and manage your account and subscription
To validate your license and enable access to Pro features
To process payments and send transaction confirmations
To deliver the Software and transactional communications (e.g., download links, renewal notices)
To respond to your support requests and inquiries
To maintain, improve, and secure the Software and our services
To comply with legal obligations
We do not sell your personal information to third parties. We do not use your personal information for cross-context behavioral advertising.

4 Third-Party Data Sharing and Contractual Protections
We share your personal information only with the following categories of third parties, and only to the extent necessary to provide our services. We require all third parties with whom we share personal data to maintain data protection standards no less protective than those stated in this Privacy Policy, either through contractual obligations (such as Data Processing Agreements) or their own privacy frameworks:
a) Payment Processing — Stripe, Inc.
We share billing and transaction data with Stripe to process subscription payments. Stripe acts as an independent data controller for payment data and is certified under applicable compliance frameworks (PCI-DSS). Stripe’s privacy policy governs its handling of payment data. We contractually require Stripe to process data only as instructed and to maintain appropriate security measures.
b) Authentication and Database — Supabase, Inc.
We use Supabase to store account information, license records, and plugin delivery data. Supabase processes data on our behalf as a data processor subject to a Data Processing Agreement. Supabase applies industry-standard security controls including encryption at rest and in transit.
c) Email Delivery — Resend, Inc.
We use Resend to send transactional emails such as download links and account notifications. Resend processes your email address on our behalf under a data processing agreement and may not use your data for any other purpose.
d) Legal Affiliates
We may share data with legal affiliates of Rolling Bagel, LLC (including parent companies, subsidiaries, or related entities) for internal business purposes. Any such affiliate will be bound by privacy obligations consistent with this Privacy Policy.
e) Legal and Compliance
We may disclose personal information to law enforcement, regulators, or courts when required by applicable law, legal process, or to protect the rights, property, or safety of Rolling Bagel, its users, or the public.
We do not share your personal data with analytics platforms, advertising networks, or third-party SDKs beyond those described above.

5 Data Retention and Deletion
Retention Periods
We retain your personal information for the following periods:
Account and subscription data: Retained for the duration of your active subscription and for up to three (3) years after account closure, to comply with legal and financial record-keeping obligations
License validation logs: Retained for up to two (2) years
Support communications: Retained for up to two (2) years from the date of the last communication
Payment transaction records: Retained for seven (7) years as required by applicable financial and tax laws
Deletion
When the applicable retention period expires, or upon a valid deletion request (see Section 9.6), we will securely delete or anonymize your personal information. Where data has been shared with sub-processors, we will instruct those processors to delete the data consistent with their own retention obligations.

6 Your Privacy Rights (California Residents)
If you are a California resident, you have the following rights under the CCPA and CPRA:
a) Right to Know
You have the right to request that we disclose: the categories and specific pieces of personal information we have collected about you; the categories of sources from which we collected the information; the business purpose for collecting the information; and the categories of third parties with whom we share the information.
b) Right to Delete
You have the right to request deletion of personal information we have collected about you, subject to certain exceptions (such as where retention is required by law or to complete a transaction you requested).
c) Right to Correct
You have the right to request that we correct inaccurate personal information we maintain about you.
d) Right to Opt Out of Sale or Sharing
We do not sell or share personal information for cross-context behavioral advertising. No opt-out is required, but you may contact us to confirm this practice.
e) Right to Limit Use of Sensitive Personal Information
We do not collect or process sensitive personal information as defined under the CPRA. No limitation request is required.
f) Right to Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights. We will not deny you services, charge you different prices, or provide a lower quality of service because you exercised your rights.

7 How to Exercise Your Rights / Revoke Consent / Request Deletion
To exercise any of the privacy rights described above, or to revoke your consent to data processing, please submit a request using one of the following methods:
Email: info@rollingbagel.com with the subject line “Privacy Request”
Website: www.rollingbagel.com (Contact page)
Your request must include sufficient information for us to verify your identity (such as your registered email address and account details). We will respond to verifiable consumer requests within 45 days as required by California law. If we need additional time, we will notify you of the extension and the reason for it.
Revoking Consent: If your use of the Software is based on your consent, you may revoke that consent at any time by submitting a request as described above. Note that revoking consent does not affect the lawfulness of processing that occurred before revocation, and may affect your ability to use certain features of the Software.
Account Deletion: You may also request account deletion by contacting us at the email above. Upon account deletion, we will delete your personal information subject to the retention obligations described in Section 9.5.

8 Security
We implement reasonable and appropriate technical and organizational measures to protect your personal information against unauthorized access, loss, or disclosure. These measures include encryption in transit (TLS), encrypted storage via Supabase, and access controls limiting who can view personal data. However, no method of data transmission or storage is completely secure, and we cannot guarantee absolute security.

9 Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this Agreement. Where changes are material, we will provide additional notice (for example, via email to the address on your account). Your continued use of the Software after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.


10. Contact
For questions regarding this Agreement or this Privacy Policy, contact us at:
Rolling Bagel, LLC. | info@rollingbagel.com
 

bottom of page