Skip to main content

Privacy Policy

Last updated: March 2025

1. Data Controller

Coolsailing SARL, trading as Rodz, is the data controller for personal data collected via the website www.rodz.io and the platform app.rodz.io.

Registered office: 121 rue de Coulmiers, 44000 Nantes, France
RCS Nantes: B 894 750 751
Contact: hello@rodz.io

2. Data Collected

We collect the following categories of data:

Account Data

When you register on app.rodz.io: name, surname, email address, company name, password (encrypted), API keys for third-party services you choose to connect.

Contact Data

Via site forms or HubSpot: name, surname, email, company, phone number.

Prospect and Intent Signal Data

As part of our Services, we collect and enrich publicly accessible professional data: company name, industry, size, professional contact details of decision-makers, intent signals (hiring, fundraising, technologies used, etc.).

Payment Data

Transactions are managed by Stripe. We do not store your credit card information. We only retain transaction identifiers and billing history.

Browsing Data

IP address, browser type, pages visited, visit duration, collected via Google Analytics.

Platform Usage Data

Credit consumption, intent signal configuration, data delivery history, error logs.

3. Processing Purposes

Your data is processed for the following purposes:

  • Providing and managing our Services (intent signal detection, enrichment, and data delivery)
  • Managing your user account and subscription
  • Payment processing and billing
  • Responding to your contact requests and customer support
  • Audience measurement and improvement of the site and platform
  • Sending marketing communications (with your consent)
  • Fraud and abuse detection and prevention
  • Compliance with legal obligations

4. Legal Basis for Processing

Under GDPR, each processing activity is based on a legal basis:

  • Contractual performance: account management, service provision, billing
  • Consent: non-essential cookies, marketing communications
  • Legitimate interest: improving our Services, platform security, business relationship
  • Legal obligation: billing data retention, responding to legal requests

5. Data Retention

  • Browsing data: 13 months maximum
  • Contact data (prospects): 3 years after last contact
  • Account data: duration of contractual relationship + 5 years
  • Billing data: 10 years (legal obligation)
  • Technical and error logs: 12 months

6. Sub-processors and Data Transfers

We use the following sub-processors to operate our Services:

Hosting and Infrastructure

  • OVH (France): site and platform hosting

Payment

  • Stripe (United States): credit card and SEPA payment processing

Analytics and Monitoring

  • Google Analytics (United States): site audience measurement

CRM and Communication

  • HubSpot (United States): customer relationship management and marketing
  • Resend (United States): transactional email delivery

Artificial Intelligence

  • Google Gemini (United States): data processing for intent signal enrichment

For sub-processors located in the United States, data transfers are governed by the EU-U.S. Data Privacy Framework or by Standard Contractual Clauses approved by the European Commission.

7. Cookies

This site uses:

  • Essential cookies: required for site functionality (authentication, preferences)
  • Google Analytics (GA4): audience measurement with IP address anonymization

You can configure your browser to refuse non-essential cookies. Disabling certain cookies may limit access to some site features.

8. Your Rights

Under GDPR, you have the following rights over your personal data:

  • Right of access: obtain a copy of your personal data
  • Right to rectification: correct inaccurate or incomplete data
  • Right to erasure: request deletion of your data
  • Right to data portability: receive your data in a structured, readable format
  • Right to object: object to the processing of your data
  • Right to restriction: request processing restriction in certain circumstances
  • Right to withdraw consent: withdraw your consent at any time for consent-based processing

To exercise these rights, contact us at: hello@rodz.io

We commit to responding within one month. We may ask you to verify your identity before proceeding.

You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés): www.cnil.fr.

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. These measures include password encryption, secure connections (HTTPS), and data access restrictions.

10. Third-party Links

Our site may contain links to third-party websites. We are not responsible for the privacy practices of these sites and encourage you to review their respective policies.

11. Changes to This Policy

We may update this privacy policy from time to time. In case of substantial changes, we will notify you by email or by a visible notice on our site. The last update date is indicated at the top of this page.

12. Contact

For any questions about this policy or the processing of your personal data, contact us at: hello@rodz.io