Privacy Policy

Effective date: 23 April 2026

1. Who we are

Roam (“we”, “us”, “our”) is a hobby project operated by an individual developer. Roam is a web-discovery service available as a browser extension (Chrome and Firefox), an Android app, and a website at roamtheweb.app.

2. Data we collect

Account data

When you create an account we collect your email address and, if you sign in with Google, your Google profile name and avatar URL. You may optionally set a username, display name, and bio.

Usage data

We record which URLs you have been served (“seen URLs”) so we can avoid showing you the same page twice. This data is deleted automatically after 30 days. We also record ratings (thumbs up / thumbs down) that you submit.

Submitted URLs

If you submit a URL for inclusion in Roam, we store that URL along with your user ID so we can enforce rate limits and contact you if needed.

Collections

If you create collections, the collection name, description, and its URLs are stored. Public collections are visible to anyone.

Technical data

Our hosting providers (Supabase and Vercel) may collect standard server logs including IP addresses, browser type, and request timestamps. We do not have direct access to this data beyond what those providers expose.

3. How we use your data

• To serve personalised URL recommendations filtered by your category preferences.
• To avoid serving you URLs you have already seen.
• To display your public profile and collections to other users.
• To moderate submitted URLs before they are approved.
• To send transactional emails (e.g., email confirmation, password reset) via Supabase Auth.

We do not sell your data. We do not use your data for advertising.

4. Data sharing

We use the following third-party sub-processors:

• Supabase Inc. — database, authentication, and serverless functions (USA).
• Vercel Inc. — web hosting (USA).
• Google LLC — optional “Sign in with Google” OAuth; Safe Browsing API for URL vetting.

5. Data retention

• Seen-URL records are deleted after 30 days.
• Account data is retained until you delete your account.
• Moderation-queue records are retained indefinitely for audit purposes.

6. Your rights

Depending on where you live you may have rights including access, correction, deletion, restriction, portability, and objection under the GDPR, UK GDPR, or CCPA. To exercise any right, email us at privacy@roamtheweb.app. We will respond within 30 days.

To delete your account and all associated personal data, email us from the address linked to your account. We will complete deletion within 7 days.

7. Cookies

Roam uses a single session cookie set by Supabase Auth to keep you signed in. We do not use tracking or advertising cookies.

8. Children

Roam is not directed at children under 13 (or under 16 in the EEA). If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes

We may update this policy. Material changes will be announced via a notice on the website. The effective date at the top will always reflect the latest version.

10. Contact

Questions? Email privacy@roamtheweb.app.