Privacy Policy
Privacy Policy
Last Updated: October 2025
This Privacy Policy explains how Roland & Co. Enterprises LLC d/b/a Roland AI (“Roland AI,” “we,” “us,” “our”) collects, uses, discloses, and protects personal information when you use our websites, applications, and services (the “Services”).
If you do not agree with this Policy, do not use the Services. For terms governing use, see our Terms of Service at https://rolandcrm.com/terms.
1. Who We Are & How To Contact Us
Controller: Roland & Co. Enterprises LLC, [registered business address].
Email: [email protected]
DMCA/Abuse: [email protected]
Data Protection Officer (if appointed): [email protected]
2. Scope
This Policy applies to: (a) visitors; (b) account holders; (c) our clients and their authorized users; and (d) recipients of communications sent through the Services (“Contacts”). If you are a Contact, we process your data on behalf of our client (the “Client”) as a processor/service provider.
3. Information We Collect
3.1 Information You Provide
Account details (name, email, password, phone, role).
Billing & payment info (handled by PCI-compliant processors).
Marketing Content you upload (messages, images, files, recordings).
Contact Data you import (names, emails, phone numbers, consent flags, segmentation).
Support inquiries, survey responses, community posts.
Voice/SMS interactions (including call recordings/voicemails where permitted by law).
3.2 Information We Collect Automatically
Device and usage data (IP, identifiers, browser, OS, pages viewed, timestamps, referrers).
Event data (opens, clicks, replies, bounce/spam feedback from carriers/ISPs).
Cookies, pixels, SDKs (see Cookie Policy).
3.3 Information From Third Parties
Identity/verification and fraud-prevention services.
Social, ad, and analytics platforms (e.g., Meta, Google).
Integrations you enable (e.g., CRMs, calendars, POS, payment gateways).
4. How We Use Information (Purposes & Legal Bases)
Provide and secure the Services; troubleshoot, support (Contract/Legitimate Interests).
Process communications you initiate (email/SMS/voice/chat) to your Contacts (Contract/Legitimate Interests; Client is responsible for consent).
Improve and develop features, including supervised model tuning for intent classification, routing, and quality assurance (Legitimate Interests). You may opt out of training use—see §11.
Personalize content and measure performance (Consent where required).
Billing and account administration (Contract/Legal Obligation).
Protect rights, prevent fraud/abuse, comply with law (Legal Obligation/Legitimate Interests).
5. How We Share Information
Service providers/sub-processors who assist in hosting, messaging, voice, analytics, support, and payments under contract.
Legal & safety: to comply with law, lawful requests, or to protect rights and safety.
Corporate transactions: in mergers, financing, or sale of assets (with safeguards).
With your direction/consent, including integrations you enable.
We do not sell personal information for money. For U.S. state privacy laws, some uses may be deemed “sharing” for cross-context behavioral advertising—see Opt-Out (§10).
6. International Transfers
We operate in the U.S. and may transfer data internationally using appropriate safeguards (e.g., SCCs for EEA/UK; comparable mechanisms where applicable).
7. Data Retention
Account data: for your subscription term + up to 24 months after closure (unless earlier deletion requested or longer retention required by law).
Contact Data: retained per your settings and deleted or anonymized upon your instruction or account closure.
Logs/telecom records: typically 12–24 months (carrier rules may apply).
Training/QA artifacts (if opted in): kept only as needed for the stated purposes.
8. Security
We employ administrative, technical, and physical safeguards (encryption in transit, network segregation, RBAC, MFA for staff, least-privilege, logging). No method is 100% secure.
9. Children’s Privacy
The Services are not intended for children under 13 (or 16 in the EEA). We do not knowingly collect such data. If discovered, we will delete it.
10. Your Rights
EEA/UK/Switzerland (GDPR)
Access, rectification, deletion, portability, restriction, objection, and withdrawal of consent. Contact us or your local authority. Our lawful bases are listed in §4.
U.S. State Laws (e.g., CA, CO, CT, UT, VA)
Access, correction, deletion, portability, and opt-out of targeted advertising, “selling,” and profiling for significant decisions.
Do Not Sell or Share My Personal Information / Opt-Out of Targeted Ads
Authorized Agent procedures available at the same link.
Marketing Choices
Unsubscribe links in emails; reply STOP to SMS; manage preferences in your account.
11. Model Training & AI
We may use de-identified/anonymized snippets of interactions to improve detection, routing, and quality (see §4). Opt-out: [email protected] with your account ID; this will exclude your data from training (still used for security/compliance).
12. Call Recording/Monitoring
Where enabled by you, calls may be recorded for quality and training. You are responsible for obtaining required one-party/two-party consent under applicable law and configuring announcements.
13. Links & Third-Party Services
We are not responsible for practices of third-party sites/services. Review their policies.
14. Changes to this Policy
We may update this Policy; see “Last Updated” date. Material changes will be notified by email/in-app.
15. Contact
[email protected]| Roland & Co. Enterprises, USA.
Acceptable Use Policy (AUP)
Last Updated: October 2025
To keep Roland AI safe and compliant, you agree not to use the Services to:
1) Illegal, Harmful, or Abusive Conduct
Violate laws or rights of others; promote or facilitate illegal activity.
Harass, threaten, exploit, or dox individuals; incite violence or self-harm.
Distribute malware, ransomware, or engage in hacking, scraping at scale, or DDoS.
Circumvent account, API, rate-limit, or security restrictions.
2) Prohibited Content
Child sexual content/exploitation; non-consensual intimate imagery.
Terrorism support; extremist propaganda; instructions to commit violence.
Content that is deceptively manipulated to defraud (deepfakes used to impersonate real persons without disclosure/consent).
Intellectual property infringement, counterfeit goods.
Sensitive data without lawful basis (e.g., SSNs, bank numbers, health data) unless your contract explicitly allows and you implement adequate safeguards.
3) Messaging & Growth Restrictions
Spam: unsolicited bulk messages, purchased/harvested lists.
Deceptive practices: spoofing identities, misleading subject lines, snowshoeing.
Consent: You must maintain proof of consent for email/SMS/voice per CAN-SPAM, TCPA, CTIA, CASL, GDPR e-privacy, etc.
Include required disclosures (business name, contact address) and opt-out links; honor opt-outs promptly.
Respect carrier policies (SHAFT content often restricted: Sex, Hate, Alcohol, Firearms, Tobacco; plus CBD/THC).
No high-risk financial scams, multi-level income schemes, or unlawful lead generation.
4) Voice & Call Recording
Obtain legally required one-party/two-party consent; play recording beeps/announcements where required.
Do not use voice cloning to impersonate real people without clear disclosure and written consent.
5) Data & Platform Integrity
Don’t attempt to export prohibited data points or scrape Contacts in violation of third-party terms.
Use APIs and integrations within documented limits; no resale or white-labeling beyond your agreement.
Immediately report suspected abuse: [email protected].
Enforcement: We may investigate, rate-limit, suspend, or terminate accounts; block traffic; and report unlawful activity to authorities or carriers.
Cookie Policy
Last Updated: October 2025
1) What Are Cookies?
Small files stored on your device to make the Services work and to improve performance.
2) Types We Use
Strictly Necessary: session/authentication, security, load-balancing.
Preferences: language, settings.
Analytics/Performance: usage metrics (e.g., Google Analytics).
Advertising/Retargeting: only with consent where required; may constitute “sharing” under U.S. law.
3) Your Choices
Use your browser controls to block/delete cookies. You can also manage preferences via our Cookie Banner and Privacy Choices page: https://RolandCRM.com . Opting out may limit features.
4) Do Not Track
We do not respond to DNT signals. Use our preference tools instead.
SMS/MMS & Voice Compliance Addendum
Last Updated: October 2025
This Addendum applies to Clients using messaging/voice features.
1) Consent & Obligations
Maintain documented consent for each Contact (e.g., web form with checkbox, text-in keyword).
Provide required disclosures at opt-in: program name, message frequency, “Msg & data rates may apply,” help/stop keywords, link to Terms/Privacy.
Honor STOP, END, CANCEL, UNSUBSCRIBE, QUIT within 24 hours. Provide HELP program info.
Register 10DLC campaigns/brands where applicable; supply accurate sample messages and use cases.
2) Prohibited & Restricted Content
SHAFT categories and carrier-prohibited content; illegal substances; payday loans; unlawful sweepstakes.
Sensitive financial/health data in clear text.
URL shorteners not owned by you (use branded links).
3) Throughput, Deliverability & Fees
Carriers may filter messages; delivery is not guaranteed. You are responsible for carrier registration fees, fines, and surcharges. Abuse may result in suspension.
4) Voice Calls & Recording
Provide required call recording notice; document consent; comply with TCPA for outbound calls and prerecorded/AI voices.
5) Templates
Include business name, reply STOP to opt out, and valid callback or email.
Data Processing Addendum (Short-Form)
Last Updated: October 2025
This DPA forms part of your agreement with Roland AI when we process personal data on your behalf.
1) Roles
Client = Controller/Business; Roland AI = Processor/Service Provider.
2) Processing Details
Subject Matter: Provision of the Services.
Nature & Purpose: Hosting, messaging, analytics, support, fraud prevention, quality assurance.
Data Types: Contact Data, communications metadata, marketing content.
Data Subjects: Client’s customers, leads, users.
Duration: Term of agreement + retention in Policy §7.
3) Processor Obligations
Process only on documented instructions; notify if instructions conflict with law.
Confidentiality for personnel; security measures per Policy §8.
Sub-processors bound by written agreements with comparable protections.
Assist with data subject requests, security incidents, DPIAs where applicable.
Delete or return personal data at termination (unless law requires retention).
Provide summaries of audits/third-party reports (e.g., penetration test attestation) upon reasonable request.
4) International Transfers
Apply EU/UK Standard Contractual Clauses where required; implement supplementary measures.
5) Security Incidents
Notify Client without undue delay after confirming a breach affecting Client Data; provide available details and remediation steps.
6) Service Provider (U.S. State Laws)
We certify we will not sell Client personal information or retain, use, or disclose it outside the direct business purpose.
Execution: This DPA is deemed accepted upon Client’s acceptance of the master agreement or continued use of the Services. A countersigned long-form DPA is available upon request at [email protected].
Sub-Processor Disclosure (Template)
We use carefully vetted sub-processors to deliver the Services. Categories include:
Cloud hosting & infrastructure: (e.g., AWS, GCP, Cloudflare)
Email/SMS/Voice carriers & aggregators: (e.g., Twilio/LeadConnector/telecom partners)
Analytics & telemetry: (e.g., Google Analytics, error monitoring)
Payments: (e.g., Stripe)
Support & ticketing: (e.g., Zendesk/Help Scout)
The current list and locations are maintained at: https://rolandcrm.com/contact-us. You will receive email/in-app notice of material changes with an opportunity to object consistent with the DPA.
COMPANY
CUSTOMER CARE
LEGAL
© Copyright 2025. Roland & Co. Enterprises. All Rights Reserved.