Roolify logo
HomeAboutPricing
Contact Us
Get Started

Privacy Policy

Roolify Privacy Policy

Last Updated: April 29, 2026

1. Introduction

Roolify ("we," "our," or "us") provides a SaaS platform that enables Webflow users to build conditional logic, route form submissions, and manage email notifications for their Webflow forms. This Privacy Policy explains how we collect, use, store, and share information when you use our services at roolify.io (the "Service").

By using Roolify, you agree to the practices described in this policy.

2. Who This Policy Covers

This policy applies to two categories of people:

  • Account holders ("Users") — Webflow creators, developers, and agencies who sign up for a Roolify account.
  • Form respondents ("End-Users") — Individuals who submit forms on Webflow sites connected to Roolify.

3. Information We Collect

3a. Account Holders

When you create a Roolify account or use our Service, we collect:

  • Identity — Full name, email address
  • Credentials — Hashed password, password reset tokens
  • Company — Company name, description, location
  • Billing — Stripe customer ID, subscription ID, plan tier, billing interval, overage settings
  • Webflow connection — OAuth access tokens, site IDs, workspace IDs, form IDs
  • Activity — Login events, rule changes, form syncs, feature access attempts, webhook events

3b. Form Respondents (End-Users)

When someone submits a form on a Webflow site connected to Roolify, we receive and store the full submission payload from Webflow. This may contain any data the form collects, including:

  • Name, email address, phone number
  • Free-text responses, dropdown selections, checkbox answers
  • Any other custom fields configured in the Webflow form

The exact data collected depends on how the form is designed by the Account Holder — Roolify has no control over which fields are included.

4. How We Use Information

For Account Holders

  • Service delivery — Authenticate your account, sync your Webflow sites and forms, evaluate conditional rules, and route form submissions.
  • Billing — Create and manage Stripe subscriptions, track usage against plan limits, send overage notifications.
  • Communication — Send welcome emails, limit warnings, and system notifications via Resend.
  • Security & debugging — Maintain an audit/event log of significant actions for fraud detection and troubleshooting.
  • Product improvement — Understand aggregate usage patterns to improve the Service.

For Form Respondents

  • Routing — Evaluate your submission against the Account Holder's conditional rules and route the notification email to the appropriate recipient(s).
  • Notification delivery — Include your submission data in email notifications sent to the Account Holder's configured recipients.
  • PDF generation — Optionally generate a PDF receipt of your submission if the Account Holder has enabled that feature.
  • Deduplication — Prevent the same submission from being processed or emailed more than once.
  • Storage — Retain your submission data in the Account Holder's Roolify account for their reference.

5. Information Sharing and Disclosure

We do not sell your personal data. We share data only as described below:

  • Xano — Backend database and API infrastructure. All data stored in the Service, including user accounts, form submissions, conditional rules, event logs, and billing records.
  • Stripe — Payment processing. Name, email, billing details, Stripe customer and subscription IDs.
  • Webflow — Form and site integration. OAuth tokens, site and form metadata, form submission data.
  • Resend — Transactional email delivery. Recipient email addresses and notification content including form submission data.
  • Account Holder's configured email recipients — Form notification routing. Full form submission data as configured by the Account Holder.
  • Law enforcement / legal process — As required by applicable law.
  • Business transfers — In the event of a merger, acquisition, or sale of assets, data may be transferred as part of the transaction.

We require our sub-processors to handle data securely and only for the purposes we specify.

6. Data Retention

  • Account data is retained for as long as your account is active.
  • Form submission data is retained indefinitely until you delete your account or manually delete individual records.
  • Event and activity logs are retained for operational and security purposes and deleted when your account is deleted.
  • Stripe billing data is retained as required by financial and legal obligations, even after account deletion.

We do not currently offer an automated data export feature. If you need a copy of your data, please contact us at info@roolify.com.

7. Account Deletion and Your Rights

Deleting Your Account

You can delete your Roolify account at any time via account settings. Deletion triggers a full cascade deletion of:

  • Your user profile and credentials
  • All connected Webflow sites and their associated data
  • All conditional rules and notification settings
  • All stored form submissions
  • All event and activity logs
  • Your Stripe subscription (immediately cancelled)

Your Rights

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Request correction of inaccurate data.
  • Deletion — Request deletion of your data (account deletion above satisfies this).
  • Portability — Request your data in a machine-readable format.
  • Objection / Restriction — Object to or restrict certain processing.
  • Withdrawal of consent — Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at info@roolify.com. We will respond within 30 days.

Note for Form Respondents

If you submitted a form on a Webflow site using Roolify, the Account Holder who owns that form controls your submission data. To request deletion or access, contact that website owner directly. We will cooperate with verified deletion requests if the Account Holder cannot be reached.

8. Cookies and Tracking

Roolify's backend does not set cookies, use tracking pixels, collect IP addresses, or perform device fingerprinting. Our frontend may use cookies for session management. We do not use your data for advertising or cross-site tracking.

9. Security

We implement industry-standard security practices including:

  • Passwords stored as hashed values (never plaintext)
  • Auth tokens with 24-hour expiration
  • Token-authenticated API endpoints for all protected operations
  • Stripe-managed payment processing (we do not store raw card numbers)

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at info@roolify.com.

10. Children's Privacy

Roolify is not directed to children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. International Data Transfers

Roolify is operated from the United States. If you are located outside the United States, your data will be transferred to and processed in the United States. Where required by law, such as for transfers from the EU/EEA, we rely on appropriate transfer mechanisms including Standard Contractual Clauses.

12. GDPR — Additional Rights for EEA, UK, and Swiss Residents

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the following additional provisions apply under the General Data Protection Regulation (GDPR) or equivalent local law.

Legal Bases for Processing

  • Creating and managing your account — Contract: necessary to perform the Service you signed up for.
  • Processing payments and managing subscriptions — Contract: necessary to fulfil the billing relationship.
  • Sending transactional emails — Contract / Legitimate interest: communicating essential service information.
  • Storing and routing form submissions — Contract: core feature of the Service.
  • Event and activity logging — Legitimate interest: security, fraud prevention, and debugging.
  • Complying with legal obligations — Legal obligation.
  • Marketing communications (if any) — Consent: you may withdraw at any time.

Your GDPR Rights

In addition to the rights listed in Section 7, EEA/UK/Swiss residents have the right to:

  • Lodge a complaint with your local data protection authority (DPA). In the EU, visit edpb.europa.eu. In the UK, contact the ICO at ico.org.uk.
  • Not be subject to solely automated decision-making that produces legal or similarly significant effects. Roolify does not make any such automated decisions about individuals.

Data Controller vs. Data Processor

Roolify is the data controller for Account Holder data. For form submission data collected through your Webflow forms, the Account Holder acts as the data controller and Roolify acts as a data processor on their behalf.

Data Processing Agreement

If you use Roolify to process personal data of EEA/UK residents through your Webflow forms, you may require a Data Processing Agreement (DPA). Please contact us at info@roolify.com to request one.

13. CCPA — Additional Rights for California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.

Categories of Personal Information Collected

In the past 12 months we have collected:

  • Identifiers — Name, email address, account ID
  • Commercial information — Subscription plan, billing history
  • Internet or network activity — API usage, login events, event logs
  • Geolocation data — Company location (account-level only, not precise)
  • Inferences — Not collected. We do not build consumer profiles.
  • Sensitive personal information — Not collected. Payment card data is handled by Stripe only.

Your CCPA/CPRA Rights

  • Right to Know — Request disclosure of the categories and specific pieces of personal information we have collected, our sources, business purpose, and third parties we share it with.
  • Right to Delete — Request deletion of your personal information. Account deletion (Section 7) fulfills this right.
  • Right to Correct — Request correction of inaccurate personal information we hold about you.
  • Right to Opt-Out of Sale or Sharing — We do not sell or share your personal information for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information — We do not use sensitive personal information beyond what is necessary to provide the Service.
  • Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights.

Submitting a CCPA Request

Contact us at info@roolify.com with the subject line "CCPA Request." We will respond within 45 days. You may designate an authorized agent to submit a request on your behalf.

14. Third-Party Services

Roolify integrates with third-party services that have their own privacy policies. We encourage you to review them:

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. The "Last Updated" date at the top reflects the most recent revision. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

16. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please contact us:

Roolify
Email: info@roolify.com
Website: roolify.com

Supercharge your native Webflow forms into dynamic experiences. Build powerful conditional logic and smart routing without writing a single line of code.
Built for Webflow · Absolute control · Zero code.
PRODUCTHow it WorksPricingChangelog
COMPANYAboutContact
RESOURCESDocsPrivacy PolicyTerms and Conditions
© 2026 Roolify. All rights reserved.