RovelaRovela

Privacy Policy

Last updated: February 16, 2026

1. Introduction

This Privacy Policy explains how Rovela AI, Inc. ("Rovela," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you access or use our AI-powered e-commerce platform at rovela.ai (the "Platform"). By using our Platform, you acknowledge that you have read and understood this Privacy Policy.

Rovela AI, Inc. is a corporation incorporated in the State of Delaware, United States.

2. Definitions

  • Personal Data: Any information that relates to an identified or identifiable natural person, including name, email address, IP address, and payment information.
  • Customer Data: Content you input into the Platform, including business descriptions, store prompts, questionnaire answers, uploaded images, and product information.
  • Store Data: Data generated within your deployed e-commerce store, including products, orders, customer accounts, and transaction records.
  • AI Output: Code, content, designs, and configurations generated by our AI systems based on your inputs.
  • Credits: Prepaid units consumed when using Platform features such as store generation and chat-based editing.

3. Information We Collect

Information you provide directly:

  • Account Information: Name, email address, and password when you create an account.
  • Business Information: Store descriptions, business prompts, questionnaire answers, visual preferences, and product details you provide during store generation.
  • Payment Information: Billing details processed securely through Stripe. We do not store your full credit card numbers, bank account details, or other sensitive payment credentials on our servers.
  • Store Content: Product listings, images, logos, and any content you upload or generate for your store.
  • Communications: Messages you send through our contact form, support channels, or chat interface.

Information collected automatically:

  • Technical Data: IP address, browser type and version, device identifiers, operating system, and screen resolution.
  • Usage Data: Pages visited, features used, generation history, credit consumption, session duration, and interaction patterns.
  • Log Data: Server logs including access times, error reports, and API request metadata.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To generate, deploy, and host your e-commerce stores using AI technology.
  • AI Processing: To send your prompts and business descriptions to AI models for store generation, blueprint creation, and chat-based editing.
  • Billing & Credits: To process subscription payments, manage credit balances, and handle top-up transactions.
  • Account Management: To create and maintain your account, authenticate your identity, and manage your stores.
  • Communications: To send transactional emails (order confirmations, deployment notifications, password resets), and respond to support requests.
  • Security: To detect, prevent, and address fraud, abuse, and technical issues.
  • Improvement: To analyze usage patterns, diagnose technical problems, and improve Platform performance and features.

5. AI-Specific Data Handling

Our Platform uses artificial intelligence to generate e-commerce stores. Understanding how your data interacts with AI systems is important:

  • Prompt Processing: Your business descriptions, questionnaire answers, and chat messages are sent to Anthropic's Claude AI models for processing. These inputs are used solely to generate your store and are subject to Anthropic's data usage policies.
  • Code Generation: AI-generated code is executed within isolated sandbox environments. The generated code becomes part of your store.
  • Blueprint & Design Data: Visual preferences, brand identity choices, and design configurations are processed by AI to create your store's look and feel.
  • No Training on Personal Data: We do not use your raw Personal Data to train, fine-tune, or improve AI models. Anonymized and aggregated usage patterns may be used to improve our prompt engineering and service quality.

6. Sub-Processors & Third-Party Services

We use the following third-party services to operate our Platform. Each is contractually bound to protect your data in accordance with their respective privacy policies:

  • Stripe (San Francisco, USA) — Payment processing for subscriptions, credit top-ups, and store checkout via Stripe Connect.
  • Anthropic (San Francisco, USA) — AI models (Claude) for store generation, questionnaire filling, blueprint creation, and chat-based editing.
  • Vercel (San Francisco, USA) — Hosting and deployment of generated e-commerce stores.
  • Neon (San Francisco, USA) — Serverless PostgreSQL databases for per-store data isolation.
  • GitHub (San Francisco, USA) — Source code repository storage for generated store code.
  • Blaxel (Paris, France) — Sandbox environments for AI code generation and execution.
  • Resend (San Francisco, USA) — Transactional email delivery for account and store notifications.
  • Supabase (Singapore) — Platform database hosting.

Each third-party service has its own privacy policy governing their use of your data. We encourage you to review their policies.

7. Data Sharing

We may share your information in the following circumstances:

  • Service Providers: With the sub-processors listed above, solely to provide and operate our Platform.
  • Legal Requirements: When required by applicable law, regulation, legal process, or governmental request.
  • Rights Protection: To protect the rights, property, or safety of Rovela, our users, or the public.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case your data would remain subject to this Privacy Policy.

We do not sell, rent, or trade your Personal Data to third parties for their marketing purposes.

8. International Data Transfers

Your data may be transferred to and processed in countries outside of your country of residence, including the United States, where our primary sub-processors operate. When we transfer data internationally, we implement appropriate safeguards including contractual protections with our sub-processors to ensure your data receives an adequate level of protection regardless of where it is processed.

9. Data Retention

We retain your data according to the following schedules:

  • Account Data: Retained for the duration of your account plus 90 days after deletion to allow for recovery and resolve any pending matters.
  • Store Data: Retained until you delete the store or your account. Deployed stores on Vercel and GitHub repositories persist until explicitly removed.
  • Payment Records: Retained as required by applicable tax and financial regulations (typically 5-7 years).
  • Server Logs: Automatically purged after 90 days.
  • Backups: Retained for up to 30 days before automatic deletion.
  • AI Processing Logs: Prompt and generation metadata retained for up to 90 days for debugging and service improvement.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption: All data transmitted between your browser and our servers is encrypted via TLS/SSL.
  • Password Protection: Passwords are hashed using bcrypt with a cost factor of 12. We never store plaintext passwords.
  • Database Isolation: Each generated store operates on its own isolated database branch, preventing cross-store data access.
  • Sandbox Isolation: AI code generation runs in isolated, ephemeral sandbox environments that are destroyed after use.
  • Access Control: File uploads use time-limited presigned URLs. API routes validate authentication and store ownership.
  • Payment Security: Payment processing is handled entirely by Stripe, a PCI DSS Level 1 certified provider. We never handle or store raw card data.

11. Cookies & Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled without affecting Platform functionality.
  • Functional Cookies: Used to remember your preferences such as theme settings (light/dark mode).

We do not currently use third-party analytics or marketing cookies. If this changes in the future, we will update this policy and provide appropriate opt-out mechanisms.

12. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your Personal Data:

  • Right of Access: Request a copy of the Personal Data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your Personal Data, subject to legal retention obligations.
  • Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us at contact@rovela.ai. We will respond to your request within 30 days. We may ask for identity verification before processing your request.

For users in the European Economic Area, United Kingdom, or other jurisdictions with applicable data protection laws (including GDPR, UK GDPR, and CCPA/CPRA), we process your data on the legal bases of contract performance, legitimate interests, legal obligation, and consent where applicable.

13. Children's Privacy

Our Platform is not intended for individuals under 18 years of age. We do not knowingly collect Personal Data from children under 18. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with their data, please contact us at contact@rovela.ai.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. For material changes, we will provide at least 30 days' advance notice via email or a prominent notice on the Platform before the changes take effect. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Rovela AI, Inc.
131 Continental Dr, Suite 305
Newark, Delaware 19713
United States
Email: contact@rovela.ai