Last update : 02/26/2026

Privacy Policy and Cookie Use

‍

1 - Purpose

This privacy policy aims to inform users of the website Rovelia.io and the Rovelia mobile application of the way in which their personal data is collected, used and protected, in accordance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and the French Data Protection Act (loi Informatique et Libertés) as amended.

2 - Data Controller

The data controller is:

Xanocom

RCS Paris: 899 485 726

Registered office: 128 rue de la Boétie, 75008 Paris, France

Contact: Contact form or directly at: contact@rovelia.io

3 - Data Collected

We collect only the data strictly necessary for the proper functioning of our services.

In connection with the use of the mobile application, we collect the user's first name, date of birth in order to verify compliance with the applicable age requirements, and email address.

‍

Regarding the Discord Community, we collect the first name, email address and Discord username solely for members who have subscribed to the Community.

‍

Regarding payments to access the book club, billing data (full name, email address, billing address, banking details) are collected and processed directly by our payment providers Stripe and Amazon Pay. The Publisher does not have access to raw banking details but may access billing information (name, address) via its Stripe dashboard for the purposes of subscription management.

‍

Regarding navigation on the website rovelia.io, we collect the IP address, technical connection logs and cookie-related data under the conditions described in Article 11.

‍

4 - Purpose of Processing

The data collected is used to create and manage user accounts, manage subscriptions and billing, provide access to the private Discord Community, verify compliance with age requirements, respond to requests submitted via the contact form, send newsletters and marketing communications solely with prior and explicit consent, ensure the security of the Website and the Application and prevent fraud, and analyse traffic in order to improve the user experience.

5 - Legal Basis

The management of accounts and subscriptions is based on the performance of a contract. Billing is based on a legal obligation. The sending of newsletters and communications, as well as the use of non-essential cookies, is based on the user's consent. The security of the Website and the prevention of fraud are based on the Publisher's legitimate interests. Age verification is based on both a legal obligation and the Publisher's legitimate interests.

‍

6 - Mandatory or Optional Data

The following data is mandatory in order to access the services: email address, first name and date of birth. If this data is not provided, the Service cannot be delivered.

‍

The full name is collected solely at the time of payment via Stripe and is mandatory for subscribing to the Community. The Discord username is required solely for access to the Community.

‍

7 - Data Recipients

‍

Data is processed by the Publisher and transmitted only to the technical service providers strictly necessary for the provision of the Service. IONOS provides hosting for the Website. Stripe processes secure payments. Discord manages access to the Community. Cookiebot manages cookie consent. Google Analytics provides audience analysis. Amazon Pay processes payments via Amazon.

These service providers act as data processors and are bound by strict contractual obligations of confidentiality and security. They are not authorised to use your data for any purpose other than that for which they have been appointed.

‍

8 - Data Transfers Outside the EU

Certain service providers (Stripe, Discord, Google, Amazon) involve transfers of personal data outside the European Union, in particular to the United States.

These transfers are governed by the standard contractual clauses adopted by the European Commission or any other mechanism recognised as providing an adequate level of protection in accordance with the GDPR. For further information on the safeguards put in place by each service provider, please refer to their respective privacy policies.

‍

9 - Retention Periods

Data relating to a subscription is retained for the duration of the subscription plus three years after its termination. Billing data is retained for ten years in accordance with the applicable legal obligation. Contact data from the contact form or email exchanges is retained for three years following the last exchange. Cookies are retained for a maximum of thirteen months following consent. Technical logs such as IP addresses and connection data are retained for a maximum of six months.

Upon expiry of these periods, data is deleted or irreversibly anonymised.

‍

10 - Your Rights

Under GDPR, you have the right to:

access your data, correct it, request deletion (“right to be forgotten”), restrict processing, object to processing, request portability.

To exercise your rights, please use the contact form.

You may also file a complaint with the CNIL (French data protection authority): https://www.cnil.fr.

11 - Cookies and Consent

During navigation, cookies may be placed on the user's device. They are used to measure Website traffic, improve navigation and offer personalised content.

Consent is collected and managed via the Cookiebot solution, which allows you to accept all cookies, refuse all cookies, or customise your choices by purpose. No non-essential cookie is installed without your prior and explicit consent.

‍

12 -Data Security

‍

The Publisher implements all appropriate technical and organisational measures to protect your personal data against accidental loss or destruction, unauthorised alteration or modification, and unauthorised disclosure or access.

‍

In the event of a data breach likely to result in a risk to your rights and freedoms, the Publisher undertakes to notify the CNIL within 72 hours in accordance with Article 33 of the GDPR, and to inform you as soon as possible if the risk is high.

‍

‍

13 - Minors

‍

The Application is accessible to persons aged at least 13 years. For users aged between 13 and 17 years, prior consent from a legal guardian is required. Access to the Discord Community is strictly reserved for persons who have reached the age of majority (18 years old).

‍

The Publisher does not knowingly collect personal data relating to children under the age of 13. If you believe that a child under the age of 13 has provided their data without parental authorisation, please contact the Publisher at contact@rovelia.io so that such data may be deleted as soon as possible.

‍

‍

14 - Amendments to the Privacy Policy

‍

The Publisher reserves the right to amend this policy at any time, in particular to comply with any legislative, regulatory or technical developments. In the event of a substantial amendment, users will be informed by email or by notification on the Website and the Application within a reasonable period prior to the amendments coming into force. The version in force is that accessible on the Website at the time of your consultation.

‍

‍

15 - Article 15 - Governing Law and Jurisdiction

This privacy policy is governed by French law.

‍
Please note that even if you are based in the United States or any other country outside France, any dispute relating to the application of this policy or to the processing of your personal data will be subject to French law and, after an attempt at amicable resolution, to the exclusive jurisdiction of the courts of Paris, France. By using our services, you acknowledge and accept this.
Users also have the right to lodge a complaint at any time and free of charge with the French data protection authority, the CNIL, regarding the processing of their personal data: https://www.cnil.fr

‍