Privacy Policy

Last updated: 12 June 2026 — Version: 2026-06-12-v1

This Privacy Policy describes how personal data is processed within the Roro Vision service, in accordance with Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act No. 78-17 of 6 January 1978, as amended.

1. Data controller

The data controller is Alexandre Khalifé, a sole trader operating under the trade name "Roro Vision", SIREN 989 113 352 (Créteil Trade and Companies Register), whose registered office is at 29 Boulevard Henri Ruel, 94120 Fontenay-sous-Bois, France.

For any question regarding your data or to exercise your rights: support@roro.vision — Phone: +33 7 82 03 85 21.

2. Purposes of processing

provide the voice reading-assistance service for visually impaired people (voice description of photographed documents and objects);
create and manage your account and authenticate you;
manage credits, subscriptions and purchases;
improve and secure the service;
comply with our legal obligations (in particular keeping consent records).

3. Lawful bases

In accordance with Article 6(1) of the GDPR, processing is based, depending on the purpose, on:

consent (Article 6(1)(a)) — in particular for the consent obtained before first use and, where applicable, usage analytics;
performance of a contract (Article 6(1)(b)) — processing necessary to provide the service you request;
legitimate interests (Article 6(1)(f)) — improving and securing the service.

4. Data collected

Account data: email address (authentication), display name (optional), voice preferences (speed, gender) and language, biometrics-enabled flag;
Session photos: photos you take during a session are transmitted for processing and stored securely;
In-session audio transcription: the audio stream as such is not retained; only the transcription needed for operation and summary is processed;
Session metadata: timestamp, credits consumed, type of use, language, snapshot of voice preferences.

5. Data that may relate to health (Article 9 of the GDPR)

The service neither solicits nor requires health data. However, as part of general-purpose use (for example reading a medication dosage), a user may voluntarily provide information that may fall within Article 9 of the GDPR (special categories of data). Such information is processed solely to answer the user's specific request.

6. Processors (Article 28 of the GDPR) and recipients

We use the following processors, which act only on our documented instructions:

Processor	Role	Location / transfer	Transfer safeguard
Google (Gemini / Cloud / Vertex AI)	Generative AI (session photos and transcription)	EU regions available; inference may occur outside the EU	EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCC)
LiveKit Cloud	Real-time audio/video infrastructure	Regional pinning possible; observability outside the EU	DPF, Standard Contractual Clauses (SCC) and UK IDTA
Supabase	Database, storage and authentication	EU region (Frankfurt)	Standard Contractual Clauses (SCC)
Fly.io	Backend and worker hosting	EU region (Paris)	EU-US Data Privacy Framework (DPF)
RevenueCat	Subscription and purchase management	United States infrastructure	Standard Contractual Clauses (SCC)
Sentry	Error monitoring	EU residency option	DPF and Standard Contractual Clauses (SCC)
PostHog	Usage analytics (can be enabled / disabled)	PostHog Cloud EU (Frankfurt)	Standard Contractual Clauses (SCC)

Advertising measurement (Meta)

To measure the effectiveness of our advertising campaigns, the application embeds the SDK of Meta Platforms Ireland Limited (Merrion Road, Dublin 4, Ireland). Unlike the processors above, Meta acts as a separate data controller for this measurement. The data processed is limited:

iOS: install attribution relies on Apple's SKAdNetwork framework — aggregated, anonymised data, with no advertising identifier and no cross-app tracking (no tracking permission is requested). App events (install, app launch, purchases, credits spent) are also sent to Meta, without any advertising identifier;
Android: device advertising identifier and app events (install, app launch, purchases, credits spent).

This measurement is enabled by default and can be disabled at any time via the app's analytics setting (the same setting as usage analytics). The first technical events (install, first app launch) may however be sent before that choice is expressed. Transfers to the United States are governed by the EU-US Data Privacy Framework and Standard Contractual Clauses (SCC). More information: Meta Privacy Policy.

7. Transfers outside the European Union

Where processing involves a transfer to a third country, it is governed by the appropriate safeguards under Articles 44 to 49 of the GDPR: Standard Contractual Clauses adopted by the European Commission (Article 46) and, where applicable, a processor's participation in the EU-US Data Privacy Framework (adequacy decision).

8. Retention periods

Account data: kept for as long as the account is active;
Session photos: purged no later than 45 days after the account deletion request;
Summaries and transcriptions (administrator access): purged no later than 45 days after the account deletion request;
Consent records: kept as required by law (append-only audit trail).

Account deletion is preceded by a 30-day cooling-off period during which the account can be reactivated.

9. Your rights

Under Articles 15 to 21 of the GDPR, you have the following rights:

right of access (Article 15);
right to rectification (Article 16);
right to erasure, the "right to be forgotten" (Article 17);
right to restriction of processing (Article 18);
right to data portability (Article 20);
right to object (Article 21).

To exercise these rights, contact support@roro.vision.

10. Data Protection Officer (DPO)

The role of Data Protection Officer is held by the director of Roro Vision, who can be reached at support@roro.vision.

11. Supervisory authority

Under Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. In France, the competent authority is the Commission nationale de l'informatique et des libertés (CNIL) — cnil.fr.

12. Minors

The service is not intended for children under 15. In France, consent to data processing in the context of online services requires a minimum age of 15 (Article 8 of the French Data Protection Act).

13. Data residency

At launch, data is hosted in the European Union (single region). Any transfers to processors located outside the EU are governed in accordance with section 7.

14. Cookies and trackers

The Roro Vision mobile application does not use cookies. Usage within the application is measured using PostHog (by means of a tracking identifier) and technical errors are collected via Sentry. Audience measurement can be disabled in the application settings.

15. Updates

This policy may be updated. Users are informed of significant changes within the application.

Notes and references

Applicable official references.

GDPR, Article 6 (lawfulness), Article 9 (special categories) — CNIL, Chapter II.
GDPR, Articles 12 and 13 (information); Articles 15 to 21 (rights) — CNIL, Chapter III.
GDPR, Article 28 (processor), Article 37 (DPO) — CNIL, Chapter IV.
GDPR, Articles 44 to 49 (international transfers) — CNIL, Chapter V.
GDPR, Article 77 (right to lodge a complaint) — CNIL, Chapter VIII.
French Data Protection Act No. 78-17 of 6 January 1978 — Légifrance.
Processors' data processing addenda (DPA): Google Cloud, LiveKit, Supabase, Fly.io, RevenueCat, Sentry, PostHog.