Legal

Privacy Policy

Effective February 12, 2026 · Last updated February 12, 2026

Roamp (“we,” “us,” “our”) runs the website at roamp.it. This policy explains what data we collect, why we collect it, and how we protect it. We wrote it in plain English because privacy policies shouldn’t require a law degree.

What we collect

Account info

When you sign up, we collect your email address and a password. We never store your password in plaintext — it’s hashed with bcrypt before it touches our database. If you sign in with Google, we receive your name and email from Google’s OAuth service.

Scan data

When you submit a URL for an audit, we take screenshots of that page and send them to our AI analysis engine. The screenshots, the URL you submitted, and the resulting audit report are stored in our database. We don’t collect any data from the website you’re auditing — only screenshots visible in a normal browser.

Usage data

We use Google Analytics to understand how people use Roamp. This tracks things like page views, button clicks, and which features get used. We don’t send any personal identifiers to Google Analytics — no names, no emails, no account IDs.

How we use your data

Run your audits and display your results
Authenticate you and keep your session secure
Send transactional emails (account confirmation, password resets)
Improve the product using aggregate, anonymous usage analytics

We don’t sell your data. We share it only with the third-party services listed below, which receive the minimum data they need to function. Meta receives hashed identifiers for conversion tracking as described in our Cookies section.

Third-party services

Roamp relies on a small number of third-party services to operate. Here’s who they are and what they receive:

Service	Data received	Purpose
Supabase	Account info, scan data	Database and authentication
Google Cloud	Page screenshots	Hosting and screenshot storage
Anthropic (Claude)	Page screenshots (not your personal data)	AI-powered audit analysis
Resend	Your email address	Transactional email
Google Analytics	Page views, events (no personal identifiers)	Anonymous usage analytics
Google OAuth	Name and email (only if you choose Google sign-in)	Sign-in with Google
Stripe	Email, payment info (card data stays on Stripe)	Payment processing
Meta (Facebook)	Page views, purchase events (hashed email for matching)	Conversion tracking and advertising

Cookies

We use three types of cookies:

Session cookies — set by Supabase to keep you signed in. These are essential and can’t be disabled without breaking authentication.
Analytics cookies — set by Google Analytics to track anonymous usage. These help us understand how people use Roamp.
Advertising cookies — set by Meta Pixel to measure ad performance and conversions. We also send server-side events to Meta with hashed identifiers for attribution.

Data retention

Your account data is stored as long as your account is active. Scan results (URLs, screenshots, and audit reports) are stored indefinitely so you can return to them. If you delete your account, we’ll delete your personal data within 30 days. Anonymized, aggregate analytics data may be retained.

Security

All traffic to and from Roamp is encrypted with HTTPS. Passwords are hashed with bcrypt — we never store or log them in plaintext. Our database is hosted on Supabase with row-level security. Screenshots are stored in Google Cloud Storage with access restricted to our application.

Your rights

You can:

Request a data export — we’ll send you everything we have on file
Request deletion — we’ll remove your account and personal data within 30 days
Update your email — contact us and we’ll update it

For any of these, email us at support@roamp.it.

Changes to this policy

If we make significant changes, we’ll update this page and email registered users. Minor wording changes won’t trigger a notification, but the “last updated” date at the top will always reflect the most recent revision.

Contact

Questions about this policy? Email support@roamp.it.