Privacy Policy

Who we are

Unlabored Labs, Inc. is the controller of personal data processed for roda.place, the Roda mobile app, waitlist, bookings, support, and Roda-arranged events.

Registered address: 131 Continental Dr Suite 305, Newark, DE 19713, United States.

EU representative: Weishang Lu, Penha Longa D, Estrada da Lagoa Azul, Linho, 2714-511 Lisboa, Portugal, wynn@unlabored.net.

You can contact us about privacy, legal, or support requests at hello@roda.place.

Scope

This policy applies to the Roda landing page, waitlist, mobile app, event booking flows, support channels, and Roda-arranged gatherings in Portugal and the EU.

Roda is for people aged 18 or older. We do not knowingly collect personal data from children or allow minors to use the service.

Data we collect

• Waitlist data: email address, signup time, consent records, referral or campaign source, and basic technical information such as IP address and browser data.
• Account data: identifiers, email address, name, and authentication information provided through Clerk and Apple or Google sign-in.
• Questionnaire data: full answers about city, neighborhoods, availability, social preferences, plan types, conversation style, budget comfort, accessibility or mobility needs, food constraints or allergies, safety concerns, and event confidence needs.
• Preference data: food constraints, accessibility and mobility needs, budget range or ceiling, social intent labels, and optional no-match safety text.
• Matching data: profile summaries, compatibility signals, match scores, group assignments, and human review notes used to arrange events.
• Event and booking data: event selection, attendance status, venue or host details, payments, refunds, subscription status if memberships are offered, communications, and support history.
• Device and app data: app logs, device type, operating system, crash or diagnostic information, and motion permission status if you grant motion access in the mobile app.
• Analytics data: page views, app events, interaction metadata, device and browser information, approximate location derived from technical data, and consent choices collected through PostHog or similar tools.

How we use data

• To operate the waitlist, mobile app, accounts, bookings, payments, subscriptions, support, and Roda-arranged events.
• To understand preferences and arrange compatible small-group plans, including by using human-reviewed AI-assisted matching.
• To communicate about launch status, event details, safety issues, product updates, service messages, and customer support.
• To process payments, refunds, accounting records, tax records, fraud checks, and legal obligations.
• To improve reliability, measure product usage, debug issues, protect the service, and prevent abuse.
• To honor consent choices for analytics, waitlist updates, marketing communications, and optional sensitive details.

Legal bases

We rely on the following GDPR legal bases depending on context.

• Contract: to provide the Roda app, bookings, paid events, subscriptions, support, and account features you request.
• Consent: for waitlist marketing where required, non-essential analytics, and optional information that may reveal health, accessibility, allergy, or similar sensitive details.
• Legitimate interests: to improve the service, keep Roda safe, prevent fraud or abuse, understand aggregate product usage, and manage business operations, where those interests are not overridden by your rights.
• Legal obligation: for tax, accounting, consumer-law, payment, regulatory, and dispute records.
• Vital interests or public interest: only if needed to respond to urgent safety or emergency situations.

Sensitive information

Some questionnaire or preference answers, such as accessibility needs, allergies, dietary restrictions, or safety concerns, may reveal sensitive personal data. We ask for this only where it helps us arrange safer and more suitable events. You can choose not to provide optional details, but that may limit our ability to account for those needs.

We do not ask users to upload photos, public bios, or user-generated media at launch.

AI-assisted matching

Roda may send full questionnaire answers and related preference data to OpenAI API models and internal matching systems to generate summaries, compatibility signals, event suggestions, and group-placement recommendations.

AI output assists our team. A human reviews matches and event placements before users receive event arrangements. Roda does not use AI as the sole basis for decisions that produce legal or similarly significant effects.

We minimize prompts and outputs where practical, restrict processor access by contract, and avoid using AI output as a substitute for safety review or user consent.

Who receives data

We share personal data only as needed to operate Roda, comply with law, or protect users.

• Service providers and processors: Clerk, Convex, Vercel, PostHog, OpenAI API, Expo/EAS, Stripe, email providers, hosting, logging, support, security, and similar vendors.
• Hosts and venues: limited event details needed to run the gathering, such as reservation names, group size, accessibility or dietary needs, and safety or operational notes.
• Professional advisers and authorities: accountants, lawyers, insurers, regulators, courts, law enforcement, or consumer authorities where necessary.
• Business transfers: if Roda is reorganized, sold, financed, or merged, subject to appropriate confidentiality and data protection terms.

International transfers

Unlabored Labs, Inc. is a US company operating Roda for Portugal and the EU. Some providers may process data in the United States or other countries outside the EEA.

Where personal data is transferred outside the EEA, we use appropriate safeguards such as EU Standard Contractual Clauses, transfer impact assessments, data processing agreements, and provider security controls where required.

Retention

• Waitlist data: until launch plus up to 12 months, unless you ask us to delete it earlier or consent to remain on a mailing list.
• Account, questionnaire, preference, matching, and event profile data: while your account is active, then generally deleted or anonymized within 30 days after deletion unless we need it for legal, safety, fraud, accounting, or dispute reasons.
• Backups: retained for up to 90 days before rotation or deletion.
• Analytics data: retained for up to 12 months unless a shorter period is configured or required.
• Payment, booking, tax, accounting, and dispute records: retained as long as required by applicable law or necessary to resolve claims.

Your rights

If you are in the EU, you may have the right to access, correct, delete, restrict, or object to processing of your personal data, to receive a portable copy, to withdraw consent, and to object to direct marketing.

You may also have rights related to automated decision-making. Roda uses human-reviewed AI-assisted matching and does not make solely automated legally significant event-placement decisions.

To exercise rights, contact hello@roda.place. You may also contact our EU representative at wynn@unlabored.net. You can complain to Portugal's Comissão Nacional de Proteção de Dados or another competent EU data protection authority.

Security

We use technical and organizational safeguards designed to protect personal data, including access controls, processor due diligence, encrypted transport where available, and limited internal access. No service can guarantee perfect security, but we work to reduce risk and respond to incidents promptly.

Changes

We may update this policy as Roda changes. If changes are material, we will take reasonable steps to notify users, such as by email, in-app notice, or an updated notice on roda.place.