Roll Lab

Privacy Policy

Last updated: 2026-04-13

Introduction

Roll Lab is operated by Double Tree Studio Inc. ("we", "us", "our"), a company incorporated in British Columbia, Canada. Roll Lab provides an online service for film photographers to log rolls, upload scans, and manage gear. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and application at rolllab.app (the "Service").

By creating an account or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Information we collect

Account information

When you create an account, we collect:

  • Email address
  • Password (stored in hashed form; we never store or have access to your plaintext password)
  • Name (optional, if you choose to provide it)

Content you create and upload

When you use the Service, you may choose to store:

  • Film roll records (status, film stock, camera body, frame count, ISO, location, notes, dates)
  • Photos and scans (image files in multiple resolutions, plus metadata such as film stock, camera, lens, ISO, aperture, shutter speed, location, frame number, title, description, and tags)
  • Equipment records (camera bodies, lenses, and related specifications)
  • Film stock inventory (stock types and quantities)

Billing information

If you subscribe to a paid plan, payment is processed by Stripe. We do not store your credit card number or full payment details. Stripe provides us with limited information such as the last four digits of your card, card brand, expiration date, and billing address. Please refer to Stripe's Privacy Policy for how they handle your payment data.

Technical and log data

When you access the Service, our servers automatically collect basic technical data needed to operate and secure the platform, including IP address, browser type and version, device type, request timestamps, and referring URLs.

How we use your information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and protect your account
  • Process subscriptions and payments through Stripe
  • Send transactional emails (password resets, account confirmations, billing receipts, and important service updates)
  • Respond to your support requests and inquiries
  • Monitor and improve security, performance, and reliability
  • Comply with legal obligations and enforce our Terms of Service

We do not sell your personal information. We do not use your data for advertising or behavioral profiling. We do not use third-party analytics or tracking tools.

Cookies and local storage

We use minimal browser storage, limited to what is necessary for the Service to function:

  • Session cookie: A secure, HTTP-only cookie used to keep you signed in. This cookie is essential for authentication and cannot be disabled while using the Service.
  • Theme preference: Your light/dark mode preference is stored in your browser's local storage so the interface displays correctly on each visit.

We do not use marketing cookies, advertising cookies, or any third-party tracking cookies.

Third-party services

We share data with the following third-party service providers, only as necessary to operate the Service:

  • Stripe — Processes payments and manages subscriptions. Receives billing-related information when you subscribe to a paid plan.
  • Cloudflare — Provides hosting, content delivery, and security services. Processes requests to and from the Service.
  • Cloud storage provider — Stores your uploaded photos and scans in encrypted object storage.

These providers act as data processors on our behalf and are contractually obligated to protect your information. We do not sell or share your data with any other third parties.

Data storage and security

Your data is stored on servers located in the United States. Photos and account data are stored in encrypted object storage. Passwords are cryptographically hashed and never stored in plaintext. All data is transmitted over HTTPS.

We implement industry-standard security measures to protect your information, including encryption at rest and in transit, secure session management, and access controls. However, no method of electronic storage or transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Data retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain certain information for legal, billing, or fraud prevention purposes.

Technical log data (IP addresses, request logs) is retained for up to 90 days for security and operational purposes, then automatically deleted.

Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data and account.
  • Export: Request a portable copy of your data in a common format.
  • Objection: Object to certain types of processing of your data.
  • Withdrawal of consent: Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at info@rolllab.app. We will respond to your request within 30 days.

Canadian privacy law (PIPEDA)

As a Canadian company, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation in British Columbia. You have the right to access your personal information held by us, challenge its accuracy, and request amendments. You may also file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

For EEA and UK users (GDPR)

If you are located in the European Economic Area or United Kingdom, we process your personal data under the following legal bases:

  • Contract: Processing necessary to provide the Service you signed up for.
  • Legitimate interest: Processing necessary for security, fraud prevention, and service improvement.
  • Legal obligation: Processing required to comply with applicable laws.

Your data is transferred to and stored in the United States. We rely on standard contractual clauses and other appropriate safeguards for international data transfers. You may lodge a complaint with your local data protection authority.

For California users (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect about you and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of your personal information (we do not sell your data)
  • Not be discriminated against for exercising your privacy rights

To make a request, contact us at info@rolllab.app.

Children's privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal data, please contact us at info@rolllab.app.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice within the Service prior to the change becoming effective. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

Contact us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

  • Email: info@rolllab.app
  • Company: Double Tree Studio Inc., British Columbia, Canada