R RoomRota
Set up your centre

Privacy Policy

Last updated: 2026-06-14.

This policy explains how RoomRota, a room-booking service operated by Built-By-Bobby (“we”, “us”), handles personal data. Questions: [email protected].

Our two roles

  • For the people who run a centre (the admins who sign up for RoomRota), we are the data controller of your account data, as described below.
  • For the people who book a room on a centre’s site, we are only a data processor acting on that centre’s instructions. The centre is the controller of those bookings — see that centre’s own Privacy Notice (linked in the footer of its booking page).

What we collect from centre administrators, and why

  • Account details — your name, login email, and a securely hashed password — to create and secure your admin login. Lawful basis: contract (Art. 6(1)(b) GDPR).
  • Centre details — centre name, address, contact email/phone, charity number — to set up and display your booking page. Lawful basis: contract.
  • Billing information, if you subscribe to a paid plan, handled by our payment provider (we do not store card numbers). Lawful basis: contract.

We keep account data for as long as your centre uses RoomRota, and delete it within a reasonable period after you close your account (subject to any legal retention we are required to keep).

Who processes data for us (sub-processors)

  • Hetzner Online GmbH (Germany) — hosting of the application and database, within the EU.
  • Scaleway SAS (France) — encrypted off-site database backups, within the EU.
  • Stripe Payments Europe Ltd (Ireland) — payment processing. Card details are entered directly on Stripe and never reach our servers. Stripe may transfer limited technical data to the USA under the EU-US Data Privacy Framework and EU Standard Contractual Clauses.
  • Brevo (Sendinblue SAS) (France) — sending transactional email.

We do not sell personal data or use it for advertising.

Cookies

We use a single, strictly-necessary session cookie that protects the forms on this site. We use no analytics, advertising, or third-party tracking, so we do not show a cookie banner.

Your rights

Under the GDPR you can ask us to access, correct, erase, or restrict the processing of your account data, and you can object to processing or request portability. Email [email protected]. You can also complain to the Data Protection Commission (www.dataprotection.ie). If your query is about a booking you made on a centre’s site, please contact that centre, who is the controller of that data.

Changes

We may update this policy; the “last updated” date above shows when. Material changes will be notified to centre administrators by email.