GDPR Compliance

Last updated: March 9, 2026

Roof Visualizer Pro is committed to protecting the privacy and rights of individuals in the European Union (EU) and European Economic Area (EEA) under the General Data Protection Regulation (GDPR).

1. Data Controller

Roof Visualizer Pro acts as the data controller for personal data collected through our website and applications. For users who are part of an organization on our platform, the organization owner may also act as a data controller for data collected through their branded visualizers and embed integrations.

2. Legal Basis for Processing

We process personal data under the following legal bases:

Contract Performance

Processing necessary to provide our roof visualization services, manage your account, and fulfill subscription obligations.

Legitimate Interest

Processing for fraud prevention, security, service improvement, and analytics to enhance user experience.

Consent

Where required, we obtain explicit consent before processing (e.g., marketing communications, optional analytics).

Legal Obligation

Processing necessary to comply with applicable laws, such as tax obligations and regulatory requirements.

3. Your Rights Under GDPR

As an EU/EEA resident, you have the following rights regarding your personal data:

Right of Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten"). Use our account deletion page.

Right to Restriction

Request that we limit the processing of your personal data in certain circumstances.

Right to Data Portability

Receive your personal data in a structured, commonly used, machine-readable format.

Right to Object

Object to processing based on legitimate interests, including direct marketing.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.

4. Data We Collect

We collect and process the following categories of personal data:

  • Account information — Name, email address, company name, and password (hashed)
  • Uploaded content — Property photos submitted for roof visualization
  • Usage data — Features used, visualizations created, and interaction patterns
  • Payment data — Processed securely by Stripe; we do not store credit card numbers
  • Lead capture data — Information submitted through embedded visualizer lead forms (name, email, phone, address)

5. Data Transfers

Our services are primarily hosted in the United States. When data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place:

  • Cloudflare — Global CDN with EU data residency options and Standard Contractual Clauses (SCCs)
  • Supabase — Database hosting with data processing agreements and SCCs
  • Stripe — PCI DSS Level 1 certified with EU-US Data Privacy Framework certification
  • Google (Gemini AI) — Used for roof visualization processing with data processing agreements

6. Data Retention

We retain personal data only as long as necessary for the purposes described in our Privacy Policy:

  • Active accounts — Data retained while your account is active and for 30 days after deletion request
  • Uploaded photos — Stored in Cloudflare R2 and deleted upon account deletion or manual removal
  • Financial records — Retained as required by tax and accounting obligations (typically 7 years)

7. Data Protection Officer

For GDPR-related inquiries, data access requests, or to exercise any of your rights, please contact us:

We will respond to all GDPR-related requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

8. Exercising Your Rights

To exercise any of your GDPR rights:

Submit a Request Delete Your Account
Privacy Policy → Cookie Policy → Terms of Service →