Privacy Policy

Roseiies (“Roseiies”, “we”, “our”) builds a modular operations platform for hospitality properties — gardens, kitchens, dining rooms, cellars, cafés, and rooms — that share one workspace. This Privacy Policy explains what personal data we collect when you visit roseiies.com, sign in to the Studio app, or interact with a public surface a workplace has chosen to publish, why we collect it, and the choices you have.

1. Who we are

Roseiies is the company behind the marketing site at roseiies.com and the Studio app used by workplaces and their teams. Olivea is the founding beta workplace; additional workplaces are onboarded as we open access. If you have any question about this policy, write to us at hello@roseiies.com.

2. What we collect

2.1 Information you give us

• Waitlist signups. When you join the waitlist on roseiies.com we collect your name, email address, and (optionally) your company.
• Account information. When you sign in to Studio, we receive your name, email, and the role your workplace owner assigned to you.
• Operational workspace data. Anything you or your team enter into the apps your workplace has enabled — for example garden plantings and water schedules, kitchen prep events, wine cellar inventory, property-map zones, room and suite data, tasks, schedules, attendance, payroll, and inventory entries. Some apps handle employee data; for those, your workplace owner is the data controller and we process the data on their behalf.
• Branding assets. Logos and other files your workplace owner uploads through Studio (stored as workspace settings).
• Communications. If you email us we’ll keep a record of that conversation so we can follow up.

2.2 Information collected automatically

• Usage & technical data. Like most web services, we receive standard request data (IP address, user agent, requested URL, timestamps) when you visit our pages. We use this for security, debugging, and aggregate traffic analysis.
• Cookies & local storage. We use a small number of strictly-necessary cookies and browser storage values: a session cookie issued by our authentication provider (Supabase) so you stay signed in to Studio, and local-storage values for preferences such as your interface language. We do not use third-party advertising or cross-site tracking cookies.
• Demo sessions. If you sign in to the demo flow on roseiies.com, we issue a short-lived guest token tied to a sample workplace so you can explore the product. The token carries no personal data beyond the email you submitted.

3. How we use your data

• To operate, maintain, and improve the Roseiies product.
• To communicate with you about your account, the waitlist, and product updates you’ve opted into.
• To debug issues, prevent abuse, and protect the security of our service.
• To comply with our legal obligations.

We do not sell your personal data, and we do not use one workplace’s operational data to train models that serve other workplaces.

3.1 AI features (eiie)

Roseiies includes an AI assistant we call eiie. Inside Studio, eiie can summarize what’s happening across your workplace, surface tasks, and answer questions — always scoped to the data your role can already see. We send the prompts and the relevant data context to a large-language-model provider under contract to generate the response, then return it to you. Your workspace data is used to serve you within your workspace; it is not used to train shared models, sold to third parties, or shown to other workplaces.

4. Who we share data with

We rely on a small set of trusted third-party providers (“subprocessors”) to run the service:

• Supabase — primary database, authentication, file storage, and realtime sync. All operational data is stored here under row-level security so a workplace member can only read or write what their role permits.
• Vercel — hosts the marketing site and Studio app, serves them from edge locations near you, and runs the serverless functions behind our APIs.
• Resend — sends transactional email such as waitlist confirmations and account-related notifications.
• LLM provider — when you use the eiie assistant, your prompt and the relevant workspace context are sent to an AI model provider under contract for inference. The provider is contractually prohibited from using that data to train its own models.

We may also disclose data if required by law, to enforce our Terms, or to protect our rights, property, or the safety of our users.

4a. Public surfaces a workplace can choose to publish

Workplace owners can choose to make some surfaces of their workspace public — for example a live garden map at /r/{workplace}/{slug}/live or a snapshot at /view/{viewId}. Anything published this way is intentionally accessible at the public URL the workplace shares, and may be embedded by third parties. If you’re a workplace owner, only publish data you’re comfortable making public.

5. Where data is stored & transferred

Our infrastructure providers operate in multiple regions, primarily in the United States and the European Union. By using Roseiies you understand that your data may be transferred to and stored in countries outside your own.

6. How we protect data

• All traffic to roseiies.com and Studio is encrypted in transit (HTTPS / TLS).
• Data at rest in Supabase is encrypted by the provider.
• Workplace data is partitioned by row-level security and per-app permissions, so members only see what their role allows.
• We follow the principle of least privilege internally: only people who need access to support a feature have it.

No system is perfectly secure. If we ever discover a breach that affects you, we’ll notify you promptly and follow the legal requirements that apply.

7. How long we keep data

• Waitlist data is kept until you ask us to delete it or for a reasonable period after public launch.
• Account & workspace data is kept while your workspace is active. When a workspace is closed, its data is deleted (or de-identified for aggregate analytics) within a reasonable window.
• Server logs are kept for a short window for debugging and abuse prevention.

8. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain uses. To exercise any of these rights, email us at hello@roseiies.com. We’ll respond within a reasonable time and, where we’re required to, within the timeframes set out by applicable law.

You also have the right to lodge a complaint with your local data protection authority.

9. Children

Roseiies is not intended for children under 16, and we do not knowingly collect personal data from anyone under that age. If you believe a child has provided us with personal data, please contact us and we’ll delete it.

10. Changes to this policy

We may update this policy from time to time. The date at the top of this page reflects the most recent change. If we make a material change we’ll let you know — for account holders, by email or by a notice in Studio.

11. Contact us

Questions, requests, or concerns? Write to hello@roseiies.com.