Privacy policy

Last updated: May 19, 2026
Version: 1.0
Compliance: GDPR (EU), CCPA (California), Law No. 2010/012 (Cameroon)

1. Introduction

Rollo Technologies Inc. ("Cogite", "we", "our") places the utmost importance on protecting your personal data. This Privacy Policy (hereinafter "Policy") is intended to inform you transparently about how we collect, process, use, share and protect your personal data in connection with your use of our Site and Services.

This Policy complies with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Privacy Act ("CCPA"), and Cameroonian Law No. 2010/012 of December 21, 2010 on cybersecurity and cybercrime.

2. Data controller

The controller of data collected via the Site and Services is:

Rollo Technologies Inc.
1111B S Governors Ave, Suite 59264
Dover, DE 19904
United States

For any question regarding this Policy or the exercise of your rights, you can contact our Data Protection Officer (DPO) at: privacy@cogite.ai

3. Personal data collected

We collect and process the following categories of data:

3.1 Data you provide directly

• Identification information: first name, last name, job title, company;
• Contact details: professional email address, phone number (optional);
• Content of your request: messages sent via our contact forms, project descriptions;
• For applications: CV, cover letter, professional background.

3.2 Data collected automatically

• Technical data: IP address, browser type, operating system, internet service provider;
• Navigation data: pages visited, visit duration, journey on the Site, referral source;
• Technical cookies: session identifiers, language preferences.

3.3 Data from third parties

We may receive professional information about you when you interact with our profiles on third-party platforms (LinkedIn, GitHub) or when you are mentioned in a public professional context.

4. Processing purposes

Your personal data is processed for the following purposes:

1. Managing the commercial relationship: responding to your contact requests, developing commercial proposals, negotiating and executing contracts;
2. Marketing communication: sending information about our services, newsletters, event invitations (with your consent);
3. Recruitment: processing your application, assessing your suitability for the position;
4. Site improvement: statistical analysis of audience to optimize user experience;
5. Legal obligations: compliance with our accounting, tax and regulatory obligations;
6. Security: fraud prevention, security incident detection, access logging.

5. Legal bases for processing

In accordance with GDPR, each processing rests on a specific legal basis:

• Consent (Art. 6.1.a GDPR): for sending marketing communications, placing non-essential cookies;
• Contract performance (Art. 6.1.b): for managing the contractual relationship with our Clients;
• Legal obligation (Art. 6.1.c): for compliance with accounting, tax and legal obligations;
• Legitimate interest (Art. 6.1.f): for anonymized audience analysis, Site security, reasonable B2B commercial prospecting.

6. Data recipients

Your personal data may be shared with the following categories of recipients, strictly to the extent necessary:

• Authorized Rollo Technologies personnel: commercial, legal, technical and HR teams with a legitimate need for access;
• Technical subcontractors: hosting provider (Cloudflare Inc.), email sending service, CRM tools. All our subcontractors are subject to contractual commitments of confidentiality and GDPR-compliant protection;
• Public authorities: upon legal request, in the context of judicial investigations or legitimate administrative requests;
• Professional advisors: lawyers, accountants, auditors, in the exercise of our rights.

We never sell your personal data to third parties.

7. International transfers

Your data may be transferred to the following countries:

• United States: registered office of Rollo Technologies Inc. Transfers are framed by Standard Contractual Clauses (SCCs) approved by the European Commission;
• Cameroon: Cogite operational team. Transfers are framed by appropriate contractual safeguards.

In all cases, we ensure that data recipients offer an adequate level of protection or that appropriate safeguards are in place.

8. Retention period

Your personal data is retained for the following periods:

• Prospects: 36 months from last contact;
• Clients: for the duration of the contractual relationship, then 10 years for accounting obligations;
• Unsuccessful candidates: 24 months from last exchange (unless deletion request);
• Navigation data: 13 months maximum;
• Technical cookies: session duration or maximum 13 months.

9. Your rights

In accordance with GDPR, CCPA and applicable laws, you have the following rights:

• Right of access (Art. 15 GDPR): obtain confirmation that your data is being processed and a copy of it;
• Right to rectification (Art. 16): correct inaccurate or incomplete data;
• Right to erasure (Art. 17): "right to be forgotten", request deletion of your data;
• Right to restriction (Art. 18): temporarily restrict the processing of your data;
• Right to portability (Art. 20): receive your data in a structured format and transfer it to another controller;
• Right to object (Art. 21): object to the processing of your data on legitimate grounds;
• Right to withdraw consent at any time, without affecting the lawfulness of prior processing;
• Right to define post-mortem directives on the fate of your data;
• Right to lodge a complaint with the CNIL (France), ICO (UK), California Attorney General (USA), or any other competent supervisory authority.

To exercise these rights, contact us at privacy@cogite.ai. We will respond within one month, extendable by two months in case of particular complexity.

10. Data security

We implement appropriate technical and organizational measures to protect your data against loss, misuse, unauthorized access, disclosure, alteration or destruction. These measures notably include:

• TLS 1.3 encryption of data in transit;
• AES-256 encryption of data at rest;
• Strong authentication of administrator access;
• Access logging and auditing;
• Regular backups and restoration testing;
• Security training for teams;
• Quarterly-tested business continuity plan.

11. Cookies

The Site uses exclusively essential technical cookies:

• cogite_lang: stores your language preference (duration: 13 months);
• cogite_session: technical session identifier (duration: end of session).

No advertising, behavioral tracking or third-party profiling cookies are used without your explicit consent. If we implement an audience analytics tool (Plausible, Fathom), it will be GDPR-compliant and will not require a consent banner as it collects no personal data.

12. Minors

The Site and Services are not intended for persons under 16 years of age. We do not knowingly collect personal data concerning minors. If you are a parent or guardian and find that your child has provided us with data, contact us for deletion.

13. Automated decisions and profiling

We make no decisions producing legal effects or significantly affecting individuals solely on the basis of automated processing or profiling.

14. Policy modifications

We reserve the right to modify this Policy to reflect changes in our practices or legislation. Any substantial modification will be notified to you by posting on the Site or by email for registered contacts.

15. Contact

For any question, request or complaint regarding the protection of your data:

• Email: privacy@cogite.ai
• Mail: Rollo Technologies Inc. — DPO, 1111B S Governors Ave, Suite 59264, Dover, DE 19904, United States

You also have the right to lodge a complaint with the competent supervisory authority, notably the CNIL in France (www.cnil.fr) or the ICO in the UK (ico.org.uk).