Privacy Policy

Rosse (rosse.ai)

Last updated: 23 February 2026

1. Introduction

This Privacy Policy explains how Rosse ("we", "us", or "our"), operated by Uzair Hussain Sheikh, collects, uses, stores, and protects your personal data when you use our web application at rosse.ai (the "Service"). We are committed to protecting your privacy and handling your data transparently and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Data Controller

The data controller responsible for your personal data is:

Uzair Hussain Sheikh

Email: hi@rosse.ai

Location: London, United Kingdom

3. Data We Collect

Account Information. When you create an account, we collect your name, email address, and password (stored in hashed form).

Payment Information. If you subscribe to a paid plan, payment is processed by Stripe. We do not store your full credit card details. Stripe may collect and process your payment card number, expiration date, and billing address. Please refer to Stripe's Privacy Policy for details.

Connected Service Data. When you connect third-party services to Rosse (such as Gmail, Slack, Linear, GitHub, Google Calendar, Microsoft Teams, GitLab, Notion, Jira, and Microsoft Outlook), we access and store data from those services. This includes the full content of emails, messages, tickets, events, pull requests, and other items, as well as associated metadata such as timestamps, sender details, and subject lines. This data is necessary for Rosse to generate your briefings, identify open loops, and suggest actions.

Usage Data and Analytics. We collect information about how you use the Service, including pages visited, features used, session duration, browser type, device information, and IP address. We use cookies and third-party analytics tools, including Google Analytics and Mixpanel, for this purpose.

4. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and operate the Service, including generating personalised briefings, surfacing open loops, and enabling actions across your connected tools.

  • To process your connected service data using artificial intelligence. We use Google's AI services via Google Cloud to analyse your data and generate insights, summaries, and suggested actions.

  • To process payments and manage your subscription through Stripe.

  • To communicate with you about your account, service updates, and support requests.

  • To monitor and improve the Service through usage analytics.

  • To detect, prevent, and address technical issues and security threats.

  • To comply with legal obligations.

5. Legal Basis for Processing

Under the UK GDPR, we rely on the following legal bases:

  • Contract. Processing is necessary to perform our contract with you (i.e., providing the Service you signed up for).

  • Legitimate Interests. We process usage analytics and improve the Service based on our legitimate interest in operating and enhancing our product, balanced against your rights.

  • Consent. Where required, such as for certain cookie usage, we obtain your consent.

  • Legal Obligation. We may process data where required by law.

6. AI Processing and Sub-processors

Rosse uses artificial intelligence to analyse your connected service data and generate briefings, summaries, and action suggestions. This AI processing is carried out using Google's AI services through Google Cloud Platform.

Your data may be processed by the following sub-processors:

  • Google Cloud Platform — AI processing, data storage, and infrastructure (data stored in UK/EU regions).

  • Stripe — Payment processing.

  • Google Analytics — Usage analytics.

  • Mixpanel — Usage analytics.

We ensure that all sub-processors are bound by appropriate data processing agreements and maintain adequate security measures.

7. Data Sharing

We do not sell your personal data to any third party. We do not share your personal data except:

  • With the sub-processors listed in Section 6, solely for the purposes described in this policy.

  • Where required by law, regulation, or legal process.

  • To protect the rights, safety, or property of Rosse, our users, or the public.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service. These include:

  • Essential cookies. Required for the Service to function (e.g., session authentication).

  • Analytics cookies. Used by Google Analytics and Mixpanel to understand how users interact with the Service.

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

9. Data Storage and Security

Your data is stored on Google Cloud Platform with servers located in the United Kingdom and European Union. We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit and at rest, access controls, and regular security reviews.

While we take reasonable steps to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

10. International Data Transfers

Your data is stored within the UK and EU. In the event that data needs to be transferred outside the UK or EU (for example, through a sub-processor), we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or an adequacy decision, in compliance with the UK GDPR.

11. Data Retention

We retain your personal data only for as long as necessary to provide the Service and fulfil the purposes described in this policy.

  • Account data. Retained for the duration of your account. When you delete your account, all associated data is deleted immediately.

  • Connected service data. When you disconnect a third-party service, the data from that service is deleted immediately.

  • Payment records. Retained as required by applicable tax and financial regulations.

  • Usage analytics. Retained in anonymised or aggregated form and subject to the retention policies of Google Analytics and Mixpanel.

12. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access. You can request a copy of the personal data we hold about you.

  • Right to rectification. You can request that we correct inaccurate data.

  • Right to erasure. You can delete your account and all associated data at any time through the Service. Data is deleted immediately.

  • Right to restrict processing. You can request that we limit how we use your data.

  • Right to data portability. You can request your data in a structured, machine-readable format.

  • Right to object. You can object to processing based on legitimate interests.

  • Right to withdraw consent. Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at hi@rosse.ai. We will respond to your request within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been infringed.

13. Age Restriction

The Service is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected data from a person under 18, we will take steps to delete that data promptly.

14. Third-Party Services

The Service allows you to connect third-party accounts (such as Gmail, Slack, and GitHub). Your use of those services is governed by their respective privacy policies. We encourage you to review those policies. We are not responsible for the privacy practices of third-party services.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: hi@rosse.ai