Privacy & data (GDPR)

Rohada is the platform that provides your account, training tools, and mentor–student features. In data protection terms, we act as the controller for personal data processed in connection with accounts and core product use.

Depending on how you use Rohada, this may include:

• Account details — username, email address, and optional name fields you choose to provide.
• Usage data — information generated as you use the product (for example session or puzzle activity where the product records it).
• Communications — essential service emails such as verification, password reset, or operational notices we send to your address on file.

We use this data to:

• Create and secure your account, authenticate you, and maintain the service.
• Enable mentor and student relationships and related features you choose to use.
• Send transactional messages required to operate the account.
• Meet legal obligations where they apply (for example security or lawful retention).

Where we rely on consent (for example when you tick the registration checkbox), you can withdraw it at any time; if you do, we may not be able to keep offering features that depend on that consent. Where processing is necessary to perform our contract with you or for our legitimate interests (such as fraud prevention or service improvement), we process data on those grounds as permitted under the GDPR and applicable law.

We keep personal data only as long as needed for the purposes above, including any period we must retain information for legal, security, or dispute-resolution reasons. When data is no longer required, we delete or anonymise it in line with our practices and the law.

Under the GDPR, you have the following rights over your personal data:

• Access — you can ask what personal data we hold about you and receive a copy.
• Rectification — you can have inaccurate data corrected and incomplete data completed.
• Erasure, restriction, and objection — you can ask us to delete your data, limit how we use it, or object to certain processing.
• Data portability — you can receive the personal data you gave us in a structured, commonly used format, where technically feasible.
• Complaint — you can lodge a complaint with a data protection supervisory authority.

To exercise any of these rights, contact us through the support or contact channel we publish for the product. We respond within the time limits the GDPR sets.