Privacy Policy

Last updated: April 27, 2026

Welcome to iRoll BJJ. We respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website irollbjj.com, use our mobile application, or otherwise use our services.

Information We Collect

Personal Information

We may collect personal information that you voluntarily provide to us when you:

  • Create an account
  • Use our app
  • Contact us for support
  • Subscribe to our newsletter

The types of personal information we may collect include:

  • Name
  • Email address
  • User ID and password
  • Training notes and logs

Subscriptions, purchases, and payment information

We offer paid subscriptions and purchases. We do not store your full payment card numbers on our servers. Card and wallet payments are processed by our payment service providers. Depending on how you pay, that may include Stripe (for many web and card-based flows) and, for in-app purchases, Google Play or Apple’s App Store and our in-app purchase integration (we use a subscription and purchase service to entitle your account). We receive and store information needed to provide the service, such as subscription status, plan or product identifiers, transaction references, and related metadata—not complete card or bank account details.

Push notifications

If you opt in to notifications, we collect and use device push tokens (and related device or platform information needed to address messages to your device) so we can send you push notifications. On Android, delivery may use Google Firebase Cloud Messaging (FCM); on iOS, Apple’s push notification service. We delete any store push tokens once you sign out. Google and Apple’s handling of data in connection with their platform services is also described in their respective policies.

Usage Data

We automatically collect certain information when you visit our website or use our app. This data helps us improve our services and includes:

  • IP address
  • Browser type
  • Device information
  • Operating system
  • Pages visited and time spent on each page

Cookies and similar technologies (web and app)

On our website, we use cookies to enhance your experience, maintain sessions, and understand how the site is used. Cookies are small data files stored on your device; you can control them through your browser settings. In our mobile app, we may use similar technologies (such as local storage or tokens on your device) to keep you signed in and operate the service, in addition to the data described above.

How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our services (including your training data and account features)
  • To process and manage subscriptions and purchases and to sync entitlements to your account
  • To send you push notifications when you have enabled them, using the device tokens we hold for that purpose
  • To deliver transactional and service email (for example, account, billing, and support messages)
  • To communicate with you about your account or transactions
  • To send you promotional materials and updates (where permitted)
  • To personalize your experience on our site and app
  • To analyze usage patterns, monitor reliability and errors, and improve performance and security

Sharing Your Information

We do not sell or rent your personal information to third parties. We share personal information with service providers and platforms that help us run iRoll BJJ, under contracts and settings that require them to use your information only to provide their services to us. Depending on the features you use, this may include:

  • Payment processing: for example, Stripe for many card or web payment flows, and for in-app purchases the relevant app store (e.g. Google or Apple) together with our in-app subscription tooling
  • Email delivery: for example, to send transactional and service email
  • Reliability and security: for example, to record errors and diagnose issues (which may include technical details such as IP address or account identifiers in error reports, depending on the incident)
  • Push delivery: for example, Google (FCM) and Apple to deliver push notifications to your device
  • Infrastructure and hosting and other IT vendors we use to store and run our service

We may also share information: to comply with legal obligations or protect our rights; in connection with a merger, sale, or other business transfer; or with your direction or consent. A service provider’s own terms and privacy policy may apply to how they use data on their systems, in addition to our instructions to them where we act as a controller.

International data transfers

iRoll Ltd is based in the United Kingdom. Your information may be processed in the UK and, where we use service providers, in the EEA, United States, or other countries in which those providers operate. When we transfer personal data from the UK or EEA to countries that are not subject to an adequacy decision, we use appropriate safeguards (such as the UK/EEA standard contractual clauses approved for international transfers) or other lawful transfer mechanisms, as required by applicable data protection law.

Data Retention

We keep your personal information only for as long as we need it for the purposes described in this policy, unless a longer period is required or allowed by law.

While your account is active

We retain account-related information (for example, profile details, sign-in data, and training notes or logs you save) for as long as you maintain an account and we need the data to provide the service, unless you ask us to delete it earlier as explained below.

Push notification tokens

We keep push device tokens on our systems only for as long as we need them to send notifications to your current device. We remove push tokens from our database when a token is no longer valid (for example, after a failed delivery) or when you sign out, in line with the description under Push notifications above.

After you request account or data deletion

If you ask us to delete your account and personal data, for example by using our account data deletion request form, we will process your request and delete the personal data we hold in connection with that request within 30 days of you confirming the request, consistent with the commitment stated on that page.

Data we may need to keep longer

In limited circumstances, we may retain some information for longer than the periods above, for example where we are required to do so to comply with legal, tax, or regulatory obligations; to meet accounting or audit requirements; to prevent fraud, abuse, or security incidents; to enforce our terms; or to establish, exercise, or defend legal claims. In those cases, we keep such information only for as long as needed for the specific purpose, which may in some cases be a fixed number of years as required by applicable law. If we retain any information after a deletion request for these reasons, we will not use it for other purposes than those grounds.

Backups, logs, and service providers

Deleted information may take additional time to be removed from encrypted backups and from systems used by our service providers, until those backups or records are updated or rotated as part of our normal operations. We also retain technical and usage data (for example, server and security-related logs) for a limited time as needed to operate, secure, and improve the service, after which that data is deleted or aggregated in a way that no longer identifies you, subject to the exceptions above. Where we use third-party services to host or process data, retention on their systems is in line with this policy and our instructions to them, as set out in our agreements with them.

Data Security

We implement appropriate security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. However, no internet or email transmission is ever fully secure or error-free.

Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction or deletion of your personal information, including by submitting an account data deletion request
  • Opt-out of receiving marketing communications
  • Withdraw consent at any time, where consent is the legal basis for processing your information

How long we keep data, including after a deletion request, is described in Data Retention above. To exercise these rights, please contact us at contact@irollbjj.com.

Children’s Privacy

Our services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our site. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

Email: contact@irollbjj.com
Address: iRoll Ltd, 86-90, Paul Street, London, EC2A 4NE, UK