Privacy Policy

Last updated: April 2026

1. Controller

Dr. Bastian Brand
Email: legal@roletype.com

2. Data we collect

When you use roletype, the following data is processed:

  • Assessment responses: Your answers to the 78 assessment questions. Stored pseudonymously and used solely to compute your role profile.
  • Email address (optional): If you provide your email, we use it to send you your results and a short follow-up sequence. Your email is stored separately from your assessment data.
  • Payment data: Processed exclusively by Stripe when purchasing the detailed report. We do not store card details.
  • Technical data: Vercel (our hosting provider) processes IP addresses and browser information as part of serving the website.

3. Purpose of processing

  • Running and evaluating the role assessment
  • Delivering results by email (only if an email address was provided)
  • Processing payments for the detailed report
  • Generating personalized report content using AI

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(a) GDPR (consent, for voluntary email submission).

4. Third-party services

  • Vercel Inc. (San Francisco, USA) — Hosting. Data processed in EU data centers. Adequate protection via standard contractual clauses.
  • Supabase Inc. (San Francisco, USA) — Database. EU region (Frankfurt). Adequate protection via standard contractual clauses.
  • Stripe Inc. (San Francisco, USA) — Payment processing. See stripe.com/privacy.
  • Resend Inc. — Email delivery. Used only if you provided an email address.
  • Anthropic PBC (San Francisco, USA) — AI generation of personalized report content. Only pseudonymous assessment data (no email address) is transmitted.

5. Your rights

Under GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectification (Art. 16)
  • Erasure (Art. 17)
  • Restriction of processing (Art. 18)
  • Object to processing (Art. 21)
  • Data portability (Art. 20)

To exercise any of these rights, contact us at: legal@roletype.com

You also have the right to lodge a complaint with a supervisory authority. The competent authority for Bavaria is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

6. Retention

Assessment data is retained as long as necessary to provide the service. Email addresses are deleted on request at any time. Payment records are subject to statutory retention obligations (10 years under German tax law).

7. Cookies

roletype does not use tracking cookies. We use browser localStorage solely for the technical functioning of the assessment (saving progress). This data is not transmitted to any third party.