Legal · last updated 2026-05-24

Privacy Policy

Nightroll is in active development. This policy describes what we collect today; it may change. You assume all risk associated with your use of the service.

1. What we collect

• Account data: email, sign-in identifier (Cognito sub), and the org membership graph you create.
• Flag configuration: the flags, projects, targeting rules, and SDK keys you create.
• SDK analytics: from each SDK call site we receive the userId you pass to isEnabled(), plus the flag key and a daily count. We use this to bill MAU and show you usage trends.
• Cookies: see the cookie preferences page for the full inventory. Analytics cookies only after you accept.

2. What we DON'T collect

• User attributes you pass to isEnabled() (country, plan, email, anything you stuff in attributes) never leave your process. Flag evaluation runs locally in the SDK.
• No advertising identifiers, no third-party trackers, no data sales.

3. About the userIds you send

The userIds you pass to isEnabled() are sent to us in nightly batches so we can count monthly active users for billing. We treat them as opaque strings — they're whatever you chose them to be.

If your userIds are themselves personal data (email addresses, real names), they become personal data in our system. We recommend you pass opaque IDs (UUIDs, internal user numbers) instead. If you want stronger anonymity, hash the IDs client-side before passing them to the SDK.

4. Data retention

• Raw event batches in DynamoDB: 7 days.
• Monthly rollups (MAU, eval counts): retained indefinitely for accounting.
• Long-term archive in S3: per-day per-org rollups with counts only — no userIds. Retained indefinitely.
• Account data (orgs, projects, flags): deleted on account deletion. Historical usage counts are kept (no PII).

5. Where data lives

Nightroll runs on AWS in the United States. We use AWS managed services (Cognito, DynamoDB, S3, Lambda, CloudFront, SES) for storage, compute, and delivery.

6. Sub-processors

• AWS — hosting and infrastructure.
• Stripe — billing. Stripe processes payment data directly; we receive only customer and subscription IDs.
• Google Analytics 4 — site usage, only after you accept on the cookie banner. IP anonymization is enabled.

7. Your rights

You can:

• Export your flag configuration via the API at any time.
• Change your cookie consent on the cookie preferences page.
• Delete your account from the dashboard (requires removing your projects first).
• Request additional access or deletion by emailing privacy@nightroll.app.

8. Contact

Privacy questions: privacy@nightroll.app.