Roosens

Website Privacy Policy

Effective Date: October 24, 2025

WHEREAS, Roosens Ltd. (hereinafter referred to as “**Roosens**,” “**we**,” “**us**,” “**our**,” or “**the Data Controller**” as the context may require) is a limited liability entity duly incorporated and existing under the laws of the Isle of Man, with its registered office at [REDACTED], and operates the digital property located at the Uniform Resource Locator https://roosens.im (hereinafter referred to as the “**Website**”);

AND WHEREAS, the Website is utilized solely for informational, promotional, and operational purposes related to Roosens’ proprietary anti-piracy and anti-leak technologies;

AND WHEREAS, Roosens has entered into binding contractual agreements with third-party service providers, including but not limited to Cloudflare, Inc. and Google LLC (hereinafter collectively referred to as “**Third-Party Processors**”), pursuant to which said Third-Party Processors undertake the collection, processing, and temporary storage of certain technical and behavioral metadata in connection with the operation, security, and performance optimization of the Website;

NOW THEREFORE, this Website Privacy Policy (hereinafter referred to as the “**Policy**”) constitutes a legally binding instrument that governs the limited, incidental, and ephemeral interaction of Roosens with data processed by Third-Party Processors, and sets forth the terms under which any natural person (hereinafter referred to as “**Data Subject**,” “**you**,” or “**your**”) may access the Website, subject to the provisions of Regulation (EU) 2016/679 (the General Data Protection Regulation, hereinafter “**GDPR**”), the Data Protection Act 2018 (Isle of Man), the California Consumer Privacy Act (as amended by the California Privacy Rights Act, hereinafter “**CCPA/CPRA**”), and all other applicable data protection legislation (collectively, “**Applicable Law**”).

1. Scope and Applicability

1.1 This Policy applies exclusively to interactions with the Website and does not extend to any Protected Software (as defined in separate policies).

1.2 By accessing, browsing, or otherwise interacting with the Website, you unequivocally and irrevocably manifest your informed, specific, and unambiguous consent to the data processing practices described herein, pursuant to Article 6(1)(a) GDPR.

1.3 Continued use of the Website following any amendment to this Policy shall constitute your deemed acceptance of such amendments in their entirety.

2. Data Processing Architecture

2.1 Roosens does not engage in direct collection, storage, or retention of personal data from Website visitors. All primary data processing activities are executed in toto by Third-Party Processors under independent controller status or as sub-processors pursuant to Data Processing Agreements compliant with Article 28 GDPR.

2.2 The categories of data that may be processed by Third-Party Processors include, without limitation:

• Internet Protocol (IP) addresses (including geolocation metadata derived therefrom);
• User-agent strings, browser identifiers, and version numbers;
• Device characteristics (operating system, screen resolution, hardware concurrency);
• Hypertext Transfer Protocol (HTTP) request metadata (timestamps, Uniform Resource Locators, headers, referrer data);
• Behavioral telemetry, session cookies, local storage artifacts, and device fingerprinting vectors;

2.3 Roosens is granted limited, conditional, and revocable access to aggregated, pseudonymized, or anonymized subsets of the foregoing data solely for the legitimate interests of:

• Network security monitoring and intrusion detection;
• Distributed Denial of Service (DDoS) mitigation;
• Performance optimization and content delivery;
• Compliance with judicial or regulatory mandates.

Such access is governed by strict contractual limitations and does not constitute “processing” under Article 4(2) GDPR in respect of identifiable natural persons.

3. Legal Bases for Processing

3.1 Where any incidental processing by Roosens occurs, it is justified under:

• Article 6(1)(f) GDPR — legitimate interests in security, fraud prevention, and operational continuity;
• Article 6(1)(c) GDPR — compliance with legal obligations;
• Section 1798.145 CCPA — security and integrity exceptions.

4. Data Retention and Destruction

4.1 Roosens implements a zero-persistence policy with respect to raw or personal data. Any accessed data is ephemerally cached and automatically purged within twenty-four (24) hours, unless retained pursuant to an active abuse investigation or legal hold.

4.2 Third-Party Processors retain data in accordance with their respective published policies, over which Roosens exercises no control.

5. International Data Transfers

5.1 Data may be processed in jurisdictions outside the European Economic Area (EEA) or United Kingdom. Transfers are safeguarded by:

• Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914);
• Binding Corporate Rules (where applicable);
• Adequacy decisions pursuant to Article 45 GDPR.

6. Your Rights Under Applicable Law

6.1 Given that Roosens does not engage in systematic storage or processing of personal data, rights under Articles 15–22 GDPR and CCPA Sections 1798.100 et seq. do not arise in respect of Roosens.

6.2 To exercise rights in relation to data held by Third-Party Processors, you must submit requests directly to:

• Cloudflare, Inc.: https://www.cloudflare.com/privacypolicy/
• Google LLC: https://policies.google.com/privacy

7. Children's Data

7.1 The Website is not directed to individuals under the age of thirteen (13) in the United States or sixteen (16) in the European Union. Roosens does not knowingly process data of such individuals. Any incidental exposure is governed by Third-Party Processor policies.

8. Amendments and Severability

8.1 This Policy may be amended unilaterally by Roosens. Notice shall be deemed given upon posting of the revised version on the Website.

8.2 If any provision is held invalid, the remainder shall continue in full force and effect.

Contact

Data Protection Officer: [email protected]
Support: https://roosens.im/support

Roosens Anti-Piracy Privacy Policy

Effective Date: October 24, 2025

WHEREAS, Roosens Ltd. (hereinafter “**Roosens**,” “**we**,” “**us**,” “**our**,” or “**Controller**”) provides proprietary digital rights management and anti-piracy technologies integrated into third-party software applications (hereinafter “**Protected Software**”);

AND WHEREAS, the activation, validation, and enforcement of such Protected Software necessitate the collection and processing of certain system and usage metadata from end users (hereinafter “**Data Subjects**” or “**you**”);

AND WHEREAS, such processing is conducted pursuant to a contractual relationship between Roosens and the software publisher (the “**Publisher**”), and is subject to the terms of a confidential Protection Agreement not disclosed to Data Subjects;

NOW, THEREFORE, this Anti-Piracy Privacy Policy (the “**Policy**”) constitutes a binding legal notice under Article 13 GDPR and CCPA Section 1798.130, setting forth the terms under which Roosens processes data in connection with Protected Software.

1. Data Categories and Anonymization Protocol

1.1 The Protected Software collects non-specific, non-identifiable system and usage metadata for the sole purpose of license validation, activation control, and anti-piracy enforcement.

1.2 MANDATORY CLIENT-SIDE ANONYMIZATION:

All collected system metadata is subjected to an irreversible, one-way cryptographic transformation within the Protected Software executable itself, prior to any network transmission or upload to Roosens infrastructure.

This process ensures that:

• No raw, identifiable, or re-identifiable system identifiers are ever transmitted, stored, or processed by Roosens;
• The resulting pseudonymized data cannot be reverse-engineered to reveal original system characteristics;
• Full compliance with GDPR Article 4(5) pseudonymization-at-source requirements is achieved;
• Roosens has no knowledge of, access to, or ability to reconstruct any underlying system identifiers.

1.3 Additional non-anonymized data collected may include:

• Store User Identifier (e.g., platform account ID);
• Activation Timestamp (UTC);
• Ownership Classification (purchase, license, promotional);
• IP Address (for geolocation and abuse detection).

1.4 No special categories of personal data (Article 9 GDPR) are processed.

2. Purposes and Legal Bases

2.1 Processing is conducted for the following purposes:

• Verification of legitimate ownership (Article 6(1)(b) GDPR — contract performance);
• Enforcement of reactivation and concurrency limits (Article 6(1)(f) — legitimate interests);
• Generation of forensic enforcement reports for the Publisher;
• Billing reconciliation and revenue assurance;
• Compliance with law enforcement or judicial process (Article 6(1)(c)).

3. Retention Period

3.1 All data is retained for the entire duration of the Protection Agreement between Roosens and the Publisher.

3.2 Upon termination or expiry of said Agreement, all end-user personal data shall be irrevocably and permanently deleted within thirty (30) calendar days, subject only to legal hold requirements.

4. Data Recipients

4.1 Data is disclosed only to:

• The Publisher (joint controller);
• Sub-processors bound by Article 28 GDPR DPAs;
• Competent authorities pursuant to valid legal process.

4.2 No data is sold, licensed, or otherwise commercialized.

5. Data Subject Rights

5.1 You are entitled to exercise rights under GDPR Articles 15–22 and CCPA Sections 1798.100 et seq., subject to verification and legitimate interest overrides.

5.2 All requests must be accompanied by:

• Notarized or government-issued photographic identification;
• Original proof of purchase (receipt, order confirmation, or digital store transaction record);
• Affidavit of truthfulness under penalty of perjury.

5.3 Frivolous, vexatious, or manifestly unfounded requests (including but not limited to those submitted with intent to harass, overburden, or drain resources) shall be deemed a social engineering attack and may result in:

• Immediate rejection without response;
• Reporting to law enforcement and data protection authorities;
• Civil claims for damages, including legal fees and administrative costs.

6. Children's Data

6.1 Protected Software may be rated for general audiences (e.g., PEGI 3, ESRB E). In such cases, processing occurs without parental consent under Article 8(1) GDPR exception for contractual necessity.

6.2 Parents or legal guardians may submit verified requests on behalf of minors.

Contact

Data Protection Officer: [email protected]

Roosens Anti-Leak Privacy Policy

Effective Date: October 24, 2025

WHEREAS, Roosens Ltd. (hereinafter “**Controller**”) deploys forensic watermarking and leak-tracing technologies into pre-release, embargoed, or confidential software builds (hereinafter “**Protected Software**”);

AND WHEREAS, access to such Protected Software is granted only to authorized individuals under strict non-disclosure and limited-use agreements with the rights holder (the “**Rights Holder**”);

NOW, THEREFORE, this Anti-Leak Privacy Policy constitutes a binding legal instrument under Article 13 GDPR and CCPA Section 1798.130.

1. Data Collected and Anonymization Protocol

1.1 The Protected Software collects non-specific, non-identifiable system and session metadata for the sole purpose of forensic traceability and leak prevention.

1.2 MANDATORY CLIENT-SIDE ANONYMIZATION:

All system-level metadata is subjected to an irreversible, one-way cryptographic transformation within the Protected Software binary itself, prior to any network transmission.

This process ensures that:

• No raw, identifiable, or re-identifiable system data is ever transmitted, stored, or processed by Roosens;
• The resulting pseudonymized data cannot be reverse-engineered to reveal original system characteristics;
• Roosens has no knowledge of, access to, or ability to reconstruct any underlying system identifiers;
• Full compliance with GDPR pseudonymization-at-source requirements is achieved.

1.3 Additional non-anonymized data collected may include:

• Unique User Identifier (assigned by Rights Holder);
• IP Address (with ASN and geolocation);
• Launch Timestamp (UTC);
• Session Telemetry (duration, UI interactions, screenshot detection);
• Watermark Embedding Metadata (forensic trace).

2. Processing Purposes

2.1 Data is processed solely to:

• Trace unauthorized distribution;
• Generate forensic leak reports;
• Support billing under the Protection Agreement;
• Comply with law enforcement demands.

3. Retention and Deletion

3.1 Data is retained for the full term of the Protection Agreement.

3.2 Upon termination, all data is irreversibly destroyed within thirty (30) days using NIST SP 800-88 compliant methods.

4. Data Recipients

4.1 Recipients are limited to:

• The Rights Holder (joint controller);
• Sub-processors under Article 28 GDPR;
• Law enforcement (pursuant to subpoena or court order).

5. Data Subject Rights

5.1 Rights are available subject to strict verification:

• Notarized identity document;
• Proof of authorized access (e.g., NDA, access key, email from Rights Holder);
• Sworn declaration of legitimate purpose.

5.2 Abusive or resource-draining requests are classified as social engineering attacks and may trigger legal countermeasures.

6. Children's Data

6.1 Anti-Leak Protected Software is never distributed to minors. Any incidental access results in immediate data purge.

Contact

Data Protection Officer: [email protected]