We use cookies only to manage your session — no third-party tracking or advertising. Learn more in our Privacy Policy.

RoLearn

Unlock Pro features

RoLearn/ Legal
Contact

Data Processing Agreement

LAST UPDATED: JUNE 2026

This DPA governs personal data that SDK and Enterprise customers send RoLearn to process on their behalf. If you integrate the RoLearn SDK or run an Enterprise/Brand workspace, you should review and accept this DPA below.

1. Parties & Roles

This Data Processing Agreement ("DPA") forms part of the agreement between HUBERT.STUDIO LLC ("Processor", "RoLearn") and the customer that integrates the RoLearn Multiplatform SDK or an Enterprise/Brand workspace ("Controller", "Customer").

For personal data that the Customer transmits to RoLearn about the end-users of the Customer's games or properties (including player identifiers, session data, coarse country, device/OS, and in-game events) — "Customer Personal Data" — the Customer is the controller and RoLearn is the processor. RoLearn processes Customer Personal Data only on the Customer's documented instructions.

2. Subject Matter & Duration

RoLearn processes Customer Personal Data to provide the analytics, dashboards, exports, and SDK features described in the agreement, for the duration of the agreement and until deletion or return as set out in Section 9.

3. Nature & Purpose of Processing (Annex I)

Categories of data subjects: end-users / players of the Customer's games, who may include minors.

Categories of personal data: developer-supplied player identifier, session identifier, coarse country (account-region/locale-derived; not precise geolocation), device type, operating system, and in-game behavioral events. RoLearn's SDK rejects payloads containing direct identifiers (email, phone, government IDs, payment card numbers).

Purpose: game analytics, performance/crash diagnostics, retention and monetization metrics, brand-activation measurement, and Customer-configured data export.

4. Processor Obligations

  • Process Customer Personal Data only on the Customer's documented instructions, including for transfers, unless required by law (in which case RoLearn will notify the Customer where permitted).
  • Ensure persons authorized to process the data are bound by confidentiality.
  • Implement the technical and organizational security measures in Section 6.
  • Assist the Customer, taking into account the nature of processing, in responding to data-subject requests and in meeting its security, breach-notification, and data-protection-impact-assessment obligations.
  • Make available information necessary to demonstrate compliance and allow for audits as set out in Section 8.

5. Sub-processors

The Customer provides general authorization for RoLearn to engage the sub-processors listed on our Sub-processors page. RoLearn imposes data-protection obligations on each sub-processor no less protective than those in this DPA and remains responsible for their performance. RoLearn will give the Customer a mechanism to receive notice of intended changes and a reasonable period to object.

6. Security Measures (Annex II)

  • Encryption in transit (TLS 1.2/1.3) and encryption of data exports prior to delivery.
  • Access controls, least-privilege, and role-based permissions for internal systems.
  • Data minimization at ingest (rejection of direct-identifier fields) and bounded retention.
  • Logging, monitoring, and error tracking; regular backups with tested restore.
  • Network isolation between the public-data pipeline and Customer Personal Data stores.

7. International Transfers

Where processing involves transfer of personal data out of the EEA, UK, or other restricted jurisdictions, the parties incorporate the applicable Standard Contractual Clauses (and the UK Addendum where relevant), and RoLearn supports any data-transfer impact assessment required under Vietnam’s PDPD. The Sub-processors page identifies processing locations.

8. Audit

RoLearn will make available, on the Customer’s reasonable request and subject to confidentiality, documentation sufficient to demonstrate compliance with this DPA, and will contribute to audits conducted by the Customer or an independent auditor at reasonable intervals and with reasonable prior notice.

9. Return & Deletion

On termination, and at the Customer’s choice, RoLearn will delete or return Customer Personal Data and delete existing copies within a commercially reasonable period, unless retention is required by law. Customer Personal Data is in any event subject to the retention windows in the Privacy Policy (SDK telemetry default 30 days).

10. Children’s Data

The Customer acknowledges that Customer Personal Data may relate to minors. The Customer warrants that it has obtained and maintains all consents and authorizations required to collect and share such data with RoLearn, including under COPPA, the GDPR (including Article 8 parental consent where applicable), and the rules of any platform on which the Customer’s game operates (e.g. Roblox). RoLearn will not sell children’s data, will not use it for advertising or profiling beyond the analytics the Customer commissions, and applies data minimization as described above.

11. Liability

Each party’s liability under this DPA is subject to the limitations of liability in the underlying agreement (see Terms of Service, Section 11, and any Enterprise & SDK Terms).

Accept the DPA for your organization

Sign in with your workspace owner account to review and accept this document for your organization.