Roomie

Privacy Policy

Effective date: March 9, 2026

This policy explains what personal data Roomie collects, how it is used, and what choices users have. It is written to match the current implementation of this site, including account registration, login sessions, live chat, password reset email flows, room activity features, and the in-app profile/settings modal.

Quick summary

Roomie collects account details you submit directly, keeps login sessions active with cookies, stores chat content, and uses browser storage to assign a stable visitor identifier. Roomie also provides an in-app profile/settings modal that can display your account details and (for registered users) allows you to request account deletion from within the app. Based on the current code, Roomie does not use third-party advertising cookies or analytics trackers.

1. Information Roomie collects

Roomie may collect the following categories of data:

  • Account details, including username, email address, and password when you register.
  • Authentication and session data, including the session cookie used to keep you signed in.
  • Live chat and room activity, including messages, room identifiers, your display name, and related timestamps.
  • Guest account identifiers created when you use the site without registering.
  • Password reset and account verification records, including temporary verification tokens and expiry times.
  • Browser-side identifiers stored in local storage for visitor tracking and socket connection management.
  • Technical data that your browser necessarily sends when using the service, such as IP address, browser metadata, and request headers.

2. How Roomie uses information

  • To create and verify user accounts.
  • To authenticate users and maintain secure sessions.
  • To provide chat rooms, room history, online user indicators, and guest access.
  • To send account verification and password reset emails.
  • To protect the service against abuse, spam, and repeated login attempts.
  • To operate and secure the underlying infrastructure, including database and session storage.

3. Cookies and local storage

Roomie currently uses a session cookie named chat.sid to keep authenticated sessions active. The current implementation configures this cookie as HttpOnly, Secure, and with a maximum lifetime of about 24 hours.

Roomie also stores a persistent browser identifier in local storage under a key currently named radioio_visitor_id. This identifier helps distinguish browser visits and socket connections. Unlike the session cookie, local storage remains on your device until you clear it or remove it through your browser settings.

4. Chat content and visibility

Messages sent in Roomie chat rooms are user-generated content. Messages may be shown to other users in the same room and may also be included in room history returned by the application.

Under the current implementation, guest messages are designed to expire automatically after about 24 hours. Messages associated with registered accounts are not automatically deleted by the current code and may remain stored until they are manually removed or the system changes.

5. Data retention

  • Guest accounts are configured to auto-delete after about 24 hours.
  • Guest chat messages are cleaned up after about 24 hours.
  • Registration verification records and password reset records are temporary and are currently deleted after they expire, which is configured for about 30 minutes.
  • Registered account records and non-guest chat history are retained until removed by the operator or changed by future product updates.
  • Session records are stored in Redis with a current time-to-live of about 24 hours.

If you use the in-app account deletion feature, the current implementation deletes your registered account record from the database and ends your session. It does not automatically delete chat messages you previously sent, which may remain stored and visible in room history unless removed separately or the system changes.

6. Third parties and service providers

Roomie uses third-party infrastructure and libraries to operate the service. Based on the current implementation, these include:

  • Email delivery infrastructure used to send verification and password reset emails.
  • MongoDB for account, message, room, and token storage.
  • Redis for session and presence storage.
  • Socket.IO for real-time communication.
  • A third-party content delivery network for Font Awesome assets loaded by the main site. When those assets load, the CDN may receive technical request data such as your IP address and browser details.

Based on the current code, Roomie does not include a dedicated third-party analytics or advertising tracker.

7. Security

Roomie uses password hashing, session cookies, security headers, request sanitization, and rate limiting as part of its current security controls. No method of storage or transmission is completely secure, so Roomie cannot guarantee absolute security.

8. Your choices and rights

Depending on your location, you may have rights to request access to personal data, correction of inaccurate data, deletion, restriction, objection, or data portability. You can also clear cookies and local storage in your browser at any time, although doing so may sign you out or reset parts of the user experience.

Account deletion: Registered users can request account deletion from the in-app profile/settings modal. Guest users do not have a registered account and therefore do not have an account to delete through this feature (guest identifiers are designed to expire automatically).

9. Children

Roomie is not intended for children under the age required by applicable law to consent to personal data processing on their own. If you believe a child has provided personal information without appropriate permission, the site operator should be contacted so the information can be reviewed and removed where appropriate.

10. Changes to this policy

This policy may be updated from time to time to reflect changes in the service, legal requirements, or data handling practices. The effective date at the top of this page will be updated when material changes are made.

11. Contact

For privacy questions or requests, contact the site operator at support@webcreations.cy.

Return to Roomie