Privacy Policy
Slap & Roll Co. — A service of ModalForge, LLC
Effective Date: January 1, 2026
Our Commitment to Your Privacy
At Slap & Roll Co., we believe your personal information belongs to you. We built our service from the ground up with privacy as a core architectural principle—not an afterthought. This Privacy Policy explains how we collect, use, protect, and handle your data, and demonstrates our commitment to treating your information with the same care we would want for our own.
The key things to know:
- We never collect, store, or transmit your biographic information (name, SSN, address, etc.)—it stays entirely on your device
- We do store your fingerprint images temporarily to provide our service
- We never sell, share, or provide your data to third parties for their own purposes
- You can delete your data at any time, and we automatically delete it after 30 days
1. Information We Collect
1.1 Information You Provide Directly
Account Information
- Email address (required for account creation)
- Password (encrypted, never stored in plain text)
Fingerprint Card Images
- Scanned images of FD-258 fingerprint cards that you upload to the Service
- These images may contain biometric data (fingerprint images) visible in the scanned card
1.2 Information We Process But Do NOT Collect
Biographic Information (Stays on Your Device)
Our Service is architected so that sensitive personal information never reaches our servers. The following information is processed entirely within your web browser using WebAssembly technology and is never transmitted to us:
- Full legal name
- Date of birth
- Place of birth
- Social Security Number (SSN)
- Home address
- Citizenship and immigration status
- Physical descriptors (height, weight, eye color, hair color)
- Any other biographic data you enter during EFT file generation
How This Works: When you generate an EFT file, the file compilation happens entirely in your browser. Your biographic data is combined with processed fingerprint data locally on your device. We have no technical capability to access, view, or store this information because it is never sent to our servers. You can verify this by disconnecting from the internet before entering your biographic information—the EFT file will still generate correctly.
1.3 Information Collected Automatically
Usage Information
- Browser type and version
- Operating system
- Device type
- Pages visited and features used
- Date and time of access
- Referring website
Technical Information
- IP address
- General geographic location (city/region level, derived from IP)
Cookies and Similar Technologies
We use the following types of cookies and similar technologies:
Essential Cookies
- Maintain your authenticated session
- Remember your preferences
- Ensure the Service functions correctly
Analytics Cookies (Google Analytics)
We use Google Analytics, a web analytics service provided by Google LLC, to help us understand how visitors use our Service and to measure the effectiveness of our advertising campaigns. Google Analytics uses cookies to collect information such as:
- Pages visited and features used
- Time spent on pages
- Traffic sources (how you arrived at our site)
- General geographic location
- Browser and device information
This information is transmitted to and stored by Google on servers in the United States. Google may use this data to contextualize and personalize ads within its own advertising network. You can learn more about Google's privacy practices at https://policies.google.com/privacy.
Opting Out of Google Analytics
You can opt out of Google Analytics by:
- Installing the Google Analytics Opt-out Browser Add-on
- Adjusting your cookie preferences through our cookie consent banner
- Configuring your browser to reject third-party cookies
We do not use cookies for behavioral advertising or retargeting on our Service.
1.4 Payment Information
We use Stripe, Inc. to process all payments. When you make a purchase:
- Your payment card details are collected and processed directly by Stripe
- We receive only confirmation of payment success/failure, transaction ID, and last four digits of your card
- We do not collect, store, or have access to your full payment card information
2. How We Use Your Information
2.1 Primary Purposes
We use the information we collect to:
| Purpose | Information Used |
|---|---|
| Provide the Service | Fingerprint images, account information |
| Process fingerprint quality analysis | Fingerprint images |
| Generate downloadable fingerprint crops | Fingerprint images |
| Authenticate your account | Email address, password |
| Process payments | Payment confirmation from Stripe |
| Communicate with you | Email address |
| Provide customer support | Account information, usage data |
2.2 Analytics and Advertising Measurement
We use Google Analytics to:
- Understand how visitors discover and use our Service
- Measure the effectiveness of advertising campaigns
- Identify which marketing channels drive conversions
- Analyze aggregate usage patterns to improve the Service
This data helps us make informed decisions about where to focus our marketing efforts and how to improve the user experience. Analytics data is analyzed in aggregate form and is not used to identify or target individual users.
2.3 Service Improvement
We may use aggregated, anonymized data to:
- Improve the accuracy of our fingerprint processing
- Enhance Service features and functionality
- Monitor and analyze usage patterns
- Identify and fix technical issues
2.4 Legal and Safety Purposes
We may use your information to:
- Comply with legal obligations
- Enforce our Terms of Service
- Protect the rights, safety, or property of ModalForge, LLC, our users, or others
- Detect, prevent, or address fraud, security, or technical issues
3. Data Storage and Retention
3.1 Where We Store Your Data
Your data is stored on Google Cloud Platform (GCP) infrastructure located in the United States. GCP maintains robust security certifications including SOC 2, ISO 27001, and FedRAMP authorization.
3.2 Fingerprint Image Retention
Automatic Deletion: Fingerprint card images are automatically deleted 30 days after upload.
User-Initiated Deletion: You can delete your submissions at any time by clicking the delete button on any submission card in your dashboard. Deletion is immediate and permanent.
What Gets Deleted:
- Original uploaded image
- Processed image versions
- Segmentation masks
- JPEG2000/WSQ fingerprint crops
- All associated metadata
3.3 Debugging and Quality Assurance
In limited circumstances, we may access stored fingerprint images for debugging purposes if:
- You report a technical issue with your submission
- Our automated systems detect a processing error
- We need to investigate potential service malfunctions
Such access is:
- Limited to authorized personnel only
- Logged and audited
- Used solely to resolve technical issues
- Never used to extract or record biographic information visible on the card
3.4 Account Data Retention
Account information (email address) is retained until you:
- Request account deletion, or
- Your account has been inactive for 24 months
4. Data Sharing and Disclosure
4.1 We Do NOT Share Your Data
We do not sell, rent, trade, or otherwise share your personal information or fingerprint images with any third parties for their own purposes. Ever.
4.2 Service Providers
We use the following third-party service providers who may process data on our behalf solely to provide services to us:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Cloud Platform (GCP) | Cloud infrastructure, storage | Fingerprint images, account data |
| Firebase (Google) | Authentication, database | Email address, authentication tokens |
| Stripe, Inc. | Payment processing | Payment card details (direct to Stripe) |
| Google Analytics (Google) | Website analytics, advertising measurement | Usage data, device info, IP address (anonymized) |
These providers are contractually obligated to:
- Use your data only to provide services to us
- Maintain appropriate security measures
- Not share your data with other parties
- Delete data upon our instruction
4.3 Legal Requirements
We may disclose your information if required to do so by law or in response to:
- Valid legal process (subpoena, court order, etc.)
- Government requests (if legally required to comply)
- Protection of our legal rights
- Emergency situations involving potential harm to individuals
We will attempt to notify you of legal demands for your information unless prohibited by law.
4.4 Business Transfers
If ModalForge, LLC is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
5. Your Rights and Choices
5.1 Access Your Data
You can access your submission history, including processed images and quality scores, through your dashboard at any time.
5.2 Delete Your Data
You have the right to delete your data:
Submission Data: Click the delete button on any submission card to immediately and permanently delete all associated images and data.
Account Deletion: Contact us at [email protected] to request complete account deletion. We will process your request within 30 days.
5.3 Data Portability
Upon request, we can provide you with a copy of your data in a commonly used, machine-readable format.
5.4 Communication Preferences
You can opt out of non-essential communications by:
- Clicking "unsubscribe" in any marketing email
- Adjusting your notification preferences in your account settings
- Contacting us at [email protected]
Note: You cannot opt out of transactional communications (payment confirmations, security alerts, etc.) while maintaining an active account.
5.5 Cookie Preferences
You can control cookies through your browser settings. Note that disabling essential cookies may prevent the Service from functioning correctly.
6. Security Measures
6.1 Technical Safeguards
We implement industry-standard security measures to protect your data:
- Encryption in Transit: All data is transmitted using TLS 1.3 encryption
- Encryption at Rest: Stored data is encrypted using AES-256 encryption
- Access Controls: Role-based access with principle of least privilege
- Authentication: Firebase Authentication with secure token management
- Infrastructure Security: GCP's enterprise-grade security controls
- Monitoring: Automated threat detection and security monitoring
6.2 Organizational Safeguards
- Limited personnel access to user data
- Employee security training
- Incident response procedures
- Regular security assessments
6.3 Your Role in Security
You can help protect your account by:
- Using a strong, unique password
- Not sharing your login credentials
- Logging out of shared devices
- Notifying us immediately of any unauthorized access
6.4 Security Incidents
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of discovery (where required by law)
- Provide details about what data was affected
- Explain steps we are taking to address the incident
- Offer guidance on steps you can take to protect yourself
7. Children's Privacy
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at [email protected], and we will promptly delete such information.
8. International Users
8.1 Data Location
The Service is operated from the United States. If you access the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States.
8.2 Legal Basis for Processing (EEA/UK Users)
If you are located in the European Economic Area or United Kingdom, our legal bases for processing your information include:
- Contract Performance: Processing necessary to provide the Service to you
- Legitimate Interests: Processing for our legitimate business interests (improving services, security, fraud prevention)
- Legal Compliance: Processing required to comply with legal obligations
- Consent: Where you have provided explicit consent for specific processing
8.3 Additional Rights (EEA/UK/California Users)
Depending on your location, you may have additional rights including:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
To exercise these rights, contact us at [email protected].
8.4 California Privacy Rights
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:
- Right to know what personal information we collect
- Right to delete your personal information
- Right to opt out of sale of personal information (we do not sell personal information)
- Right to non-discrimination for exercising your rights
9. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Effective Date" at the top of this policy
- Notify you by email (for material changes)
- Post a notice on our website
Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
ModalForge, LLC
Operating as Slap & Roll Co.
Privacy Inquiries: [email protected]
General Inquiries: [email protected]
Website: https://slapandroll.com
We will respond to your inquiry within 30 days.
12. Summary of Key Points
| Topic | Our Practice |
|---|---|
| Biographic Data (SSN, name, address, etc.) | Never collected—stays on your device |
| Fingerprint Images | Stored temporarily; auto-deleted after 30 days |
| User-Initiated Deletion | Available at any time; immediate and permanent |
| Data Sharing | Never sold; limited sharing with service providers only |
| Analytics | Google Analytics used for site improvement and ad measurement; opt-out available |
| Payment Data | Processed directly by Stripe; we never see full card details |
| Security | Industry-standard encryption and access controls |
| Debugging Access | Limited, logged, and only for technical issues |
© 2026 ModalForge, LLC. All rights reserved.