Policy
Compliance Overview
Last updated May 29, 2026
Roundtable AI is a young product, and we keep our compliance posture honest: this page describes what we actually do today, not aspirations. If you need something specific for a procurement or legal review, email compliance@round-table.ai and we'll help.
Data Handling & Access
- Your data is hosted on reputable cloud infrastructure (Amazon Web Services).
- Access to production data is limited to a small number of vetted engineers, and privileged actions are logged.
- We collect only the data needed to run the product. See our Privacy Policy for the full picture.
Privacy Regulations
- GDPR / UK GDPR: We act as a data processor and will sign a Data Processing Addendum (DPA) on request. Where data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses.
- CCPA / CPRA: We do not sell your personal information for money. When analytics cookies are active, pseudonymous identifiers may be shared with advertising partners as defined by the CCPA — you can opt out any time using the "Your Privacy Choices" link in our footer or by enabling Global Privacy Control (GPC), which we honor.
- LGPD & PIPEDA: Rights requests are handled through the same privacy inbox, typically within 30 days.
To exercise any of these rights, email privacy@round-table.ai.
Security Practices
We don't hold formal certifications today, and we won't claim ones we don't have. What we do:
- Build on established providers — Amazon Web Services, Stripe, Anthropic, OpenAI, xAI, and Google — that run their own security programs and maintain their own independent audits and certifications.
- Encrypt your data in transit and at rest.
- Manage our infrastructure as code, with peer-reviewed changes and automated checks before anything ships.
For more detail on how we protect your data, see our Security Overview.
Reliability
- We take automated backups so your conversation history and account data can be recovered.
Subprocessors
We use a small set of vendors to operate the service:
| Vendor | Purpose | Region |
|---|---|---|
| Amazon Web Services | Hosting, networking, data storage | Global |
| Anthropic, OpenAI, xAI, Google | AI inference APIs | US/EU (per provider) |
| Stripe | Payments and subscription billing | US/EU |
| Google Analytics | Marketing analytics (consent or legitimate interest, by jurisdiction) | US/EU |
| Customer.io | Marketing analytics and user engagement (consent or legitimate interest, by jurisdiction) | US/EU |
| Plausible Analytics | Consent-free audience measurement (no cookies, no persistent personal data) | EU (Germany) |
We'll update this list before adding new subprocessors.
Need a signed DPA or a copy of our security practices for your records? Contact compliance@round-table.ai.