Policy

Privacy Policy

Last updated February 15, 2025

Introduction

Round Table AI unites multiple AI providers inside a single workspace. That requires a thoughtful approach to privacy: we gather only the data that keeps conversations persistent, operate exclusively on infrastructure we control, and give every customer the ability to remove their own data. This policy explains what we collect, why we collect it, and the controls you have.

Information We Collect

Account & Billing

  • Identity: name, email address, workspace identifiers.
  • Authentication: hashed passwords or Cognito identity references.
  • Billing: Stripe customer ID, payment method metadata, plan selections (Basic or Pro). Raw card data never touches our servers.

Product Usage

  • Conversations: prompts, AI responses, compaction summaries, message metadata (timestamps, agent IDs, token counts). These records allow agents to replay the newest 200 turns with full attribution.
  • Agent Settings: provider, model, temperature, system prompts, and friendly names for custom agents.
  • Token Accounting: provider-reported token totals plus the converted “platform token” value used for quotas and billing transparency.

Operational Data

  • Diagnostics: request/response IDs, latency metrics, and failure reason codes for troubleshooting.
  • Security Signals: IP address, user agent, geographic hints (not precise location) used for fraud detection and rate limiting.
  • Analytics: Plausible site analytics (no cookies, no individual tracking) that help us understand marketing performance.
  • Bug Reporting Diagnostics: only when you submit a bug report and explicitly opt in—we capture up to the last 10 provider requests/responses for the affected conversation. These payloads are double-encrypted (per-user and server-held keys), retained for 30 days, and decrypted solely to create the GitHub issue you approve.

How We Use Your Information

  1. Provide the product – render conversations, stream real-time responses, store transcripts, and enforce quotas.
  2. Route AI traffic – deliver prompts to Anthropic, OpenAI, xAI, and Google based on the agents you target.
  3. Maintain reliability – investigate errors, detect abuse, and keep offline-safe completions accurate if you close your browser.
  4. Handle billing – manage Stripe subscriptions, plan changes, and invoices.
  5. Improve the platform – analyze anonymized usage trends to prioritize features (for example, which agents are added most often).
  6. Debug issues you report – when you opt into a bug report, we decrypt the selected provider logs in-memory, post them to GitHub along with your description, and then discard the plaintext.

We never train models on your data or sell your information.

Data Sharing

  • AI Providers: prompts and relevant conversation slices are forwarded to Anthropic, OpenAI, xAI, or Google depending on the agents you @mention.
  • Payments: billing information is processed by Stripe.
  • Infrastructure vendors: AWS (CloudFront, S3, RDS/Aurora, Secrets Manager, WAF) and Plausible host or analyze operational data.
  • Bug tracking: when you submit a bug report, we post the details (including conversation snippets and optionally decrypted provider logs) to our public GitHub repository so engineers can triage the issue.

Every vendor is under contractually bound data-processing terms.

Storage & Security

  • Data at rest lives in encrypted AWS Aurora PostgreSQL clusters.
  • Provider API keys, Stripe secrets, and signing keys are stored in AWS Secrets Manager.
  • All traffic (web, WebSocket, API) is served via HTTPS and CloudFront with TLS 1.2+.
  • AWS WAF applies managed threat protections and custom rate limits before requests reach our edge.
  • Conversation exports and compaction summaries inherit the same encryption and access controls as the source conversation.

Retention & Deletion

  • Conversation history persists until you delete the thread or close your account.
  • Billing records are kept for the period required by law (typically 7 years for US accounting rules).
  • Support logs and analytics data are retained for up to 12 months.
  • Bug-report diagnostics (encrypted provider logs and associated metadata) are automatically deleted 30 days after collection.
  • You can delete any conversation at any time from the product UI. Account-wide deletions can be requested by emailing privacy@round-table.ai.

Your Rights

  • Access – download conversation transcripts and billing statements.
  • Correction – update account details or agent metadata.
  • Deletion – remove conversations or request full account deletion.
  • Portability – request data exports in JSON or CSV.
  • Objection – opt out of marketing emails and Plausible attribution.

Users in the EU/EEA or UK may also exercise GDPR rights (erasure, objection, restriction). California residents can invoke CCPA rights via the same contact channels.

Children's Privacy

Round Table AI is built for professional teams. We do not target or knowingly allow sign-ups from individuals under 18.

Changes & Contact

We will update this policy when regulations or product functionality changes. Material updates are announced via email or in-app notifications.

Questions? Email privacy@round-table.ai or write to:

Or email us at privacy@round-table.ai for any privacy questions.

Sign InGet Started Free