Privacy Policy

Introduction

Round Table AI unites multiple AI providers inside a single workspace. That requires a thoughtful approach to privacy: we gather only the data that keeps conversations persistent, operate exclusively on infrastructure we control, and give every customer the ability to remove their own data. This policy explains what we collect, why we collect it, and the controls you have.

Information We Collect

Account & Billing

Identity: name, email address, workspace identifiers.
Authentication: hashed passwords or Cognito identity references.
Billing: Stripe customer ID, payment method metadata, plan selections (Basic or Pro). Raw card data never touches our servers.

Product Usage

Conversations: prompts, AI responses, compaction summaries, message metadata (timestamps, agent IDs, token counts). These records allow agents to replay the newest 200 turns with full attribution.
Agent Settings: provider, model, temperature, system prompts, and friendly names for custom agents.
Token Accounting: provider-reported token totals plus the converted “platform token” value used for quotas and billing transparency.

Operational Data

Diagnostics: request/response IDs, latency metrics, and failure reason codes for troubleshooting.
Security Signals: IP address, user agent, geographic hints (not precise location) used for fraud detection and rate limiting.
Consent-Free Analytics: We use Plausible Analytics for basic audience measurement. Plausible sets no cookies and accesses no device storage. It uses a daily-rotating hash of your IP address and user agent to count unique visitors; the hash key is deleted every 24 hours, making the data fully anonymous and not linkable to you. No persistent personal data is retained. This processing is based on legitimate interest under GDPR Article 6(1)(f) and does not require consent. Data collected includes: page views, referrer domain, country, browser family, operating system, device type, and UTM campaign parameters. Data is hosted in the EU (Hetzner, Germany) by Plausible Analytics. This analytics layer operates independently of the consent-gated analytics described below. Under GDPR Article 21, you have the right to object to this processing. To exercise this right, contact privacy@round-table.ai.
Consent-Gated Analytics: We use Google Analytics 4 (GA4) and Customer.io to understand marketing performance and measure conversions. In regions where consent is not legally required, we may process analytics data based on legitimate interest. In regions where opt-in consent is required (such as the EU, UK, and Canada), analytics processing begins only after you grant consent. GA4 sets first-party cookies (such as _ga) to assign a pseudonymous identifier. Customer.io sets cookies (such as _cioanonid) to track anonymous activity before signup and merge it with your account afterward. We also capture UTM parameters and click IDs (e.g., gclid, fbclid) to attribute signups to specific campaigns. When you withdraw consent, we immediately stop processing your data for consent-gated analytics purposes, reset Customer.io identity, and delete analytics cookies. Minimal identifiers may be retained for compliance and audit purposes, as permitted under GDPR Article 17(3)(b).
Bug Reporting Diagnostics: only when you submit a bug report and explicitly opt in—we capture up to the last 10 provider requests/responses for the affected conversation. These payloads are double-encrypted (per-user and server-held keys), retained for 30 days, and decrypted solely to create the GitHub issue you approve.

How We Use Your Information

Provide the product – render conversations, stream real-time responses, store transcripts, and enforce quotas.
Route AI traffic – deliver prompts to Anthropic, OpenAI, xAI, and Google based on the agents you target.
Maintain reliability – investigate errors, detect abuse, and keep offline-safe completions accurate if you close your browser.
Handle billing – manage Stripe subscriptions, plan changes, and invoices.
Improve the platform – analyze anonymized usage trends to prioritize features (for example, which agents are added most often).
Debug issues you report – when you opt into a bug report, we decrypt the selected provider logs in-memory, post them to GitHub along with your description, and then discard the plaintext.

We never train models on your data or sell your information.

Data Sharing

AI Providers: prompts and relevant conversation slices are forwarded to Anthropic, OpenAI, xAI, or Google depending on the agents you @mention.
Payments: billing information is processed by Stripe.
Infrastructure vendors: AWS (CloudFront, S3, RDS/Aurora, Secrets Manager, WAF) hosts operational data. Plausible Analytics processes consent-free audience measurement data (EU-hosted, legitimate interest). Google Analytics 4 and Customer.io process consent-gated analytics data under the applicable legal basis for your region (consent or legitimate interest).
Bug tracking: when you submit a bug report, we post the details (including conversation snippets and optionally decrypted provider logs) to our public GitHub repository so engineers can triage the issue.

Every vendor is under contractually bound data-processing terms.

Storage & Security

Data at rest lives in encrypted AWS Aurora PostgreSQL clusters.
Provider API keys, Stripe secrets, and signing keys are stored in AWS Secrets Manager.
All traffic (web, WebSocket, API) is served via HTTPS and CloudFront with TLS 1.2+.
The application backend is protected by AWS WAF with managed threat rules and custom rate limits.
Conversation exports and compaction summaries inherit the same encryption and access controls as the source conversation.

Retention & Deletion

Conversation history persists until you delete the thread or close your account.
Billing records are kept for the period required by law (typically 7 years for US accounting rules).
Support logs and analytics data are retained for up to 12 months.
Bug-report diagnostics (encrypted provider logs and associated metadata) are automatically deleted 30 days after collection.
You can delete any conversation at any time from the product UI. Account-wide deletions can be requested by emailing privacy@round-table.ai.

Your Privacy Choices

You can manage your analytics and advertising preferences at any time using the "Your Privacy Choices" link in the website footer. This opens a modal where you can:

Enable or disable analytics tracking — controls whether GA4 and Customer.io collect data about your visits.
Enable or disable advertising and data sharing — controls whether analytics data may be shared with advertising partners. This option is only available when analytics tracking is enabled.

When you disable analytics, we immediately stop consent-based processing (Google Analytics 4 and Customer.io), delete analytics cookies (_ga, _ga_*, _cioanonid, _cioid), reset Customer.io identity, and remove attribution data. Your preference is stored in the rt_consent cookie for up to 1 year. Anonymous audience measurement via Plausible Analytics continues independently as it uses no cookies and retains no persistent personal data (see "Consent-Free Analytics" above).

Do Not Sell or Share My Personal Information

Under the California Consumer Privacy Act (CCPA/CPRA), "sharing" includes making personal information available to third parties for cross-context behavioral advertising. When analytics cookies are active, pseudonymous identifiers may be shared with Google (via GA4) for this purpose.

You can opt out of the sale or sharing of your personal information by:

Using the "Your Privacy Choices" link in the website footer and disabling the "Advertising & Data Sharing" toggle.
Enabling Global Privacy Control (GPC) in your browser, which we honor as a legally binding opt-out.

When you opt out, we set the rt_dns cookie to record your preference and immediately suppress all advertising-related data signals. Analytics tracking may continue if you leave it enabled, but your data will not be shared for advertising purposes.

We do not sell personal information for monetary consideration.

Global Privacy Control

We detect and honor Global Privacy Control (GPC) signals sent by your browser. When a GPC signal is detected:

All consent-based analytics (Google Analytics 4, Google Tag Manager, and Customer.io) and data sharing is automatically denied.
Analytics cookies are deleted and Customer.io identity is reset.
The "Your Privacy Choices" modal displays a confirmation that your GPC preference is being honored.
A "GPC Honored" indicator appears in the website footer adjacent to the "Your Privacy Choices" link.

Consent-free analytics (Plausible Analytics) continues to operate because it retains no persistent personal data and does not "sell or share" personal information as defined by the CCPA — the regulation that GPC is designed to enforce.

We treat GPC as a legally binding opt-out of the sale and sharing of personal information per California regulations (CCPA §7025). To change this behavior, disable GPC in your browser settings.

Your Rights

Access – download conversation transcripts and billing statements.
Correction – update account details or agent metadata.
Deletion – remove conversations or request full account deletion.
Portability – request data exports in JSON or CSV.
Objection – opt out of marketing emails and analytics tracking via "Your Privacy Choices" in the website footer. We honor Global Privacy Control (GPC) signals as a legally binding opt-out.

Users in the EU/EEA or UK may also exercise GDPR rights (erasure, objection, restriction). California residents can invoke CCPA rights via the same contact channels.

Children's Privacy

Round Table AI is built for professional teams. We do not target or knowingly allow sign-ups from individuals under 18.

Changes & Contact

We will update this policy when regulations or product functionality changes. Material updates are announced via email or in-app notifications.

Questions about this policy can be sent to privacy@round-table.ai.