Privacy Policy
Last updated: 10/20/2025
📋 2-Minute Summary
We take our obligation to protect your privacy seriously!
What you should know:
First of all: you always remain in control of your data.
To whom does this Privacy Policy apply?
This policy applies to any individual whose Personal Data Roadmappy may collect, use or otherwise process during their use of our platform.
What information do we collect about you?
- Your identification details and account information (email, full name)
- Your payment information
- Integration data you choose to connect (Salesforce, Calendar, Slack, etc.)
- Meeting recordings and transcripts (if you enable the meeting bot)
- Information about how you use our platform
Why do we collect this information?
We collect your information to provide you access to our platform in an optimal way, through a personalized user profile, and to deliver AI-powered insights from your integrated data sources.
Who has access to your data?
Only the relevant members of Roadmappy's team have access to the information you provide. We use trusted suppliers and service providers (AWS, Neon, Google AI, Assembly AI, PostHog, Stripe) who are legally obliged to ensure your privacy at all times.
What do you control?
At any moment, you can request to modify, erase or get a copy of your data. Email us at privacy@roadmappy.io and we will delete all your data within 24 hours.
What do we do to protect your data?
- Your data is stored on high-security servers within the European Union (Germany)
- We adopted appropriate safety measures on technical and organizational levels
- All AI processing uses European-based APIs
- We process data in a GDPR-compliant manner using state-of-the-art software and solutions
- We have implemented internal procedures to ensure confidentiality of our IT-infrastructure
If you want to know more, please read our entire Privacy Policy below, which explains everything in further detail.
Article 1: General
Roadmappy (hereinafter "we", "us", "our", "Roadmappy") is a family-owned business operating from Switzerland, assumes responsibility for the processing of your Personal Data as "Controller", including the use of our platform.
In our Privacy Policy, "Personal Data" shall mean any information relating to you as an identified or identifiable natural person and user of the Platform.
Roadmappy processes Personal Data in accordance with the legislation in force, and, in particular, the EU General Data Protection Regulation (GDPR) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data.
The access to or use of our Platform implies your full and unreserved understanding of this Privacy Policy. This means that you are fully informed about how Roadmappy collects, uses and processes your Personal Data, in accordance with the provisions of this Privacy Policy and for the purposes listed herein.
Roadmappy reserves the right to change, modify and update this Privacy Policy from time to time by posting a revised version on our platform. Therefore, we recommend you regularly consult this Privacy Policy to make sure that you are aware of all changes.
Article 2: What Personal Data Does Roadmappy Collect
Roadmappy may process, for the purposes mentioned in Article 3, the following categories of Personal Data:
| Data Category | Details | Context |
|---|---|---|
| Category 1: Account Information | • Email address • Full name | When creating an account to use our Platform |
| Category 2: Payment Information | • Credit card information (processed by Stripe) • VAT number (for companies) • Billing address | When selecting a paid subscription plan |
| Category 3: Integration Data | • Salesforce: Chatter feed posts and event descriptions • App Store/Play Store: Public user reviews • Intercom: Conversation messages • Calendar: Event titles, times, participants, descriptions • Slack: Messages and thread history from selected channels • Beamer: User reviews and comments on feature posts | When you authorize integration connections with third-party services |
| Category 4: Meeting Data | • Meeting recordings (audio/video) • Meeting transcripts • Meeting metadata (participants, duration, timestamp) • AI-generated insights from meetings | When you enable the meeting bot to join and record your meetings |
| Category 5: Roadmap and Content Data | • Roadmap items and descriptions • Features and initiatives you create • Comments and notes • Attachments and files | Content you create and store within the Platform |
| Category 6: Usage Analytics | • Features and functionalities used • User behavior patterns • Session duration and frequency • Personal preferences and settings | Automatically collected through PostHog analytics when using the Platform |
| Category 7: Technical Information | • IP address • Browser type and version • Device information • Operating system | Automatically collected when accessing the Platform |
Article 3: Legal Basis and Purposes of Data Processing
We only process your data when we have a specific purpose and lawful basis to do so and only process what is relevant for the pursuit of each specific purpose in question:
3.1 General Purposes
| Data Category | Legal Basis | Purpose |
|---|---|---|
| Category 1: Account Info | Performance of contract (Terms and Conditions) | To create and maintain your personalized user profile and provide access to the Platform |
| Category 2: Payment Info | Performance of contract (Terms and Conditions) | For payment processing and invoicing when you select a paid subscription plan |
| Category 3: Integration Data | Your explicit consent + Performance of contract | To fetch, process, and analyze data from your connected integrations using AI/ML models to provide insights and recommendations |
| Category 4: Meeting Data | Your explicit consent | To record, transcribe, and analyze meeting content using AI to extract insights and action items |
| Category 5: Roadmap and Content Data | Performance of contract (Terms and Conditions) | To store and display your roadmap content and provide platform functionality |
| Category 6: Usage Analytics | Our legitimate interests | To improve our Platform, provide technical support, understand user behavior, and ensure functionality and security |
| Category 7: Technical Information | Our legitimate interests | To ensure Platform security, prevent fraud, and provide technical support |
3.2 AI Processing
Roadmappy uses Google large language models (Gemini) and Assembly AI for transcription processing to analyze your integrated data and meeting recordings. All AI processing is conducted through European-based APIs to ensure data sovereignty. The AI processing serves to:
- Extract insights from customer feedback and conversations
- Identify trends and patterns in your data
- Generate summaries and action items from meetings
- Provide intelligent recommendations for your roadmap
3.3 Direct Marketing
If Roadmappy has obtained your electronic contact details in the context of providing our services, Roadmappy may use your email address to send you promotional material regarding similar services we may offer. This is based on Roadmappy's legitimate interest.
Other promotional material, concerning non-similar services, will only be sent to you if you have given us your prior consent to do so.
We will at all times offer you a GDPR-compliant way to opt out of receiving such emails at any time, free of charge and without motivation, for example by clicking the unsubscribe button at the end of every promotional email or by sending an email to privacy@roadmappy.io.
3.4 Transfer to Third Parties
Roadmappy treats Personal Data as confidential information and will not disclose or communicate it to third parties under any condition or for any purpose other than those specified in this Privacy Policy, or under the conditions in which the law requires us to do so.
Roadmappy may disclose your Personal Data to third-party service providers to the extent necessary to carry out our business activities:
- AWS (Amazon Web Services) - Server hosting and infrastructure (Germany/EU region)
- Neon - Database hosting (Germany/EU region)
- Stripe - Payment processing
- Google AI (Gemini) - Language model processing (European-based APIs)
- Assembly AI - Transcription services (European-based APIs)
- PostHog - Analytics and user behavior tracking
These parties are legally obliged to ensure your privacy at all times through data processing agreements and will only process data in accordance with our purposes and instructions.
Roadmappy will not sell or rent your Personal Data to third parties, except in the situations described in this Privacy Policy or unless you explicitly provide your prior consent.
In the event of total or partial reorganization of Roadmappy, transfer of Roadmappy's activities or in the event of Roadmappy being declared bankrupt, your Personal Data may be transferred to new entities or third parties. Roadmappy will inform you in advance of such transfers.
3.5 Legal Requirements
In extraordinary circumstances it may occur that Roadmappy is obliged to transfer your Personal Data following a court order, or in order to comply with imperative laws and/or regulations. Roadmappy will, if reasonably possible, try to inform you beforehand, unless revealing this information is subject to legal constraints.
Article 4: Duration of Processing
Roadmappy will store your Personal Data for the duration necessary to achieve the purposes listed in Article 3 of this Privacy Policy, including for as long as this is essential for the contractual relationship between you and Roadmappy.
Roadmappy may also store your Personal Data in order to comply with applicable laws or as part of legal requirements. Therefore, the retention periods mentioned below shall not apply where Roadmappy is legally obliged to store your Personal Data for shorter or longer periods of time.
Retention Periods
| Data Category | Retention Period |
|---|---|
| Category 1: Account Info | Retained for 90 days after account deletion |
| Category 2: Payment Info | Retained for 7 years after account deletion (legal/tax requirements) |
| Category 3: Integration Data | Deleted immediately upon your request or within 24 hours of account deletion |
| Category 4: Meeting Data | Deleted immediately upon your request or within 24 hours of account deletion |
| Category 5: Roadmap and Content Data | Deleted immediately upon your request or within 24 hours of account deletion |
| Category 6: Usage Analytics | Retained for 2 years after account deletion |
| Category 7: Technical Information | Retained for 90 days after account deletion |
Article 5: Your Rights
5.1 Right of Access and Right to Copy
At any time, you have the right to freely obtain access to your Personal Data, as well as to be informed about the purpose of the processing.
5.2 Right to Rectification, Erasure or Restriction
You always have the right to ask to rectify your Personal Data when you think it is inaccurate. You can also request the processing of your Personal Data to be restricted if you think that your data is inaccurate.
In addition, you have the right to ask to erase your Personal Data. Simply email us at privacy@roadmappy.io and we will delete all your data within 24 hours.
5.3 Right to Object
You have the right to object to the processing of your Personal Data when you have and provide serious and legitimate reasons to do so.
You also have the right to object to the use of your Personal Data for direct marketing purposes. In such case, you do not need to provide a specific reasoning for your objection.
5.4 Right to Data Portability
You have the right to obtain your Personal Data, which is processed by our Platform in a structured, commonly used format and/or to transfer this data to another data controller.
5.5 Right to Withdraw Consent
When the processing of your Personal Data is based on your prior consent, you have the right to withdraw this consent at any time.
5.6 Automated Decisions and Profiling
You have the right to request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
5.7 Exercising Your Rights
You can exercise your rights by contacting us:
- Via email to privacy@roadmappy.io
- Through the contact form on our website
For data deletion requests, we commit to processing your request and deleting all your data within 24 hours.
5.8 Right to File a Complaint
You have the right to file a complaint with your local data protection supervisory authority if you believe your rights have been violated.
For individuals in the EU, you can find your national data protection authority here: EU Data Protection Authorities
If you have suffered damage as a result of the processing of your Personal Data, you may file a claim for compensation.
Article 6: Safety and Confidentiality
Privacy and security are at the top of our concerns. Roadmappy has adopted comprehensive safety measures on technical, organizational and physical levels to protect your Personal Data:
Technical Measures
- All data is stored in European Union data centers (Germany) via AWS and Neon
- Industry-standard encryption for data in transit and at rest
- All AI processing uses European-based APIs for data sovereignty
- Regular security audits and vulnerability assessments
- Secure authentication and authorization mechanisms
Organizational Measures
- Access to Personal Data is restricted to authorized personnel only
- All service providers sign data processing agreements
- Regular staff training on data protection and security
- Incident response procedures for security breaches
- Regular backups to prevent data loss
Nevertheless, if a security breach would occur and affect your Personal Data, Roadmappy will inform you of the breach without undue delay, including a summary description of the potential impact and recommendations on measures to mitigate possible adverse effects.
Roadmappy shall not be liable in any way for direct or indirect damages caused by wrongful or improper use of Personal Data by a third party.
At the same time, you also share responsibility for maintaining the privacy and security of the services, for example by not allowing any third party to have insight into your confidential communications.
Article 7: International Data Transfers
All your data is stored and processed within the European Union (Germany) to ensure maximum data protection under GDPR regulations.
While we use some service providers that may have global operations (such as Stripe for payment processing), all data processing agreements include appropriate safeguards to protect your Personal Data in accordance with GDPR requirements.
Specifically, all AI processing through Google (Gemini) and Assembly AI is conducted through their European-based APIs, ensuring your data remains within the EU.
Article 8: Integration-Specific Processing
When you authorize integrations with third-party services, you explicitly consent to Roadmappy accessing and processing the following data:
Salesforce Integration
- Chatter feed posts and comments
- Event descriptions from Salesforce calendar
- Contact and account information referenced in posts
App Store and Play Store Integration
- Public user reviews for your applications
- Review ratings and timestamps
- Reviewer usernames (public information)
Intercom Integration
- Conversation messages between you and your customers
- Customer metadata (name, email, company)
- Conversation tags and attributes
Calendar Integration
- Event titles, descriptions, and times
- Participant names and email addresses
- Meeting links and locations
Slack Integration
- Messages and thread history from channels you select
- Participant usernames
- Attachments and shared files in selected channels
Beamer Integration
- User reviews and comments on your feature posts
- Reaction data (likes, votes)
- Commenter information (name, email if provided)
You can disconnect any integration at any time, and upon disconnection, we will stop collecting new data from that source. You can request deletion of previously collected integration data by emailing privacy@roadmappy.io.
Article 9: Meeting Bot Processing
When you enable the Roadmappy meeting bot, you explicitly consent to the following processing activities:
Recording and Transcription
- The meeting bot will join meetings on your calendar where you've enabled recording
- Audio and/or video will be recorded during the meeting
- Recordings are transcribed using Assembly AI (European-based processing)
- Transcripts are analyzed using Google AI to extract insights and action items
Consent and Transparency
- It is your responsibility to inform meeting participants that the meeting is being recorded
- You must obtain consent from all participants before enabling recording functionality
- The meeting bot will announce its presence when joining meetings
Data Control
- You can disable the meeting bot at any time
- You can delete individual meeting recordings and transcripts
- All meeting data is deleted within 24 hours upon request to privacy@roadmappy.io
Article 10: Contact
For any privacy-related questions, concerns, or requests, please contact us:
- Email: privacy@roadmappy.io
- For urgent data deletion requests, we respond within 24 hours
We are committed to addressing your concerns promptly, transparently, and in accordance with GDPR requirements.
Article 11: Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.
When we make significant changes, we will notify you by email or through a prominent notice on our Platform. We encourage you to review this Privacy Policy periodically.
The "Last updated" date at the top of this page indicates when this Privacy Policy was last revised.