Legal

Privacy Policy

Last updated: April 2025

1. Who We Are

Responsible AI Studio operates the tools and services available at responsibleaistudio.com. We are the data controller for personal data processed through our services.

Contact: [email protected]

2. What Data We Collect

2a. Tool Input Data (Non-Personal)

When you use our tools, you provide contextual inputs such as jurisdiction, industry, staff size, and risk appetite. You may also optionally provide an organisation name. This data is used solely to generate your document. We do not link this data to any individual identity.

We do not require you to create an account or provide your name or email to use our tools.

2b. Payment Data

Payment is processed by Stripe, a third-party payment processor. We do not receive, store, or process your credit card or banking details. Stripe processes all payment information under their own privacy policy and PCI-DSS compliance framework.

Stripe may provide us with limited transaction metadata (transaction ID, amount, timestamp, and payment status) for order fulfilment and refund processing.

2c. Technical Data

Our hosting infrastructure (Railway) may collect standard server logs including IP addresses, request timestamps, and browser information as part of normal system operation. This data is retained for operational and security purposes and is not used for marketing or advertising.

2d. Cookies

We use minimal cookies necessary for service operation. See our Cookie Policy for details.

3. How We Use Your Data

We use the data we collect to:

  • Generate your requested compliance document.
  • Process and verify your payment for paid tools.
  • Operate, maintain, and improve our services.
  • Investigate and prevent fraud or abuse.
  • Respond to support requests where you contact us.

We do not use your data for advertising, profiling, or sell it to third parties.

4. Legal Basis for Processing (GDPR)

Where GDPR applies, we process your data on the following legal bases:

  • Contract performance: Processing necessary to fulfil your tool generation request and payment.
  • Legitimate interests: Operating, maintaining, and securing our services.
  • Legal obligation: Retaining transaction records as required by applicable law.

5. Data Sharing

We share data only with:

  • Stripe: Payment processing. Your payment data is subject to Stripe’s privacy policy.
  • Anthropic: Our AI generation engine. Your tool inputs are transmitted to Anthropic’s API to generate your document. Anthropic processes this under their API usage policies.
  • Railway: Our hosting infrastructure provider for operational data.

We do not share your data with advertisers, data brokers, or any third parties for marketing purposes.

6. Data Retention

Tool input data is used to generate your document and is not persistently stored after your session. Payment transaction metadata is retained as required by law and our refund obligations (typically 7 years for financial records).

7. Your Rights

Depending on your jurisdiction, you may have rights including:

  • Access to the personal data we hold about you.
  • Correction of inaccurate personal data.
  • Erasure of your personal data where we have no lawful basis to retain it.
  • Objection to processing based on legitimate interests.
  • Portability of personal data you have provided to us.

To exercise your rights, contact us at [email protected]. We will respond within 30 days.

8. International Transfers

Our services operate globally. Data may be processed in countries outside your jurisdiction. Where we transfer personal data internationally, we do so under appropriate safeguards including standard contractual clauses or equivalent mechanisms.

9. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. All data transmission uses TLS encryption. Payment data is handled exclusively by Stripe’s PCI-DSS certified infrastructure.

10. Children’s Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted to this page with an updated date. Significant changes will be communicated through our website.

12. Contact Us

For privacy questions or requests: [email protected]