Legal

Privacy Policy

Last updated: April 2026

1. Who We Are

Responsible AI Studio operates the tools and services available at responsibleaistudio.com. We are the data controller for personal data processed through our services.

Contact: support@responsibleaistudio.com

2. What Data We Collect

2a. Tool Input Data (Non-Personal)

When you use our tools, you provide contextual inputs such as jurisdiction, industry, staff size, and risk appetite. You may also optionally provide an organisation name. This data is used solely to generate your document. We do not link this data to any individual identity.

We do not require you to create an account or provide your name or email to use our tools.

2b. Payment Data

Payment is processed by Stripe, a third-party payment processor. We do not receive, store, or process your credit card or banking details. Stripe processes all payment information under their own privacy policy and PCI-DSS compliance framework.

Stripe may provide us with limited transaction metadata (transaction ID, amount, timestamp, and payment status) for order fulfilment and refund processing.

2c. Technical Data

Our hosting infrastructure (Railway) may collect standard server logs including IP addresses, request timestamps, and browser information as part of normal system operation. This data is retained for operational and security purposes and is not used for marketing or advertising.

2d. Cookies

We use minimal cookies necessary for service operation. See our Cookie Policy for details.

2e. Feedback Submissions

When you submit our feedback form, you provide us with your name, email address, and a plain-text message. We do not store feedback submissions on our own infrastructure. Each submission is delivered as an email to our support inbox via our transactional-email processor (Resend), from where it is forwarded to an internal inbox for review. The submitter’s email address is set as the “Reply-To” header so we can reply directly if a response is needed.

We use this information only to read, triage, and reply to your feedback. We do not use it for marketing, profiling, or to train AI models.

3. How We Use Your Data

We use the data we collect to:

  • Generate your requested compliance document.
  • Process and verify your payment for paid tools.
  • Operate, maintain, and improve our services.
  • Investigate and prevent fraud or abuse.
  • Respond to support requests where you contact us.

We do not use your data for advertising, profiling, or sell it to third parties.

4. Legal Basis for Processing (GDPR)

Where GDPR applies, we process your data on the following legal bases:

  • Contract performance: Processing necessary to fulfil your tool generation request and payment.
  • Legitimate interests: Operating, maintaining, and securing our services.
  • Legal obligation: Retaining transaction records as required by applicable law.

5. Data Sharing

We share data only with:

  • Stripe: Payment processing. Your payment data is subject to Stripe’s privacy policy.
  • Anthropic: Our AI generation engine. Your tool inputs are transmitted to Anthropic’s API to generate your document. Anthropic processes this under their API usage policies.
  • Resend: Our transactional-email processor, used to deliver feedback submissions from our form to our internal support inbox. Resend processes the submission contents (name, email, message) under their data-processing terms.
  • Cloudflare: Our DNS and email-routing provider, used to forward incoming mail addressed to our support alias to an internal inbox.
  • Railway: Our hosting infrastructure provider for operational data.

We do not share your data with advertisers, data brokers, or any third parties for marketing purposes.

6. Data Retention

Tool input data is used to generate your document and is not persistently stored after your session. Payment transaction metadata is retained as required by law and our refund obligations (typically 7 years for financial records).

Feedback submissions are not stored on our own servers. Each submission is delivered as a transactional email via Resend, whose logs of that send are retained under Resend’s standard retention (typically a small number of days for deliverability analytics). The email itself lives in our support inbox until we delete it as part of normal inbox maintenance — we aim to prune feedback emails we no longer actively need.

7. Your Rights

Depending on your jurisdiction, you may have rights including:

  • Access to the personal data we hold about you.
  • Correction of inaccurate personal data.
  • Erasure of your personal data where we have no lawful basis to retain it.
  • Objection to processing based on legitimate interests.
  • Portability of personal data you have provided to us.

To exercise your rights, contact us at support@responsibleaistudio.com. We will respond within 30 days.

8. International Transfers

Our services operate globally. Data may be processed in countries outside your jurisdiction. Where we transfer personal data internationally, we do so under appropriate safeguards including standard contractual clauses or equivalent mechanisms.

9. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. All data transmission uses TLS encryption. Payment data is handled exclusively by Stripe’s PCI-DSS certified infrastructure.

10. Children’s Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted to this page with an updated date. Significant changes will be communicated through our website.

12. Contact Us

For privacy questions or requests: support@responsibleaistudio.com