Privacy Policy

The controller responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR) is:

• Account data: name, email address, and login credentials.
• Profile and company data you provide when building a data room.
• Content you upload to your data rooms (documents, links, text).
• Support communications you send to us.
• Usage and telemetry data: pages viewed, actions taken, device identifiers, browser type, and IP address.

• To create and manage your account and provide the service — performance of a contract (Art. 6(1)(b) GDPR).
• To secure the service and prevent fraud or abuse — legitimate interests (Art. 6(1)(f) GDPR).
• To improve our product and analyse usage — legitimate interests (Art. 6(1)(f) GDPR).
• To provide customer support — performance of a contract and legitimate interests.
• To send marketing communications, where applicable — your consent (Art. 6(1)(a) GDPR).
• To comply with legal obligations such as accounting and tax — legal obligation (Art. 6(1)(c) GDPR).

We share personal data only with the following categories of recipients:

• Service providers and subprocessors that host our infrastructure, provide analytics, and support tooling.
• Paddle.com Market Ltd, acting as our Merchant of Record, for the sale of our products, subscription management, payments, tax compliance, and invoicing.
• Professional advisers such as legal and accounting firms.
• Public authorities where required by applicable law.

Room2Raise is built and hosted in Europe. Where personal data is transferred outside the UK/EEA, we rely on appropriate safeguards such as EU Standard Contractual Clauses or an adequacy decision.

We retain personal data only for as long as necessary to fulfil the purposes described above, to comply with legal obligations, and to resolve disputes. When data is no longer needed, it is deleted or anonymised.

Under the GDPR you have the right to:

• Access the personal data we hold about you.
• Request rectification of inaccurate data.
• Request erasure of your data.
• Request restriction of processing.
• Receive your data in a portable format.
• Object to processing based on legitimate interests.
• Withdraw consent at any time.
• Lodge a complaint with a supervisory authority.

We will respond to requests within one month. To exercise your rights, contact privacy@room2raise.com.

We implement appropriate technical and organisational measures, including encryption in transit and at rest and strict access controls, to protect your personal data.

We use essential cookies required to operate the service and analytics cookies to understand usage. You can manage non-essential cookies through your browser settings or our cookie preferences where available.

For any privacy questions or data requests, contact us at privacy@room2raise.com.