How Roder Oy collects, uses and protects personal data. EU-hosted. EU-operated. GDPR-native.
Roder Oy (“Roder”, “we”, “us”) is the data controller for personal data collected through roder.ai and processed in connection with the Roder AI security platform. Roder is headquartered in Helsinki, Finland, with operations in Sweden. All production infrastructure is hosted in the EU.
Roder collects only the personal data needed to deliver the service, run the business and meet legal obligations.
Roder shares personal data only with sub-processors strictly necessary to deliver the service. Named processors include Snitcher (Snitcher BV) for first-party website analytics and B2B company identification on roder.ai, loaded only after you accept analytics cookies. A complete sub-processor list with locations and DPAs is available on request from compliance@roder.ai. Categories include EU-region cloud hosting, transactional email, observability, and authentication.
Production data is stored and processed in the European Union. Where any sub-processor processes data outside the EU/EEA, transfers rely on EU Standard Contractual Clauses and additional safeguards as required by the Schrems II ruling. Customers can request an EU-only deployment under the Roder Enterprise option.
Personal data is kept only as long as needed for the purpose for which it was collected, after which it is deleted or anonymised. Default retention windows: visitor logs 90 days, prospect data 24 months from last interaction, customer account data for the term of the contract plus 12 months, billing data 6 years (tax law). Customers can request earlier deletion subject to legal obligations.
Under the GDPR, you have the right to access, rectify, erase, restrict, port and object to processing of your personal data, and to lodge a complaint with your supervisory authority (in Finland, Tietosuojavaltuutettu; in Sweden, Integritetsskyddsmyndigheten / IMY). Requests: compliance@roder.ai. We respond within one month.
See our separate Cookies Policy.
Roder operates a defence-in-depth security programme aligned to ISO 27001 and ISO 42001 and audited under SOC 2 Type II. Encryption in transit (TLS 1.3) and at rest (AES-256), least-privilege access, continuous logging, customer-controlled audit trail. Responsible disclosure: security@roder.ai.
Material changes are notified by email to active customers and posted on this page with a new “Last updated” date. Continued use of the platform after the effective date constitutes acceptance.
Roder Oy · Helsinki, Finland · compliance@roder.ai