PRIVACY POLICY

This Privacy Policy explains how RoomWorksAI (“Platform,” “we,” “us”) collects, uses, and protects personal data. It also describes your rights, including rights under the EU/UK GDPR where applicable.

1. Who controls your data (Data Controller)

RoomWorksAI is operated by Global Mountain Group LLC (“Controller”)
Address: 30 N Gould St #47047, Sheridan, WY 82801-6317, USA
Contact email: info@globalmountain.group

2. What data we collect

We collect personal data when you create an account, subscribe, or use the Platform.

A) Account data

• Name (if provided), email address
• Account identifiers and authentication information
• Organization/workspace information (if applicable)

B) Billing data

• Subscription status, invoices, plan tier
• Payment confirmations and limited payment metadata
• Note: payment card details are handled by our payment processor and are not stored by us in full.

C) Usage and technical data

• Basic usage metrics (e.g., plan usage meters, export counts, image generation counts)
• Device and browser information, IP address, timestamps
• Log data needed for security, fraud prevention, and reliability

D) Content you provide

• Inputs you submit (text and files) and Outputs generated
• We process this content to deliver Platform functionality (e.g., document transformation, exports, evidence packs).

Important: If you upload sensitive personal data, you do so at your discretion. We recommend minimizing sensitive data and anonymizing where possible.

3. How we use your data (Purposes)

We use personal data to:

• provide and operate the Platform
• authenticate users and maintain accounts
• process subscriptions and billing
• monitor usage meters and enforce plan limits
• generate outputs and exports requested by you
• maintain security, prevent abuse, and debug issues
• communicate service-related notices (e.g., account alerts, limit warnings, billing notifications)
• improve Platform performance and user experience (in aggregate)

4. Legal bases (GDPR/UK GDPR)

Where GDPR/UK GDPR applies, our legal bases include:

• Contract: to provide the Platform and perform the subscription agreement
• Legitimate interests: security, fraud prevention, service reliability, product improvement (balanced against your rights)
• Consent: for non-essential cookies and certain marketing communications where required
• Legal obligation: where we must comply with applicable laws

5. No-training policy (Product commitment)

We do not use your Inputs or Outputs to train our proprietary AI models.

Note: The Platform may use third-party AI service providers to process your requests. We configure services to support privacy and isolation of user data. For details about vendors, see Section 7.

6. Data retention

We retain personal data only as long as necessary for the purposes described above.

Typical retention examples:

• Account data: retained while your account is active, and for a reasonable period after closure for security and legal compliance.
• Billing records: retained as required by law and for accounting.
• Usage logs: retained for security, reliability, and abuse prevention for a limited period.
• Content (Inputs/Outputs): retained according to Platform settings and the necessity of providing your active sessions/projects; drafts may be deleted or expire based on product rules.

7. Sharing and disclosures

We share data only as needed to operate the Platform:

• Payment processing: Stripe or another processor (billing and subscription management)
• Hosting and infrastructure: cloud hosting, database, storage, monitoring
• Email delivery: transactional email provider (for account notices)
• Analytics (optional): if enabled, non-essential cookies require consent in the EEA/UK

We do not sell personal data.

8. International transfers

We may process or store data in the United States and other countries where our service providers operate. If you are in the EEA/UK and your data is transferred outside the EEA/UK, we use appropriate safeguards as required by law (e.g., Standard Contractual Clauses) where applicable.

9. Your rights

Depending on your location, you may have rights to:

• access your personal data
• correct inaccurate data
• delete your data (“right to be forgotten”) where applicable
• restrict or object to processing
• data portability
• withdraw consent (where processing is based on consent)
• lodge a complaint with a supervisory authority (EEA/UK)

To exercise rights, contact info@globalmountain.group. We may need to verify your identity.

10. Security

We use reasonable technical and organizational measures to protect data, including access controls and monitoring. However, no system is 100% secure, and we cannot guarantee absolute security.

11. Children

The Platform is not intended for children under 13 (or higher age where required by local law). We do not knowingly collect personal data from children.

12. Crowdfunding backers (if applicable)

If you support RoomWorksAI via crowdfunding, we may receive limited data from the platform (e.g., name, email, reward tier, shipping/fulfillment details if required). We use this data only to manage supporter communications and deliver rewards, and we retain it only as long as necessary for these purposes and legal compliance.

13. Changes to this Privacy Policy

We may update this Policy from time to time. We will post the updated version and revise the “Last updated” date.