Skip to main content

Privacy Policy

H
Written by Henrik Laxhuber
Updated over a month ago

Last Updated: August 20th, 2025

Welcome to Rome Intelligent Systems, Inc..

At Rome Intelligent Systems, Inc. ("we," "our," or "us"), we value your privacy and are committed to protecting your personal information. This Privacy Policy outlines how we collect, use, store, and safeguard data when you use our platform available at https://getrome.ai and https://getrome.io (the "Service").

By accessing or using our Service, you acknowledge that you have read and understood this Privacy Policy. If you disagree with any aspect of this policy, please discontinue use of our Service immediately.

Key Terms

  • Personal Information: Any data relating to an identifiable individual, including name, email address, or identification numbers.

  • Service Usage Information: Information automatically collected about how you interact with our Service.

  • Cookies: Small text files placed on your device to enhance your browsing experience and collect certain information.

  • Data Controller: Rome Intelligent Systems, Inc. serves as the Data Controller, determining why and how your personal information is processed.

  • Data Processor: Third parties that process data on our behalf according to our instructions.

  • Data Subject: You, as the individual whose personal information we process.

Purpose and Lawful Basis for Processing Personal Information

We collect and process your personal information to:

  • Deliver and maintain our services

  • Respond to support inquiries

  • Improve user experience

  • Fulfill contractual and legal obligations

  • Secure our platform and prevent fraud

  • Customize and enhance service features

  • Communicate updates and offers (where consented)

Our processing is based on one or more of the following lawful bases:

  • Your explicit consent

  • Performance of a contract

  • Compliance with legal obligations

  • Our legitimate business interests

Information We Collect

We primarily process non‑HR business contact details of our customers’ employees and their suppliers to operate our platform:

  • Names

  • Work email addresses

  • Job titles

  • Work phone numbers

  • Company/organization and relationship (e.g., supplier)

This information is used to send notifications, coordinate deliveries, and support supply‑chain operations within our software.

Limited Support Access. In limited cases, our support team may temporarily access customer systems (under customer direction), which can expose additional contact information. Such access is strictly time‑bound, logged, used only to diagnose issues, and we do not retain that data beyond the support interaction.

Sensitive Data. We do not collect or process sensitive data (as defined by applicable law and the DPF Principles). If our practices change, we will update this policy and obtain any legally required consents before processing such data.

Service Usage Information

Our systems automatically gather information about your interactions with our Service, including:

  • IP address and device identifiers

  • Browser type and settings

  • Operating system information

  • Pages visited and navigation patterns

  • Time and duration of visits

  • Referring websites and search terms

  • Technical diagnostic data

This helps us understand user behavior while respecting privacy principles.

Methods of Collection

We collect information through:

  • Direct inputs (forms, account registration)

  • Automated telemetry (IP, browser, OS, usage logs)

  • Tracking technologies such as cookies

  • Integrations with customer systems and communication providers (e.g., email, identity providers)

Cookies and Similar Technologies

We employ cookies and similar tracking mechanisms to enhance your experience and collect information about how you use our Service.

The cookies we deploy include:

  • Functional Cookies: Essential for basic Service operations.

  • Customization Cookies: Remember your settings and preferences.

  • Security Cookies: Help protect your account and our systems.

  • Analytics Cookies: Provide insights into Service usage patterns.

Use, Retention, and Disposal of Information

We use your information only for the purposes for which it was collected. We retain personal data only as long as necessary for these purposes or as required by law. When data is no longer needed, we delete or anonymize it securely.

Data Subject Rights

Depending on your location, you may have specific rights regarding your data (e.g., GDPR, CCPA), including:

  • The right to access, correct, or delete your data

  • The right to restrict or object to processing

  • The right to data portability

  • The right to withdraw consent

Under the DPF Access principle, individuals may access the personal information we hold about them and correct, amend, or delete that information where it is inaccurate or processed in violation of the DPF Principles. We will respond to DPF‑related complaints within 45 days of receipt.

To exercise these rights or submit a DPF complaint, contact [email protected]. If we do not resolve your concern, you may use our independent recourse mechanism (JAMS) described below.

Use of Subprocessors

We engage trusted third-party subprocessors to perform specific functions on our behalf, including:

  • Hosting and infrastructure services

  • Analytics

  • Customer support tools

  • Security and fraud prevention

All subprocessors are contractually obligated to protect your information and process it only as directed by us. You can view our current list of subprocessors at https://getrome.ai/security/policies.

Technical and Organizational Measures

We implement robust security practices including:

  • Encryption of sensitive data (at rest and in transit)

  • Regular vulnerability scanning and security assessments

  • Strict access controls and authentication protocols

  • Staff training on data protection principles

You can view a detailed explanation of our security measures at https://getrome.ai/security/policies.

Data Quality and Your Responsibilities

You are responsible for providing accurate, complete, and current personal information. You may update your information via your account or by contacting us.

Monitoring and Enforcement

We monitor compliance with this policy and our internal data protection practices. Violations are subject to investigation and appropriate corrective action, including potential disciplinary measures. We review this policy periodically and update it as necessary.

Data Privacy Framework Compliance

Rome Intelligent Systems, Inc. adheres to the EU‑U.S. Data Privacy Framework (EU‑U.S. DPF), the UK Extension to the EU‑U.S. DPF, and the Swiss‑U.S. Data Privacy Framework (Swiss‑U.S. DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and its Member States, the European Economic Area (EEA), the United Kingdom (including Gibraltar), and Switzerland to the United States.

Rome Intelligent Systems, Inc. has certified to the U.S. Department of Commerce that it adheres to the DPF Principles. To view our certification, please visit the official list at https://www.dataprivacyframework.gov/list.

Scope of Participation. Our DPF participation covers only non‑HR personal information, and we collect and process only such non‑HR information. We do not collect HR data, and we do not rely on the DPF for HR data transfers.

Investigatory, Enforcement, and Public Authority Disclosures

Rome Intelligent Systems, Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) and may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law‑enforcement requirements.

Liability for Onward Transfers

Under the Data Privacy Framework (DPF) Principles, Rome Intelligent Systems, Inc. remains responsible and liable for the processing of personal information it receives and subsequently transfers to a third party acting as an agent on our behalf if that agent processes such information in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage. We require such third parties, via written agreements, to process personal information only for limited and specified purposes consistent with the notice provided to individuals, to provide at least the same level of protection as the DPF Principles, and to notify us if they can no longer meet these obligations.

Choice (Opportunities to Limit Use and Disclosure)

  • You may opt out of disclosures of your personal information to non‑agent third parties and of uses that are materially different from the purpose for which the information was originally collected or subsequently authorized.

  • We do not collect personal data classified as sensitive data under the GDPR, other applicable data protection laws, or the DPF Principles. If that changes, we will obtain your affirmative express consent (opt‑in) before using or disclosing sensitive data for materially different purposes or to non‑agent third parties.

To exercise these options, contact [email protected].

Independent Recourse Mechanism (JAMS)

In compliance with the DPF Principles, Rome Intelligent Systems, Inc. commits to resolve complaints about your privacy and our collection or use of your personal information. EU, EEA, UK, and Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact us at [email protected].

Rome Intelligent Systems, Inc. has further committed to refer unresolved privacy complaints under the DPF Principles to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution to file a complaint free of charge.

Binding Arbitration

If your complaint remains unresolved after following the above procedures, you may, under certain conditions, invoke binding arbitration before the Data Privacy Framework Panel as a last‑resort mechanism, pursuant to Annex I of the DPF Principles.

Data Security and AI Features

Our Service incorporates AI technology that can make or suggest decisions based on your data. You control the level of AI autonomy through configurable settings.

We implement:

  • Encryption of sensitive data

  • Regular security assessments

  • Access controls and authentication protocols

  • Staff training on data protection

For AI decision‑making queries, contact [email protected].

Contact Information

© Rome Intelligent Systems, Inc. 2025

Did this answer your question?