Skip to main content

Privacy Policy

How Roomie Protects Your Personal Data

Privacy Policy for Roomie Workspace

Last Updated: May 17, 2026

This Privacy Policy covers how we collect, use, and protect your information when you use Roomie across mobile, desktop, and web (our "Service"), and when you visit roomie.work.

We try to keep this short and readable. If something is unclear, email us at [email protected].

1. Information we collect

We collect information in a few ways:

When you sign up, we collect your name, email address, and password.

When you use the product, we store the content you create: messages, files, documents, emails (if you use custom domain email), tasks, calendar events, and project data.

When you use Huddles (video calls), we process live audio, video, and screen sharing streams. We do not record or store any of this.

When you use custom domain email, we store the emails you send and receive. Email content is only accessible to intended recipients and workspace admins. We do not scan email content for advertising.

Automatically, we collect technical data like which features you use, your device OS, and browser type. This helps us find bugs and figure out what to build next.

On our website and in the product, if you accept cookies, we collect product analytics through Google Analytics and PostHog. This includes pages visited, time on site, referral source, clicks, and feature usage. PostHog also captures session replays — recordings of how you interact with our pages — to help us fix bugs and improve the UX. See Section 12 for details, including what is masked and how to opt out.

2. How we use your information

We use your data to run the product and make it better. Specifically:

  • To power the features you use: messaging, email, huddles, tasks, calendar.
  • To find and fix bugs, and to figure out which features to build or improve.
  • To protect your account and our platform from unauthorized access.
  • To send you service updates, security alerts, or support messages.

We will never sell your personal data to advertisers or data brokers.

3. Data sharing

We do not share your personal data with outside companies, except:

  • With hosting and infrastructure providers that help us run the service. They are contractually required to protect your data and cannot use it for their own purposes.
  • With analytics providers (Google Analytics, PostHog) that process usage and session data on our behalf. They are contractually bound to process this data only for our analytics purposes and not for their own.
  • If required by law, or to protect the rights, property, or safety of our company, our users, or the public.

4. AI features

Roomie has AI features including chat, task creation from conversations, and smart search.

By default, AI requests are processed by Mistral AI.

You can also bring your own AI provider. In workspace settings, you can configure a custom API key for providers like OpenAI, Anthropic, or others. When you do this, your data goes directly to the provider you configured, and their privacy policy applies. You are responsible for reviewing their terms.

Regardless of which provider is used:

  • Only the text you submit to the AI feature is sent. We never share your account credentials, passwords, or workspace settings with any AI provider.
  • AI processing only happens when you actively use an AI feature.
  • We do not sell or share AI-processed data with third parties.

If you don't want data sent to any AI provider, just don't use the AI features. Everything else in Roomie works without them.

5. Legal basis for processing

We process your data based on:

  • Contract: When processing is necessary to provide the service you signed up for (account data, messages, tasks, email).
  • Legitimate interest: When we analyze usage to improve the product, fix bugs, or protect against fraud.
  • Consent: When you opt in to analytics cookies and session replays, or choose to use AI features.

You can withdraw consent at any time by declining cookies or stopping use of AI features.

6. International data transfers

Roomie's servers and infrastructure providers may be located outside your country. When your data is transferred internationally, we ensure it is protected using standard contractual clauses or equivalent safeguards.

7. Data security

We encrypt data in transit (TLS) and at rest. We run regular security assessments and limit internal access to user data to the people who actually need it to keep the service running.

8. Data retention

We keep your data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, unless we're legally required to keep it. Some anonymized usage data may stick around for analytics.

Workspace admins can delete workspace data at any time from admin settings.

9. Your rights

You can:

  • View your account data through your settings.
  • Correct or update your personal information.
  • Delete your account and all associated data.
  • Request a copy of your data.
  • Decline analytics cookies and session replays on our website and opt out of AI features.

To exercise any of these, email [email protected] or use the options in your account settings.

10. Platform availability

Roomie is available on iOS, Android, Windows, macOS, Linux, and the web at roomie.work. This policy applies across all platforms.

11. Children's privacy

Roomie is not intended for anyone under 16. We don't knowingly collect data from children. If we find out we have, we'll delete it.

12. Cookies, analytics, and session replays

We use two analytics tools — Google Analytics and PostHog — to understand how people find and use Roomie. Both are only enabled after you click "Accept" on the cookie banner.

Google Analytics

Google Analytics helps us understand traffic and acquisition. The cookies it sets:

  • _ga — distinguishes visitors. Expires after 2 years.
  • _ga_* — tracks session state. Expires after 2 years.

IP addresses are anonymized before being sent to Google.

PostHog (product analytics + session replays)

PostHog records product events (clicks, page views, feature usage) and session replays — video-like recordings of how you interact with our pages. We use this to find broken flows, diagnose bugs, and improve the UX. We do not use it for advertising or to identify you to third parties.

What we capture and what we mask:

  • Captured: page views, clicks, navigation, form submissions (without values), and the events listed above.
  • Masked: by default, all input fields, passwords, and text content are masked in replays so we cannot see what you typed. Payment-related screens are excluded entirely.
  • Retention: session replays are retained for up to 30 days, then deleted automatically. Event data is retained for up to 12 months.

PostHog sets a first-party cookie (or uses localStorage) to identify your session. It is only set after consent.

Declining and opting out

If you click "Decline" on the cookie banner, no Google Analytics or PostHog cookies are set, no events are sent, and no session replays are recorded. You can change your choice at any time from the cookie banner, or clear cookies through your browser.

We use one functional cookie to remember your consent choice. We do not use advertising or cross-site tracking cookies.

13. Changes to this policy

If we make significant changes, we'll notify you through the app or by email. The date at the top tells you when this was last updated.

14. Contact us

Questions? Email us at [email protected].