Roadmap OS
Get started
Legal

Privacy Policy

Last updated: 9 April 2026

This Privacy Policy explains how Roadmap OS ("we", "us", "our") collects, uses, and protects information when you use our desktop application and web services (collectively, the "Service").

1. Data storage and offline-first architecture

Roadmap OS is an offline-first application. Your project data -- roadmaps, tasks, KPIs, G2M checklists, capacity plans, and artifacts -- is stored locally on your own machine. You can use the app entirely offline. If you choose to enable cloud sync, your data is transmitted over an encrypted connection and stored in Supabase, our cloud infrastructure provider. You may disable cloud sync at any time without losing your local data.

2. Account information

When you create an account, we collect your email address and a hashed password. We use this information solely to authenticate you and manage your subscription. We do not sell, rent, or share your email address with third parties for marketing purposes.

3. Payment processing

Subscription payments are processed by Paystack, a PCI-DSS compliant payment processor. We never see, store, or have access to your full credit or debit card numbers. Paystack handles all payment data in accordance with their own privacy policy. For details, visit paystack.com/privacy.

4. AI features and API keys

Roadmap OS includes AI-powered features (such as artifact generation) that connect to third-party AI providers (OpenAI, Google, Anthropic). You supply your own API keys directly within the app. We never proxy, intercept, store, or log your API keys or the content you send to these providers. All AI requests are made directly from your machine to the AI provider using your key.

5. Cookies and tracking

We do not currently use tracking cookies on our website or in the desktop application. We may add privacy-respecting analytics (such as Vercel Analytics) in the future to understand aggregate usage patterns. If we do, this policy will be updated accordingly. We will never sell your browsing data to third parties.

6. Data retention

Your local data remains on your machine for as long as you keep it. Cloud-synced data is retained for the duration of your active subscription. If you cancel your subscription, cloud data is retained for 30 days to allow you to export it, after which it may be deleted. You can request deletion of your cloud data at any time by contacting us.

7. Data security

We use industry-standard encryption for data in transit (TLS 1.2+) and at rest. Supabase provides row-level security on all cloud-synced data, ensuring that only you can access your own records. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your rights

You have the right to access, correct, or delete your personal data at any time. Since your project data is stored locally, you have full control over it. For cloud-synced data or account-related requests, contact us and we will respond within 30 days.

9. Children

Roadmap OS is not directed at children under 16. We do not knowingly collect personal information from children under 16.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact

If you have questions about this Privacy Policy or your data, contact us at hello@pmroadmapper.com.