PricingRoadmapContact
Sign in

Legal

Privacy Policy

Last updated: 24 April 2026

1. Who we are

Rogers AI is operated by Intuitive AI Ltd ("Rogers AI", "we", "us", "our"), registered at The Offices, 57 Newtown Road, Hove, BN3 7BA, United Kingdom.

Rogers AI is the data controller for personal data processed through this platform. This means we determine the purposes and means of processing your personal data and are responsible for it being handled lawfully.

Contact: hello@rogersai.co.uk — ICO Registration: ZC108366.

Rogers AI has determined that the appointment of a Data Protection Officer is not required under UK GDPR Article 37. Privacy queries are handled directly at hello@rogersai.co.uk.

2. Scope of this policy

This policy applies to personal data collected and processed through:

  • The Rogers AI web application (app.rogersai.co.uk)
  • The Rogers AI marketing website (rogersai.co.uk)
  • Any associated onboarding flows

3. What we collect and why

We collect and use personal data on the following lawful bases under UK GDPR Article 6.

3.1 To perform your contract (Article 6(1)(b))

This is data we need to deliver the AI Launchpad service you have signed up to use. Providing it is a contractual requirement — without it, we cannot create or maintain your account or deliver the service.

  • Name and email address — account creation, authentication, and service communications
  • Profile picture (where you sign in via Google) — account display
  • Journey step progress and completion dates — delivering and tracking your Launchpad experience
  • Actions, milestones, and preferences — personalising your in-app journey
  • Business plan answers and founder knowledge inputs — generating your AI-powered validation, planning, and brand outputs
  • Brand kit selections — producing your brand outputs
  • AI chat history (per user, per agent) — maintaining context across your sessions
  • Plan tier — managing your subscription and access
  • Payment reference (not card details) — reconciling payments against your account

3.2 Legitimate interests (Article 6(1)(f))

We process limited technical and operational data where we have a legitimate interest in operating the platform securely and improving it, and where that interest is not overridden by your rights.

  • Session tokens — maintaining secure authenticated sessions
  • Authentication logs — detecting and preventing unauthorised access
  • Error and diagnostic logs — identifying and resolving technical issues
  • Admin audit log entries (administrator user ID, action type, affected record, timestamp) — tamper-evident record of administrative actions on accounts
  • Platform usage data (login timestamps, journey step completion events, time spent per step) — understanding how users progress through the Launchpad to identify drop-off points, improve the product, and provide support

We do not use this data for marketing, advertising, or profiling beyond the product improvement purposes described above. You can correct inaccurate account information via your account settings or by contacting us.

3.3 What we do not collect

  • Passwords in plain text. If you register with email and password, your password is hashed and stored by our authentication provider. Rogers AI never sees or stores your plain-text password, and your original password cannot be recovered from our systems.
  • Payment card details. All card data is handled directly by our payment processor. Rogers AI only receives a payment reference.
  • Sensitive personal data as defined under UK GDPR Article 9 (e.g. health data, political opinions, ethnicity). We do not request or intentionally collect this. Please do not include sensitive personal data in your business plan answers or AI chat inputs.

4. How we protect your data

You can sign in via Google OAuth or email and password. Authentication is managed by our authentication provider.

  • Google OAuth — authentication is handled by Google. Rogers AI receives only your name, email, and profile picture. We never see or store your Google password.
  • Email and password — passwords are hashed and stored by our authentication provider. The plain-text password is never written to any Rogers AI storage.

After login, a JWT-based session token is stored in a cookie on your device. That cookie is HttpOnly (inaccessible to browser scripts, which prevents session theft via cross-site scripting), Secure (transmitted only over HTTPS), and has a limited lifetime after which you must re-authenticate.

Data isolation.Every API endpoint requires authentication; unauthenticated requests are rejected. Every database query is scoped to the authenticated user's own identifier by both application logic and database-level row-level security. There is no mechanism by which one user can access another user's journey progress, documents, AI conversations, or business plan answers.

Administrative access. Access to the admin dashboard is restricted to authorised Rogers AI staff by role-based permissions, enforced at both the application and database level.

Audit logging.We maintain an internal audit log of administrative actions on user accounts. This log records the administrator's user ID, the action type, the record affected, and a timestamp. It exists solely for security, integrity, and compliance purposes and is not used for profiling or marketing.

Platform analytics. We collect internal analytics data — login timestamps, session frequency, journey step completion events, and time elapsed between steps — stored against your user ID. It is used solely to improve the product and is not shared with advertising networks or used for targeted marketing.

Infrastructure. Your data is stored in a managed PostgreSQL database and accessed via a managed authentication service, both provided by our cloud database and authentication provider. The application itself is served by our application hosting provider. Both operate under industry security certifications and have signed Data Processing Agreements with us.

5. Data breach notification

Rogers AI maintains internal incident response procedures to detect, investigate, and respond to personal data breaches.

  • ICO notification— where a breach is notifiable under UK GDPR Article 33, we will notify the Information Commissioner's Office within 72 hours of becoming aware, where feasible.
  • User notification — where a breach is likely to result in a high risk to your rights and freedoms (Article 34), we will notify affected users directly without undue delay.
  • Sub-processor breaches — our Data Processing Agreements with sub-processors require them to notify Rogers AI of any breach affecting your data within 48 hours of becoming aware.

6. Cookies

We use a single authentication cookie, as described in Section 4. This cookie is strictly necessary for the platform to function and does not require your consent under UK PECR. We do not currently use analytics cookies, advertising or tracking cookies, or third-party embedded cookies. If this changes, we will update this policy and, where required, obtain your consent before setting non-essential cookies.

7. Automated decision-making

The Rogers AI platform uses AI to generate outputs including business validation assessments, plans, and brand recommendations. These outputs are advisory in nature. No automated decision produces a legal or similarly significant effect on you without human review.

Where the platform generates a validation assessment (a Proceed, Pivot, or Pause verdict):

  • Inputs — the answers you provide during validation, covering your business idea, target market, founder background, and readiness indicators.
  • How the verdict is produced — your answers are assessed by an AI language model against a structured framework, with weights applied across business viability, founder readiness, and external threats.
  • What the outcome means — a Proceed verdict indicates inputs were assessed as sufficient to move forward. A Pivot verdict indicates the idea should be reshaped, with areas identified. A Pause verdict indicates the idea is not ready, with reasons given. None of these outcomes are binding.
  • What it does not affect — the validation output has no bearing on your ability to access credit, employment, insurance, or any other regulated benefit.

You have the right to request human review of any AI-generated output by contacting hello@rogersai.co.uk.

8. Sub-processors

We engage the following categories of sub-processors in order to deliver the service. We have Data Processing Agreements in place with each. A detailed, named list is available on request.

  • Cloud database and authentication provider — stores user data and manages authentication (US)
  • Application hosting provider — serves the web application (US / EEA)
  • AI language model provider — powers AI reasoning, chat, validation scoring, and document generation (US)
  • AI image generation provider — generates brand and marketing imagery (US / EEA)
  • Payment processor — handles card payments; Rogers AI never receives card details (US)
  • Transactional and marketing email provider — formats, delivers, and schedules service and product emails (US / EEA)
  • Workflow automation provider — internal operational automations (US / EEA)
  • Social media scheduling provider — will publish content on your behalf when social features are enabled (US / EEA)
  • Error monitoring provider — captures diagnostic error information (US / EEA)
  • Feature flag and experimentation provider — manages product feature rollouts (US / EEA)

Rogers AI does not share one user's data with any other user, does not sell personal data to any third party, and does not use personal data for advertising.

9. International data transfers

Several of our sub-processors are based outside the UK. Where data is transferred to countries not covered by a UK adequacy decision, we rely on the UK International Data Transfer Agreement (IDTA) or the Standard Contractual Clauses (SCCs) as the lawful transfer mechanism, or where applicable the UK Extension to the EU-US Data Privacy Framework for certified US processors.

Rogers AI conducts periodic checks to confirm that US processors relying on the UK Extension maintain an active certification status. If a processor's certification lapses, we will ensure an alternative transfer mechanism is in place before continuing to transfer personal data.

10. Data retention

We retain your personal data for as long as your account is active, and for a period of 3 years after account closure or last activity, after which it is permanently deleted.

Exceptions:

  • Financial records (payment references) are retained for 7 years in line with UK accounting and tax obligations.
  • Admin audit log entries are retained for 12 months from the date of creation and then permanently deleted.
  • Platform analytics data is retained for the duration of your account and deleted alongside your account data.
  • Backup data may be retained for a short additional period (up to 90 days) following deletion, after which it is purged from backup systems.

On deletion, the following is removed: your name, email, profile picture, business plan answers, journey progress, AI chat history, brand kit selections, and preferences. The following is retained where legally required: payment references (7 years) and admin audit log entries relating to your account (12 months).

11. Your rights under UK GDPR

  • Access — export everything we hold about you as a JSON bundle from Settings → Data export.
  • Rectification — edit your profile, ideas, and preferences in-app, or contact us for fields you cannot edit yourself.
  • Erasure ("Right to be Forgotten") — delete your account from Settings → Delete account, subject to legal retention obligations.
  • Restriction — ask us to pause processing of your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format (JSON).
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at hello@rogersai.co.uk. We will respond within 30 days. We may need to verify your identity before processing your request.

12. Right to complain

If you have concerns about how we handle your personal data, please contact us first at hello@rogersai.co.uk — we will do our best to resolve the matter promptly.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Telephone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Children's data

Rogers AI is intended for use by adults (18+) in a professional context. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data, please contact us at hello@rogersai.co.uk and we will delete it promptly.

14. Changes to this policy

We may update this policy from time to time. Material changes will be notified to you by email or via an in-app notice. The "Last updated" date at the top of this page will always reflect the current version. Continued use of the platform after changes constitutes acceptance of the updated policy.

15. Contact

Rogers AI
hello@rogersai.co.uk
rogersai.co.uk
Intuitive AI Ltd, The Offices, 57 Newtown Road, Hove, BN3 7BA

From corporate leaver to launched founder. Validation, planning, brand, launch, all in one place.

Product

PricingRoadmapContact

Legal

PrivacyTermsCookies
© 2026 Intuitive AI Ltd, trading as Rogers AI. Company number 13105928. VAT 508997340. Registered: The Offices, 57 Newtown Road, Hove, BN3 7BA.