Privacy at Robbie

We collect the following categories of personal data from researchers who hold accounts on the Robbie platform, and from visitors to robbieasks.com:

• Account data — your name, email address, organisation, password hash, login activity, and session metadata.
• Server-side access logs— which pages and API endpoints are accessed, retained for up to 90 days under our hosting provider’s default retention.
• Communications — emails you send to privacy@robbieasks.com.

We rely on the following lawful bases under Article 6 of the UK GDPR:

• Performance of a contract (Art. 6(1) (b)) — to provide the Robbie service to the researcher who holds the account.
• Legitimate interests (Art. 6(1)(f)) — to secure the platform (including IP-based rate limiting of unauthenticated endpoints), prevent fraud, and improve the product. We do not rely on legitimate interests to process interview content.

Robbie hosts data in the United Kingdom and the European Economic Area where practicable. Where data is transferred to organisations in the United States (see section 04), those transfers are covered by appropriate safeguards in each sub-processor’s Data Processing Agreement — including Standard Contractual Clauses, the UK Addendum, and the EU–US Data Privacy Framework where the recipient is certified. Copies of each DPA are available on request from privacy@robbieasks.com.

You have rights under UK GDPR to:

• access the personal data we hold about you;
• request correction of inaccurate data;
• request erasure of your data;
• request restriction of processing;
• data portability;
• object to processing carried out under legitimate interests;
• withdraw consent where processing is based on consent.

To exercise any of these rights, or to raise a complaint about how we handle your data, email privacy@robbieasks.com. We will respond within 48 hours. You may also complain to the Information Commissioner’s Office at ico.org.uk/make-a-complaint.

The data controller is Robbie the Researcher Ltd, 41 North End Road, Flat 2, London, NW11 7RL. Our privacy contact is privacy@robbieasks.com. Our registration number with the Information Commissioner’s Office is ZC163063. We are not required to appoint a Data Protection Officer under Article 37 UK GDPR.

The researcher who invited you is the data controller for your interview. They are responsible for the lawful basis on which they collect your responses and for telling you, in their own privacy notice, how they will use them. Their identity and contact email are shown to you on the consent screen.

Robbie is the data processor. We store and process your responses only on the researcher’s documented instructions. We do not use your responses for our own purposes, including AI training, marketing, or analytics.

Your interview is conducted by Robbie, an AI system. Your responses are processed automatically to generate a summary and to run a check for sensitive information. A human researcher reviews the output.

The following is what we technically process on the researcher’s behalf:

• The text of the conversation you have with Robbie.
• An AI-generated summary of that conversation, plus a cross-interview summary that combines patterns across all participants in the same study. To help the researcher tell participants apart at a glance, your first name and job-role (taken from the intake form) are displayed next to themes and quotes that come from your interview. Your email is never shown in the summary.
• The name, email, and job-role information you enter on the intake form.
• A consent record (timestamp, a hashed copy of your IP address, user-agent, and a hash of the notices shown to you), which we retain to evidence that valid consent was captured.
• After your interview ends, an automated check scans the transcript and overwrites any text that appears to fall under one of the special-category sensitive types listed in section 2.5with a neutral “[special category data redacted]” placeholder. The researcher and the automated summary then see the placeholder — not the original wording. We retain a record of which message and category were redacted for our own audit and rights-request handling, but we do not retain the original text on our side.

If you choose to speak your answers (rather than type), your microphone audio is streamed to a transcription sub-processor (listed in section 4.1), converted to text, and the audio is discarded immediately. We do not store voice recordings — only the transcript appears in your saved conversation. If you also choose to have Robbie speak his questions back to you, the text of each question is streamed to a separate text-to-speech sub-processor (also listed in section 4.1), which converts it to synthesised speech played in your browser. The text-to-speech provider retains voice generations for up to 3 years in accordance with their privacy policy. The provider does not use data generated via their API to train or improve their models — this applies to all API customers by default. Nothing is stored on our servers — the provider retains data on theirs per the policy above.

We retain your transcript, summary, and consent record for the duration of the researcher’s account. You can request deletion at any time by contacting the researcher named in the consent notice; they will pass the request to us and we will action it within 30 days. You may also contact us directly — see section 2.4. Deleted data may persist in encrypted backups for up to 30 days, after which it expires.

You may exercise your rights under UK GDPR or, if you are based in the EEA, EU GDPR (access, rectification, erasure, restriction, portability, withdrawal of consent) by emailing privacy@robbieasks.com from the email address you used at intake. We will verify your identity by sending you a confirmation link before we action your request. We will action it within 48 hours.

You may also contact the researcher directly using the email shown on the consent screen. If you are based in the UK, you may complain to the Information Commissioner’s Office at ico.org.uk/make-a-complaint. If you are based in the EEA, you may complain to the supervisory authority in your EU member state.

Robbie aims to never store sensitive personal information — “special-category data” under Article 9 of the UK GDPR and EU GDPR — such as health, racial or ethnic origin, political opinion, religious belief, trade-union membership, sex life or sexual orientation, biometric data used for identification, or genetic data. We use three layers to keep this information out of the stored transcript:

1. Robbie won’t ask. The interview prompt instructs Robbie not to ask about and not to encourage you to share any of those categories. If you start to share something in one of them, Robbie is instructed to acknowledge briefly and steer the conversation back to the research topic rather than probe further.
2. We don’t keep what slips through. When your interview ends, an automated check scans the transcript and overwrites any text that appears to fall under one of those categories with a neutral “[special category data redacted]” placeholder. The researcher sees the placeholder in the transcript — not the original wording. We do notretain the original wording on our side. We do retain a minimal audit record — the category of information detected and the time it was removed — for rights-request handling, but not the text itself. The automated check is tuned to err on the side of removing too much rather than missing genuine sensitive content, so an occasional unrelated sentence may be redacted as a side-effect. The researcher will see that something was removed at that position in the transcript but will not see what it was, and our automated summary of the transcript is also instructed to leave any such material out of its themes and quotes.
3. A note on Anthropic’s logs. During your interview, the text of your messages is sent to our large-language-model sub-processor, Anthropic (see section 4.1), so it can generate Robbie’s replies. After your interview ends, the transcript is sent to Anthropic one more time to run the automated check described in point 2 above. Anthropic’s standard request logs may retain message content for up to 30 days before they expire — this covers both the live-interview calls and the post-interview check. We do not store, copy, or extend those logs on our side.

Please still try not to volunteer sensitive information. And if you have shared something you would like checked or removed independently of the automated step above, you can ask us using the contact in section 2.4.

If, in the future, we introduce analytics or marketing technologies, we will present you with a PECR-compliant consent banner before any non-essential cookie is set. The banner will offer “Accept all” and “Reject all” at equal prominence and granular controls per category. We will update this section before that change takes effect.

You can also block or delete cookies through your browser settings — see aboutcookies.org. Blocking the strictly-necessary cookies above will prevent you from logging in to a Robbie account.

When an error occurs in your browser, Sentry records a short diagnostic snapshot using browser local storage to help us diagnose the bug. All text is masked and all media is blocked before anything is transmitted.

We give researchers 30 days’ written notice before adding or replacing a sub-processor. To receive these notices by email, contact privacy@robbieasks.com. During the notice period, a researcher may object on reasonable data-protection grounds; if we cannot reach agreement, the researcher may stop using the Robbie service without penalty.

By accepting our terms of service or signing a data-processing agreement with Robbie, the researcher provides general authorisation, under Article 28(2) UK GDPR and EU GDPR where applicable, for Robbie to engage the sub-processors listed above and any additional sub-processors of which it gives notice in accordance with clause 4.2.