You're trusting Roadmap with sensitive information — your team's performance, your company's strategy, your coaching notes. We don't take that lightly. Here's everything you need to know about how we protect it.
Roadmap stores information that helps you manage your team — things like notes from conversations, performance metrics, development goals, strategic milestones, and follow-up items. This includes information about your team members and your organisation's goals, which we recognise is sensitive. That's exactly why we've built privacy and security into the foundation of the app, not as an afterthought.
No. Roadmap uses pseudonymisation for all team member identities. When you add someone to your People Hub, their display name only ever lives in your browser session — what's stored in our database is an anonymised identifier. If anyone were to access the raw database without authorisation, they would see codes and metrics, never a real person's name attached to sensitive performance or development data.
Yes. The following categories of data are encrypted at rest in our database: strategic plan content (including annual goals and quarterly milestones), KPI names, targets, and actuals, scorecard notes and monthly summaries, coaching notes and development log entries, 1:1 reminders and focus behaviours, all Quick Capture log content, and weekly and monthly priority text. This means that even in the unlikely event of unauthorised database access, your sensitive business information is not readable in plain text.
Only you. Roadmap uses Row Level Security — a database-level access control — which means every piece of data is locked to the user account that created it. It is technically impossible for another Roadmap user to access your team's data, your strategic plan, or your notes. Our team at Together She Leads can see aggregate, anonymised usage data for product improvement purposes — but never your specific content.
Yes — Roadmap uses the Anthropic API to power features like strategic plan breakdown, weekly priority generation, and coaching prompts. When these features run, only the minimum necessary information is sent to generate a response. We never send real team member names to the AI — all AI calls reference anonymised identifiers only. Anthropic's API does not use your data to train their models under our usage agreement.
Yes. You can opt out of your data being used for any model training purposes at any time from your account settings. This applies to all data you've entered into Roadmap.
Your data is stored on Supabase, a secure cloud database provider that meets enterprise-grade compliance standards. Data is stored in your selected region and does not move across regions by default.
Roadmap is designed with GDPR and CCPA principles in mind, including data minimisation, user control, and the right to deletion. Our underlying infrastructure providers — Supabase and Anthropic — both maintain industry-standard compliance certifications. As Roadmap grows, we are committed to maintaining and expanding our compliance posture.
Yes, completely and permanently. You can delete your account and all associated data at any time from your account settings. When you delete your account, all of your data — team member profiles, notes, scorecards, strategic plan, development logs, and priorities — is permanently removed from our systems. We do not retain it.
In the unlikely event of a security incident that affects your data, we will notify you promptly and transparently — what happened, what data was involved, and what we're doing about it. We will never try to hide or minimise a security incident. Your trust matters more than our reputation in any given moment.
We take a layered approach to security: all data in transit is encrypted via HTTPS/TLS, sensitive database fields are encrypted at rest, Row Level Security ensures strict data isolation between users, API keys and credentials are never stored in client-side code, we conduct regular security reviews and apply updates to address vulnerabilities, and our codebase is maintained in a private repository.
No. Roadmap is a personal management tool — it belongs to you, not your employer. Your company does not have access to your Roadmap account or any of the data inside it unless you explicitly choose to share something. This is one of the core principles of the product: Roadmap is built for you, not for HR.
We're happy to talk through any concerns. Reach us at privacy@herroadmap.com and we'll respond within one business day. If you're evaluating Roadmap for a team or organisation and need more detailed security documentation, we can provide that too.
Roadmap is built by Together She Leads. We are committed to updating this page whenever our security and privacy practices change. Last updated: March 2026.
Join fellow managers who trust Roadmap to help them lead with clarity and confidence.
Start your free trial