Turn your ROPA into live compliance workflow.

ROPAi helps privacy and legal teams capture processing once, then run the work that follows from the same record: EDPB-aligned DPIAs, EU AI Act FRIAs, ICO AI Audit checks, and supplier review.

See the workflow →

Structured for UK/EU privacy work ROPAi Ltd · Company No. 17127400 EU-hosted data Companies House · 17127400 From £99/month

app.ropai.io

New ROPA Entry

Article 30 AI Interview · Customer Newsletter

⚡ AI Interview

ROPAi Assistant

Article 30 Interview

Live

Who is the controller for this processing activity? This is usually your company name — for customer data, that's you.

Acme Digital Ltd — we're collecting customer emails for our newsletter.

Got it. What's the legal basis for processing? For newsletter subscribers, this is typically consent — did users opt in explicitly?

Article 30 fields completed 5 / 13

Controller ✓ Purpose ✓ Data types ✓ Recipients ✓ Transfers ✓ Legal basis Retention Security

Capture once. Govern from the same record.

Capture the operational truth

Answer plain-English questions about each processing activity. The workflow is designed for operational teams, not privacy specialists only.

Article 30 mapped

Turn ROPA into assessments

ROPAi structures the entry and opens the downstream work around it, including DPIA, FRIA, AI governance, and supplier actions.

AI-powered

Review, finalise, and export

Teams can edit, review, and finalise structured outputs instead of relying on black-box drafting or disconnected spreadsheets.

Always up to date

Step 1 · Discover

Interview the business once. Run the assessments from there.

ROPAi asks operational questions your team can actually answer, maps them into Article 30 structure, and turns the result into the starting point for privacy and AI governance work.

No legal jargon in the capture workflow
Guided prompts for controllers, processors, transfers, retention, and AI use
Structured outputs that teams review, finalise, and export

Primary outcome

3-5 min

Typical time per processing activity

What changes

13/13

Mandatory Article 30 fields mapped

Six things the register can drive immediately

AI ROPA Interview Live

Conversational AI captures the operational facts behind each processing activity and maps them into a structured Article 30 record.

EDPB DPIA Assessment Live

Full 5-step DPIA workflow aligned to the EDPB 2026 template, from screening through compliance analysis, risk assessment, mitigations, decision, and PDF export.

EU AI Act FRIA Live

Run Article 27 fundamental rights assessments with Annex III classification, rights-by-right review, mitigation tracking, linked privacy context, decisions, and PDF export.

ICO AI Audit Framework Live

Use a structured checklist for accountability, fairness, transparency, data quality, security, human oversight, and individual rights, with progress tracking and PDF export.

Supplier Intelligence Live

Track processors, review prompts, and contract timing so supplier oversight stays anchored to the underlying processing reality.

Audit-Ready Exports Live

Export your register, DPIA reports, FRIA assessments, and ICO audit results as structured CSV or professionally formatted PDF.

The register should not just exist. It should drive the work.

Without ROPAi

The register exists, but the real work stays messy.

Every DPIA, FRIA, supplier review, or export starts with people digging through old notes, spreadsheets, and disconnected documents to rebuild context.

Assessment work split across inboxes, files, and ad hoc trackers
AI governance sits separately from privacy governance
Reviews and follow-up depend on memory and manual chasing

With ROPAi

Capture the processing once. Run the rest from there.

ROPAi turns the register into the operating layer for DPIA, FRIA, supplier review, and exportable outputs, while keeping judgment and sign-off with your team.

One record drives connected privacy and AI governance workflows
Structured outputs stay editable, reviewable, and easier to evidence
Teams spend less time reconstructing context and more time deciding well

Early-access pricing for teams building the right operating model

Choose the plan that fits your stage, then start with a 30-day free trial.

Starter

For lean teams

Best for smaller organisations building a solid privacy operating baseline around the register.

£99_/mo

50 processing activities · 1 seat

AI ROPA interview
DPIA screening
Processor register & supplier intelligence
CSV & PDF export
DSAR workflow — not included
FRIA & ICO AI Audit — not included
Approval gates — not included

Recommended for active programmes

Growth

Best for active programmes

Best for privacy teams that need AI governance workflows, audit structure, and collaboration across a growing register.

£249_/mo

Unlimited processing activities · 5 seats

Everything in Starter
Unlimited ROPA entries
DSAR workflow & workload queue
Approval gates
EU AI Act FRIA
ICO AI Audit framework
Audit & evidence log
Multi-user collaboration (5 seats)

Professional

For mature governance teams

Best for organisations coordinating cross-functional reviews, connected assessments, and stronger governance control.

£499_/mo

Unlimited processing activities · 10 seats

Everything in Growth
Full DPIA workspace
Transfers oversight workspace
LIA workflow
Multi-stage approvals
10 seats
Multi-client orgs — not included
White-label — not included

Practice tier

DPO Practice

For consultancies and external DPO teams managing multiple client organisations under one operating model.

Multi-client orgs White-label Unlimited seats Dedicated support

£799_/mo

Questions before early access?

What is live in ROPAi today?

ROPAi currently supports AI-assisted ROPA capture, EDPB-aligned DPIA assessment, EU AI Act FRIA, ICO AI Audit workflow, supplier intelligence, and CSV or PDF export. A few higher-tier coordination features are still upcoming in early access.

How is AI used in the product?

ROPAi uses AI to structure interviews, draft assessment content, and help teams move faster, but outputs remain editable and reviewable. The product is designed so DPO, legal, and compliance teams keep judgment and sign-off. Anthropic's commercial terms exclude customer data from model training.

Do you have a Data Processing Agreement we can sign?

Yes. Our DPA, sub-processor list, and security one-pager are available on request from [email protected]. Sub-processors today are Supabase (database, EU-Ireland), Netlify (hosting), Anthropic (AI processing), and Stripe (billing). We will not represent provider certifications as our own — see Trust & Security.

Are you ISO 27001 or SOC 2 certified?

Not yet. Cyber Essentials Plus is in progress for Q2 2026. ISO/IEC 27001 is targeted for Q4 2026. SOC 2 Type I is targeted for Q2 2027. Our infrastructure providers (Supabase, Netlify, Stripe) maintain their own certifications, which we rely on but do not present as our own.

Who is ROPAi best for?

ROPAi is best for SME compliance teams, in-house DPOs, privacy managers, and external DPO or consultancy teams that need more than a static register. It is built for teams that want connected operational workflows around the record of processing.

How does early access onboarding work?

ROPAi is onboarding a small number of teams directly. Once you join the waitlist, we review fit, reply from [email protected], and handle onboarding in a founder-led way for selected organisations.

Where is customer data stored?

Customer data is stored in the EU, in Ireland, on Supabase infrastructure. ROPAi is designed for UK and EU privacy teams and reflects that in its data-hosting posture.

Own your compliance.
Join early access.

ROPAi is onboarding a small number of early teams. Share your details and we’ll reply directly if there’s a fit.

You’re on the list.

Your early-access request has been sent to the ROPAi team. We’ll reply from [email protected] with next steps if there’s a good fit for the current onboarding group.

UK GDPR compliant EU-hosted · Ireland Early access Built for UK SMEs & DPOs