AI gateway, policy engine, MCP supply-chain protection, real-time DLP and cost control — consolidated into one auditable control plane that sees and governs every AI request as it happens.
Governing every model your teams already use
Watch requests, blocked attempts and DLP redactions in real time.
Learn more →Every principal mapped, connected and continuously risk-scored.
Learn more →Govern every Model Context Protocol server your agents touch.
Learn more →Discover, score and govern every AI agent and MCP server.
Learn more →Route any model through the gateway with one set of keys.
Learn more →





Write a rule once — it protects every team, every model and every request, from a single control plane.
Every request from every model — chat, agents and MCP tool calls — routed through one inline enforcement point, so nothing reaches a provider unseen or unlogged.
Composable CEL policies evaluated at runtime, versioned and testable, so the same rule protects every team and every model without a single code change.
PII, secrets and source code detected and redacted in flight — on every prompt and every response — before a single token crosses your perimeter.
Trust graphs and lethal-trifecta detection across every Model Context Protocol server your agents reach, with policy enforced on each individual tool call.
Access certifications and the full lifecycle for every principal — human and non-human — with periodic reviews, attestations and one-click revocation.
Per-team token attribution, hard ceilings and a throttle mode that keeps enforcement running even after the budget is spent — security never lapses.
Route 2,000+ models and 500+ MCP servers & tools — OpenAI, Anthropic, Gemini, Mistral and any OpenAI-compatible endpoint — through a single control plane.
Built and operated in Finland, deployable as EU-hosted SaaS or fully on-premise — engineered against the regulations your auditors actually ask about.
Everything you need to know about the Roder control plane.
Spin up an EU-hosted trial in under an hour, or talk to the team that built it. Either way, you'll see every request by the end of the day.
The agreement between Roder and the organisations that use the platform. Plain where it can be, precise where it has to be.
You subscribe, we run an EU-hosted platform for you, you own your data and we only process it to deliver the service. Annual or monthly billing, 14-day trials, EU law. The detail below governs if anything is unclear.
These terms form a binding contract between Roder Oy and the entity that subscribes. They cover all subscriptions, trials and proofs of value, unless a signed Master Services Agreement says otherwise.
Roder is an EU-hosted AI security platform: an AI gateway, a policy engine, MCP supply-chain protection and a cost engine. Features vary by package and tier. The platform evolves over time, and paid subscriptions keep their functionality.
Subscriptions run annually or monthly. Trials last 14 days and can be extended in writing. Subscriptions renew for equal periods unless either party gives 30 days’ written notice, and we will give 60 days’ notice of any renewal price change.
We invoice in euros: annual plans up front, monthly plans in advance each month, on net 14 terms. Overdue amounts carry statutory interest, and we may suspend the service after 30 days of non-payment with notice. Fees exclude VAT and other applicable taxes.
You agree not to reverse engineer the platform, break the law or distribute malware through it, resell it without authorisation, circumvent rate limits, or use it to build a competing product. We may act immediately to stop active abuse.
You remain the data controller. Roder acts as your processor, following your documented instructions in the subscription, these terms and the Data Processing Agreement. All production processing happens in the EU, and we help you respond to regulatory inquiries.
Our security programme is aligned to ISO 27001, ISO 42001 and SOC 2 Type II principles. We will notify you of any material security incident affecting your data without undue delay and within 72 hours, and cooperate in good faith on the investigation.
We target 99.9% monthly production uptime, excluding scheduled maintenance and force majeure. Support response targets are one business day on Core, four hours on Plus, one hour on Advanced and 30 minutes on Premium. Service credits, where they apply, are set out in the order form.
Roder owns the platform and any de-identified improvements derived from usage. You own your data and content, and you grant Roder a limited licence to process it solely to provide the service.
Each party protects the other’s confidential information with at least reasonable care and uses it only for the purpose of the agreement. These obligations survive for three years after termination, and trade secrets stay protected for as long as the law allows.
Roder warrants that the platform will materially conform to its documentation during the subscription term. Beyond that, the service is provided as is, and implied warranties are disclaimed to the maximum extent the law permits.
Each party’s total liability is capped at the fees paid or payable in the preceding 12 months, except for confidentiality, IP infringement, indemnification and wilful misconduct. Neither party is liable for indirect or consequential damages, lost profits, or loss of data or goodwill.
Roder will defend you against third-party claims that the unmodified platform infringes intellectual property rights in the EU or EEA, and cover the damages awarded, provided you notify us promptly and cooperate in the defence.
Either party may terminate for a material breach that stays uncured 30 days after written notice. On termination your right to use the service ends, and Roder will delete or return your data within 30 days, subject to any legal retention duty.
Finnish law governs these terms, excluding its conflict-of-law rules. The exclusive venue is the District Court of Helsinki, except that either party may seek injunctive relief for IP or confidentiality in any competent court.
We may update these terms by posting a revised version with a new date, and we will give active customers at least 30 days’ notice of any material change.
Roder Oy
Helsinki, Finland
Sales: sales@roder.ai
Compliance: compliance@roder.ai
Enterprise agreements, DPAs and security documentation are available on request.