EU-HOSTED  ·  GDPR-NATIVE  ·  ENFORCED AT RUNTIME

The control plane for enterprise AI.

AI gateway, policy engine, MCP supply-chain protection, real-time DLP and cost control — consolidated into one auditable control plane that sees and governs every AI request as it happens.

FinlandBuilt in Helsinki for regulated European enterprises — no US Cloud Act exposure.

Governing every model your teams already use

OpenAI
OpenAI
Anthropic
Anthropic
Gemini
Gemini
Mistral
Mistral
Copilot
Copilot
Perplexity
Perplexity
Why it matters
Every prompt your team sends is a data-egress event. Roder is the only place you see them all — and the only place you can stop one.
Roder
The Roder thesisRuntime control over every AI principal
The unified platform

Everything you need to govern AI at scale.

Write a rule once — it protects every team, every model and every request, from a single control plane.

01

AI Gateway

Every request from every model — chat, agents and MCP tool calls — routed through one inline enforcement point, so nothing reaches a provider unseen or unlogged.

02

Policy Engine

Composable CEL policies evaluated at runtime, versioned and testable, so the same rule protects every team and every model without a single code change.

03

Real-time DLP

PII, secrets and source code detected and redacted in flight — on every prompt and every response — before a single token crosses your perimeter.

04

MCP Protection

Trust graphs and lethal-trifecta detection across every Model Context Protocol server your agents reach, with policy enforced on each individual tool call.

05

Agent & MCP Security

Access certifications and the full lifecycle for every principal — human and non-human — with periodic reviews, attestations and one-click revocation.

06

Cost & Budgets

Per-team token attribution, hard ceilings and a throttle mode that keeps enforcement running even after the budget is spent — security never lapses.

Connect everything

One platform, every model and tool.

Route 2,000+ models and 500+ MCP servers & tools — OpenAI, Anthropic, Gemini, Mistral and any OpenAI-compatible endpoint — through a single control plane.

One gateway for every model and tool you run
2,000+ models · 500+ tools
Sovereign by design

100% EU-hosted.
No US Cloud Act exposure.

Built and operated in Finland, deployable as EU-hosted SaaS or fully on-premise — engineered against the regulations your auditors actually ask about.

EU
Roder AI Oy · Helsinki, Finland · EU data residency
Engineered against
GDPREU AI ActDORANIS2EHDSCRAeIDAS 2.0ISO 27001ISO 42001SOC 2 Type II

Frequently Asked Questions

Everything you need to know about the Roder control plane.

What exactly is Roder?+
Roder is a single control plane for enterprise AI. It consolidates an AI gateway, policy engine, MCP supply-chain protection, real-time DLP and cost attribution into one auditable system — deployed as EU-hosted SaaS or fully on-premise.
How is this different from a CASB or an API gateway?+
A CASB sees network metadata; an API gateway routes traffic. Roder understands AI semantics — prompts, responses, tokens, MCP tool calls and the principals behind them — and enforces policy on the content itself, in real time, with a compliance-grade audit trail.
Where is my data hosted?+
In the EU, always. Roder runs entirely on European infrastructure with no US Cloud Act exposure, and can be deployed on-premise inside your own perimeter. The company is Finnish and operated from Helsinki.
How long does it take to deploy?+
Under an hour to a first EU-hosted trial. Point your AI traffic at the gateway and requests, principals and policy decisions start appearing immediately — no agents to install on every endpoint.
Which models and tools does Roder support?+
OpenAI, Anthropic, Google Gemini, Mistral, Microsoft Copilot, Perplexity and any OpenAI-compatible endpoint — over 2,000 models — plus 500+ MCP servers and tools your agents connect to. New providers route through the same gateway with no code change.
Does Roder help with the EU AI Act?+
Yes. Roder ships compliance packs that map its controls to the EU AI Act, GDPR, DORA and NIS2, backed by an immutable seven-year audit trail — so the evidence your auditors ask for is already there when enforcement begins in August 2026.

Take back control of your AI.

Spin up an EU-hosted trial in under an hour, or talk to the team that built it. Either way, you'll see every request by the end of the day.

TermsEffective 31 May 2026

Service Terms

The agreement between Roder and the organisations that use the platform. Plain where it can be, precise where it has to be.

Roder OyHelsinki, Finland
← Back to roder.ai
In plain English

You subscribe, we run an EU-hosted platform for you, you own your data and we only process it to deliver the service. Annual or monthly billing, 14-day trials, EU law. The detail below governs if anything is unclear.

1. The agreement

These terms form a binding contract between Roder Oy and the entity that subscribes. They cover all subscriptions, trials and proofs of value, unless a signed Master Services Agreement says otherwise.

2. The service

Roder is an EU-hosted AI security platform: an AI gateway, a policy engine, MCP supply-chain protection and a cost engine. Features vary by package and tier. The platform evolves over time, and paid subscriptions keep their functionality.

3. Subscription, trial and renewal

Subscriptions run annually or monthly. Trials last 14 days and can be extended in writing. Subscriptions renew for equal periods unless either party gives 30 days’ written notice, and we will give 60 days’ notice of any renewal price change.

4. Fees and payment

We invoice in euros: annual plans up front, monthly plans in advance each month, on net 14 terms. Overdue amounts carry statutory interest, and we may suspend the service after 30 days of non-payment with notice. Fees exclude VAT and other applicable taxes.

5. Acceptable use

You agree not to reverse engineer the platform, break the law or distribute malware through it, resell it without authorisation, circumvent rate limits, or use it to build a competing product. We may act immediately to stop active abuse.

6. Customer data and data processing

You remain the data controller. Roder acts as your processor, following your documented instructions in the subscription, these terms and the Data Processing Agreement. All production processing happens in the EU, and we help you respond to regulatory inquiries.

7. Security

Our security programme is aligned to ISO 27001, ISO 42001 and SOC 2 Type II principles. We will notify you of any material security incident affecting your data without undue delay and within 72 hours, and cooperate in good faith on the investigation.

8. Service levels and support

We target 99.9% monthly production uptime, excluding scheduled maintenance and force majeure. Support response targets are one business day on Core, four hours on Plus, one hour on Advanced and 30 minutes on Premium. Service credits, where they apply, are set out in the order form.

9. Intellectual property

Roder owns the platform and any de-identified improvements derived from usage. You own your data and content, and you grant Roder a limited licence to process it solely to provide the service.

10. Confidentiality

Each party protects the other’s confidential information with at least reasonable care and uses it only for the purpose of the agreement. These obligations survive for three years after termination, and trade secrets stay protected for as long as the law allows.

11. Warranties and disclaimers

Roder warrants that the platform will materially conform to its documentation during the subscription term. Beyond that, the service is provided as is, and implied warranties are disclaimed to the maximum extent the law permits.

12. Limitation of liability

Each party’s total liability is capped at the fees paid or payable in the preceding 12 months, except for confidentiality, IP infringement, indemnification and wilful misconduct. Neither party is liable for indirect or consequential damages, lost profits, or loss of data or goodwill.

13. Indemnification

Roder will defend you against third-party claims that the unmodified platform infringes intellectual property rights in the EU or EEA, and cover the damages awarded, provided you notify us promptly and cooperate in the defence.

14. Term and termination

Either party may terminate for a material breach that stays uncured 30 days after written notice. On termination your right to use the service ends, and Roder will delete or return your data within 30 days, subject to any legal retention duty.

15. Governing law and venue

Finnish law governs these terms, excluding its conflict-of-law rules. The exclusive venue is the District Court of Helsinki, except that either party may seek injunctive relief for IP or confidentiality in any competent court.

16. Changes and contact

We may update these terms by posting a revised version with a new date, and we will give active customers at least 30 days’ notice of any material change.

Roder Oy

Helsinki, Finland
Sales: sales@roder.ai
Compliance: compliance@roder.ai

Need this as a signed MSA?

Enterprise agreements, DPAs and security documentation are available on request.