Rooots

Legal

Privacy Policy

Last updated: June 17, 2026 · Version 1.0

Rooots LLC ("Rooots," "we," "us," or "our") operates the website at rooots.net and the software-as-a-service application at app.rooots.net (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and protect information when you use the Service.

By using the Service, you agree to the practices described in this Privacy Policy.

1. Who We Are

Rooots LLC is a limited liability company registered in Idaho, with its principal place of business in Coeur d'Alene, Idaho. We provide an operating system for owner-led businesses, including compliance tracking, certifications, document filing, AI visibility scoring, and operational management tools.

For privacy questions, contact us at: support@rooots.net

2. Information We Collect

We collect information in three categories:

2.1 Information You Provide Directly

  • Account Information: name, business name, email address, phone number, business industry, business location (city, state), and password
  • Payment Information: processed by Stripe — we do NOT store credit card numbers on our servers. We retain only the last four digits, card type, and expiration date for billing reference
  • Business Records: documents, certifications, employee records, vendor information, compliance records, and other business data you upload or enter
  • Communications: any messages you send to support, feedback you provide, or other communications

2.2 Information Collected Automatically

  • Usage Data: pages visited, features used, time spent in the Service, click patterns, and similar interaction data
  • Device Information: IP address, browser type, operating system, device type, and screen resolution
  • Cookies: see our Cookie Policy for details

2.3 Information from AI Processing

When you use AI features of the Service:

  • Smart Scan: photographs of documents are sent to Anthropic's Claude API for text extraction and categorization
  • Voice Onboarding: voice recordings are sent to OpenAI's Whisper API for transcription
  • AI Visibility Score: publicly available data about your business (Google Reviews, business listings) is analyzed using Anthropic's Claude API

These third-party AI services process your data according to their respective terms. We use these services exclusively for delivering the features described, and we do NOT use your business data to train AI models.

3. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions
  • Communicate with you about your account, the Service, and transactional matters (welcome emails, trial reminders, payment confirmations, password resets)
  • Send marketing communications about Rooots features, updates, and offers (you may opt out at any time)
  • Detect, prevent, and address technical issues, fraud, or abuse
  • Comply with legal obligations
  • Analyze usage patterns to improve the Service

4. How We Share Information

We do not sell your information. We do not share your business data with third parties for their marketing purposes.

We share information only in the following limited circumstances:

4.1 Service Providers

We use the following service providers to operate the Service. Each receives only the information necessary to perform their function:

ProviderPurposeData Shared
StripePayment processingName, email, payment information
SupabaseDatabase and authenticationAll account and business data
VercelApplication hostingAll Service traffic and data
ResendTransactional and marketing emailsName, email, message content
AnthropicAI text/document analysis (Claude API)Document images, voice transcripts (deleted after processing)
OpenAIVoice transcription (Whisper API)Voice recordings (deleted after processing)
Google (Maps, Workspace, Analytics)Maps data, business email, web analyticsAggregated usage data, no PII
Meta (Facebook Pixel)Marketing analyticsAnonymized website interaction data

4.2 Legal Compliance

We may disclose information if required by:

  • Court order, subpoena, or other legal process
  • Government investigation or regulatory request
  • Protection of our rights, property, or safety, or that of our users or the public

4.3 Business Transfers

If Rooots is acquired, merged with another company, or sells substantially all of its assets, your information may be transferred to the successor entity. You will be notified of any material change in ownership or control of your data.

5. Data Storage and Security

5.1 Where Your Data Lives

Your data is stored on servers operated by Supabase (primary database) and Vercel (application hosting). Both are US-based providers using AWS infrastructure with data centers in the United States.

5.2 Security Measures

We implement industry-standard security practices, including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Multi-factor authentication available for all accounts
  • Encrypted storage of sensitive credentials (OAuth tokens, payment login details)
  • Access controls limiting Rooots employee access to customer data
  • Regular security audits and updates

Important honest disclosure: Despite these measures, no system is 100% secure. We cannot guarantee that unauthorized parties will never access your data. You are responsible for maintaining the security of your account password.

5.3 Employee Access to Customer Data

Rooots employees do NOT view, read, or access customer documents, business records, or personal data except:

  • When explicitly requested by you for support purposes
  • When required by law or to investigate suspected fraud or abuse
  • Aggregated, anonymized data used for service improvement

6. Data Retention

  • Active Accounts: We retain your data for as long as your account is active
  • Cancelled Accounts: We retain your data in read-only form for 90 days after cancellation, allowing you to reactivate. After 90 days, all data is permanently deleted
  • Backups: Backups are retained for 30 days for disaster recovery purposes
  • Legal Holds: We may retain data longer if required by law or pending legal proceedings

7. Your Rights

Depending on your location, you may have the following rights:

7.1 All Users

  • Access: request a copy of the personal information we hold about you
  • Correction: ask us to correct inaccurate information
  • Deletion: request that we delete your information (subject to legal retention requirements)
  • Portability: receive your data in a machine-readable format
  • Opt-out of Marketing: unsubscribe from marketing emails at any time using the link in each email

7.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights:

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to delete personal information (with exceptions)
  • Right to opt out of the sale or sharing of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your rights
  • Right to limit use of sensitive personal information

7.3 European Economic Area Residents (GDPR)

If you are in the EEA, UK, or Switzerland, you have rights under GDPR including:

  • Right of access, rectification, erasure, restriction of processing, data portability, and objection
  • Right to lodge a complaint with a supervisory authority
  • Right to withdraw consent at any time

7.4 How to Exercise Your Rights

Email us at support@rooots.net with the subject "Privacy Request." We will respond within 30 days (45 days for complex requests). We may require verification of your identity before processing requests.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor, contact us immediately at support@rooots.net.

9. International Data Transfers

If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

For users in the EEA, we rely on Standard Contractual Clauses (SCCs) for cross-border transfers as required by GDPR.

10. Marketing Communications

When you sign up for Rooots, you consent to receive transactional emails (account, billing, security) AND marketing emails about features, updates, tips, and offers.

You may unsubscribe from marketing emails at any time by clicking the "Unsubscribe" link in any marketing email. You will continue to receive transactional emails necessary for the operation of your account.

11. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of third parties. We encourage you to read the privacy policies of any third-party services you use.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the "Last Updated" date at the top
  • Notify you via email or in-app notification for material changes
  • Require renewed consent for changes that materially expand our use of your data

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy:

Rooots LLC Coeur d'Alene, Idaho Email: support@rooots.net

For privacy-specific inquiries, include "Privacy" in your subject line for fastest response.

This Privacy Policy is effective as of June 17, 2026.

↑ Back to top