Privacy Policy

Only what's needed to run Roots:

• Your email address (so you can sign in)
• Your display name and avatar letter (shown to your team)
• Your team's name and weekly KPIs (the data you create)
• Hours you log against your KPIs
• Stripe customer + subscription IDs (for billing — Stripe handles your card details, we never see them)

• Your card or bank details (Stripe handles all of that)
• Tracking pixels, advertising cookies, or social-media trackers
• Anything from third-party data brokers

Only people on your team see your team's KPIs. Beyond that, the third parties involved in running Roots are:

• Clerk — handles authentication. They store your email and password (hashed).
• Neon — Postgres database where your team's data is stored.
• Vercel — hosts the application.
• Stripe — processes payments. They store your card details on their PCI-compliant infrastructure.
• Resend — sends transactional emails (invitations, welcome). They see your email address only.

We don't sell or share your data with anyone else, ever.

We use only essential cookies to keep you signed in. No advertising or analytics cookies.

You can:

• Export your team's data at any time (Pro add-on includes this; on request otherwise)
• Delete your account or your team — this permanently removes all your data
• Ask us what data we hold about you, and we'll send it

Email hello@rootsplanner.xyz with any request.

Database in EU-West (London). Stripe and Clerk operate globally with EU presence.

If we change anything material, we'll email everyone with an active account before the change takes effect.

Roots is operated by Roots. Questions: hello@rootsplanner.xyz.