Rootly Hair Growth Tracker
← Back to Home

Legal

Privacy Policy

Effective Date: January 1, 2025

Rootly ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, disclose, and protect your information when you use the Rootly: Hair Growth Tracker mobile application and related services. By creating an account or using Rootly, you agree to the practices described here.

1. Eligibility

Rootly is intended for individuals 13 years of age or older. We do not knowingly collect personal information from anyone under 13. If we learn that a user under 13 has provided personal data, we will promptly delete it. Users between 13 and 18 should have parental consent before using the app.

2. Information We Collect

A. Personal Information

  • Name and email address (via Apple or Google Sign In)
  • Gender and birth year
  • Profile details provided during onboarding

B. Hair & Health Data

  • Hair goals and hair situation
  • Medication and supplement usage
  • Daily hair care routine logs
  • Progress photos you choose to upload
  • Shed counts, scalp health notes, and other self-reported data

C. Device & Technical Data

  • IP address and approximate location
  • Device type and operating system
  • App usage patterns, screen views, and crash logs
  • Analytics data used to improve performance

D. Account & Authentication

  • Apple Sign In credentials
  • Google Sign In credentials

E. Purchase Information

  • Subscription status and transaction history processed through Apple and RevenueCat

3. How We Use Your Information

  • To provide and personalize the Rootly experience
  • To track your hair growth progress over time
  • To manage your subscription and provide access to Rootly Pro features
  • To send reminders and notifications you have opted into
  • To improve the app, fix bugs, and analyze usage patterns
  • To comply with legal obligations and prevent fraud

4. Progress Photos

Photos you upload are stored privately in a secure, access-controlled storage bucket. They are only visible to you and are never used for advertising, shared with third parties, or used to train AI models.

5. Data Storage & Security

Your data is stored securely using Supabase, a trusted cloud database provider. We use the following security practices to protect your information:

  • HTTPS encryption for all data in transit
  • Encryption at rest for stored data
  • Access controls and isolated databases
  • Private, access-controlled storage for progress photos
  • Periodic security reviews

No system can guarantee perfect security, but we continually work to protect your information.

6. Data Sharing

We do not sell your personal data. We do not share your information with third parties except as necessary to operate the app or as required by law. We work with the following service providers:

Infrastructure & Authentication

Subscriptions

Legal

We may disclose information if required to comply with applicable law, court orders, or to protect the safety of our users or others.

7. Data Retention

We retain your personal data only for as long as necessary to provide the Rootly service and fulfill the purposes outlined in this policy. When your account is deleted, your personal data is removed from our systems within 30 days, except where retention is legally required.

8. International Data Transfers

Your data may be processed and stored in the United States or other countries where our service providers operate. By using Rootly, you consent to the transfer of your information to these locations, which may have different data protection laws than your country of residence.

9. Your Rights

General Rights

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that we correct inaccurate data
  • Deletion: Request deletion of your account and associated data
  • Opt-out: Opt out of push notifications at any time through your device settings

European Union Users (GDPR)

If you access Rootly from the European Union, you have additional rights under GDPR:

  • Data portability
  • Restriction of processing
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at customersupport.rootly@gmail.com.

10. Cookies & Analytics

Rootly may use analytics tools to understand how users interact with the app, improve performance, and fix issues. This data is aggregated and does not identify you personally. You may limit analytics collection through your device settings.

11. Children's Privacy

Rootly is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent update. We will notify you of significant changes by updating the date and, where appropriate, through an in-app notification.

Contact Us

If you have any questions, data requests, or privacy concerns, please reach out:

Email: customersupport.rootly@gmail.com