Privacy Policy

Account information. When you create an account, we collect your email address and a hashed version of your password. You may optionally provide a username and ZIP code.

Usage data. We collect information about how you interact with Rootstock, including the projects you generate, categories you browse, and features you use. This helps us improve the service.

Build log content. When you create a build log entry, we store the note text, any photos you upload, and whether you marked the entry public or private.

Inventory data. Items you add to your homestead inventory are stored in your account.

Payment information. If you subscribe to Rootstock Pro, payment is handled by Stripe. We do not store your credit card number, expiry date, or CVV. We receive confirmation of successful payments and your subscription status from Stripe.

Anonymous sessions. If you use Rootstock as a guest, we assign a temporary anonymous session. No personally identifiable information is collected unless you create a full account.

We use the information we collect to:

• Provide, operate, and improve the Rootstock service.
• Personalise your experience, including displaying your inventory when generating project guides.
• Process payments and manage your subscription.
• Send transactional emails such as password resets (we do not send marketing emails unless you subscribe to the Homestead Weekly newsletter).
• Monitor for abuse, fraud, and security threats.
• Analyse aggregate usage patterns to improve AI output quality and app features.

We do not sell your personal data to third parties. We do not use your data to train AI models.

When you generate a project guide or use the inventory detection feature, your inputs — including any photos you upload and your project description — are sent to third-party AI providers (currently Groq and Google AI) to generate a response. These providers process your data under their own privacy policies and terms. We encourage you to review them:

• Groq Privacy Policy
• Google Privacy Policy

We do not send your full account profile or personally identifiable information to AI providers. Only the content of your specific request (project description, photo, or question) is transmitted.

Your data is stored in Supabase, a managed database platform. Data is encrypted at rest and in transit using industry-standard TLS. Authentication is handled by Supabase Auth with secure password hashing.

Access to your data within our database is governed by Row Level Security (RLS) policies — meaning your data can only be accessed by your own authenticated session, not by other users.

No security system is perfect. While we take reasonable measures to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately.

Photos you upload for inventory detection or build log entries are stored as part of your account data. If a build log entry is marked public, its associated photo will be visible to other users and anyone with the shareable link.

Photos submitted for AI inventory detection are sent to our AI providers for analysis and are not permanently stored by those providers beyond the scope of the individual request.

If you mark a build log entry as public, the following information becomes visible to all Rootstock users and anyone with the shareable link: your username, the project title, your note, any attached photo, the category and subcategory, and the date posted.

Your email address is never displayed publicly. You can change a public log back to private at any time from the Project Journal view.

If you subscribe to the Homestead Weekly newsletter via the sign-up form on our home page, we collect your email address for that purpose only. You can unsubscribe at any time using the link in any newsletter email.

Rootstock uses browser local storage and session storage to maintain your login session and temporarily store generated project data within a session. We do not use third-party advertising cookies or tracking pixels.

Rootstock uses the following third-party services, each with their own privacy practices:

• Supabase — database and authentication
• Vercel — hosting and edge infrastructure
• Stripe — payment processing
• Groq — AI inference (primary)
• Google AI — AI inference (fallback)

We retain your account data for as long as your account is active. If you delete your account, your personal data will be removed from our database within 30 days. Public build log entries you have shared may be retained in anonymised form for a period after deletion.

You may request deletion of your account and associated data at any time by emailing us at support@rootstock.app.

Rootstock is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Depending on your location, you may have rights including:

• The right to access the personal data we hold about you.
• The right to correct inaccurate data.
• The right to request deletion of your data.
• The right to data portability.
• The right to object to or restrict certain processing.

To exercise any of these rights, contact us at support@rootstock.app. We will respond within 30 days.

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Continued use of Rootstock after changes are posted constitutes your acceptance of the revised policy.

If you have any questions or concerns about this Privacy Policy or how your data is handled, please contact us at support@rootstock.app.