Roott Privacy Policy
1. Purpose of This Policy
This Privacy Policy explains how Roott Ltd (“Roott,” “we,” “our,” or “us”) collects, uses, stores, and protects your personal data when you visit www.roott.one or use our online platform (“Service”).
Roott is committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data We Collect
We collect only the information necessary to operate and improve our Service:
a. Information You Provide
Name, email address, and contact details when creating an account
Organization name and role
Payment information (processed securely by our payment partner, e.g., Paddle or Stripe)
Content you upload (e.g., grant drafts, notes, attachments)
Messages or inquiries sent to our support team at team@roott.one
b. Information We Automatically Collect
When you use Roott, we automatically collect:
Log and usage data (pages visited, features used, session duration)
Device and browser information
IP address and approximate location (for security and analytics)
Cookies and similar tracking technologies (see Section 10)
c. AI-Generated and Processed Data
Our AI tools process text that you input to generate draft applications or funding suggestions.
This data may be temporarily stored to provide outputs, but we do not use your private data to train external AI models.
3. How We Use Your Information
We use your information to:
Provide and improve our platform and its features
Personalize your experience and recommend relevant funding opportunities
Process payments and manage your subscription
Communicate with you about your account, billing, or updates
Detect, prevent, and address fraud or technical issues
Comply with legal obligations
We will never sell your personal data.
4. Legal Basis for Processing
Under the UK GDPR, we rely on the following lawful bases:
Contractual necessity – to provide the Service you sign up for
Legitimate interest – to improve features and prevent misuse
Consent – for marketing emails or cookies
Legal obligation – to comply with tax, accounting, and regulatory requirements
5. How We Share Information
We may share limited data with:
Payment processors (Paddle, Stripe, or Lemon Squeezy) for billing
Hosting and analytics providers (e.g., AWS, Google Analytics, OpenAI API)
Compliance and legal partners if required by law or court order
All third-party providers are GDPR-compliant and bound by strict data-processing agreements.
We do not sell or rent your data to advertisers or other third parties.
6. International Data Transfers
Some service providers operate outside the UK/EEA (e.g., U.S.).
Where data is transferred internationally, we ensure appropriate safeguards such as:
Standard Contractual Clauses (SCCs) approved by the UK ICO
Binding corporate rules or equivalent protections
7. Data Retention
We keep your information only as long as needed to:
Maintain your account and provide the Service
Comply with legal or accounting obligations
When your account is deleted or inactive for more than 24 months, we securely erase or anonymize your data.
8. Your Rights
Under the UK GDPR, you have the right to:
Access the data we hold about you
Correct inaccurate or outdated information
Request deletion (“right to be forgotten”)
Object to processing or withdraw consent
Request data portability
To exercise these rights, email us at team@roott.one.
We will respond within 30 days.
9. Data Security
We take security seriously.
Measures include:
Encrypted data transmission (HTTPS/TLS)
Secure cloud infrastructure with restricted access
Regular vulnerability scans and backups
Limited employee access to personal data
However, no online service can guarantee absolute security. Use strong passwords and keep your credentials confidential.
10. Cookies and Tracking
Roott uses cookies and similar technologies to:
Remember your login preferences
Improve platform performance
Analyse anonymous usage statistics
You can adjust or reject cookies via your browser settings.
For full details, see our Cookie Policy at www.roott.one/cookies (coming soon).
11. AI Data Handling Transparency
Roott’s AI tools use secure APIs (e.g., OpenAI or similar) to generate draft content.
Input text is processed only for generating your requested output and is not stored beyond session context, except where saved in your account.
We do not use customer data to retrain third-party models.
If you choose to delete a draft or your account, all stored AI outputs and inputs linked to your profile are permanently removed.
12. Children’s Data
Our Service is intended for users aged 18 and over.
We do not knowingly collect data from minors.
If you believe a child has provided us data, contact team@roott.one for immediate deletion.
13. Marketing Communications
With your consent, we may send updates about Roott, funding insights, or new features.
You can unsubscribe anytime by clicking “unsubscribe” in the email or contacting us directly.
14. Updates to This Policy
We may update this Privacy Policy from time to time.
Changes will be posted at www.roott.one/privacy with a revised effective date.
Continued use of the Service after updates means you accept the revised policy.
15. Contact Us
If you have any questions, concerns, or data requests, please contact:
📧 Email: team@roott.one
🏢 Address: Roott Ltd, 26 Waterside Court, Millpond Place, Carshalton, SM5 2JT, United Kingdom
🌐 Website: www.roott.one