Legal · Document 002

Privacy Policy

How we collect, use, disclose, and protect information about you when you use RootPit. Read this together with our Terms of Service.

Effective May 15, 2026 · Last updated May 15, 2026

1. Introduction

RootPit ("we," "us," or "our") operates the discovery and listing platform available at rootpit.com (the "Platform"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use the Platform.

Please read this Privacy Policy carefully. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this document. If you do not agree with this Privacy Policy, do not use the Platform.

This Privacy Policy should be read together with our Terms of Service, which govern your use of the Platform.

RootPit is not affiliated with, endorsed by, or officially connected to Root, Rootapp, Inc., or any of their subsidiaries or affiliates. We are an independent third-party platform.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you provide when you interact with the Platform, including:

Account Registration

  • Username or display name
  • Email address
  • Password (stored in hashed, salted form — never in plaintext)
  • Optional profile information (avatar, bio, website URL)

Listing Submissions

  • App, Bot, or Community name and description
  • Icons, screenshots, and other listing assets
  • Contact email associated with the listing
  • URLs and metadata about the listed product
  • Categorization and tag information you select

Communications

  • Content of messages or inquiries sent to our support team
  • Feedback or survey responses you voluntarily submit

Payment Information

  • Billing name and address
  • Payment card details — processed exclusively by our third-party payment processor (Stripe, Inc.) and not stored on RootPit servers
  • Transaction history and subscription status

2.2 Information Collected Automatically

When you use the Platform, we and our service providers automatically collect certain technical and usage information:

Log Data

  • IP address
  • Browser type and version
  • Operating system
  • HTTP request headers
  • Pages visited and time spent on each page
  • Referring URLs
  • Date and time of each request

Device Information

  • Device type (desktop, mobile, tablet)
  • Screen resolution
  • Browser language and timezone

Cookies and Similar Technologies

  • Session cookies (essential for login state and security)
  • Preference cookies (to remember your display settings)
  • Analytics cookies (to understand Platform usage in aggregate)

For detailed information on cookies, see Section 8 below.

Usage Data

  • Search queries entered on the Platform
  • Listings viewed, voted on, or added to collections
  • Features used and interactions performed within the Platform

2.3 Information from Third Parties

OAuth Sign-In Providers If you choose to register or sign in using a third-party authentication provider (such as GitHub or Discord), we receive limited profile information from that provider, typically: your unique identifier from that provider, display name, email address, and profile picture URL. We do not receive your password from these providers. Your use of third-party sign-in is also governed by that provider's privacy policy.

Root Ecosystem Data We may display publicly available metadata about Root Apps, Bots, and Communities sourced from publicly accessible Root platform endpoints. We do not collect private Root account data.

3. How We Use Your Information

We use the information we collect for the following purposes:

Operating the Platform

  • Creating and managing your account
  • Processing and displaying listing submissions
  • Recording and displaying votes and reviews
  • Enabling search and discovery functionality
  • Processing payments for Paid Services

Communications

  • Sending transactional emails (account confirmation, password reset, payment receipts)
  • Responding to support inquiries and bug reports
  • Notifying you of material changes to our Terms of Service or Privacy Policy
  • Sending optional product updates and newsletters (only with your consent; unsubscribable at any time)

Safety and Security

  • Detecting and preventing fraudulent activity, vote manipulation, and abuse
  • Enforcing our Terms of Service
  • Protecting the rights, property, and safety of RootPit, our users, and the public
  • Investigating and resolving disputes

Platform Improvement

  • Analyzing aggregate usage patterns to improve Platform features and performance
  • Debugging and resolving technical issues
  • Conducting internal analytics and research to understand how the Platform is used

Legal Compliance

  • Complying with applicable laws, regulations, legal processes, and governmental requests
  • Establishing, exercising, or defending legal claims

We do not sell your personal information to third parties. We do not use your personal information to display third-party targeted advertising on the Platform.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share your information only in the following circumstances:

4.1 Public Information

The following information is publicly visible on the Platform by default:

  • Your username and public profile information
  • Listing submissions you have made
  • Your votes (displayed as aggregate vote counts, not individually attributed by default)
  • Public reviews and comments you post

You may adjust certain privacy preferences in your account settings.

4.2 Service Providers

We share information with trusted third-party service providers who assist us in operating the Platform, subject to confidentiality obligations and prohibited from using your data for their own purposes:

ProviderPurposeData Shared
Stripe, Inc.Payment processingBilling name, address, payment card data
Vercel, Inc.Platform hosting and infrastructureLog data, request data
Analytics providerAggregate usage analyticsAnonymized/pseudonymized usage data
Email delivery providerTransactional and notification emailsEmail address, name

4.3 Legal Requirements

We may disclose your information if we believe in good faith that such disclosure is necessary to:

  • Comply with a legal obligation, court order, subpoena, or governmental request
  • Protect and defend the rights or property of RootPit
  • Prevent or investigate possible wrongdoing in connection with the Platform
  • Protect the personal safety of users or the public
  • Protect against legal liability

We will notify you of such requests where legally permitted to do so.

4.4 Business Transfers

If RootPit is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a materially different privacy policy.

4.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specifically:

Data TypeRetention Period
Account informationUntil account deletion + 30 days
Listing submissionsUntil listing removal + 90 days
Payment records7 years (tax and legal compliance)
Server log data90 days rolling
Support correspondence3 years from last interaction
Deleted account data30 days, then permanently deleted

After the applicable retention period, we will securely delete or anonymize your information.

6. Your Rights and Choices

Depending on your location, you may have the following rights with respect to your personal information. To exercise any of these rights, contact us at privacy@rootpit.com.

6.1 Access

You may request a copy of the personal information we hold about you.

6.2 Correction

You may request correction of inaccurate or incomplete personal information. You can also update most information directly in your account settings.

6.3 Deletion

You may request deletion of your personal information. We will delete or anonymize your information within 30 days of a verified request, except where retention is required by law or necessary to resolve pending disputes or enforce our agreements.

6.4 Data Portability

Where technically feasible, you may request a machine-readable export of personal information you have provided to us.

6.5 Objection and Restriction

You may object to or request restriction of processing of your personal information in certain circumstances, including for direct marketing purposes.

6.6 Email Communications

You may opt out of non-essential email communications (newsletters, product updates) at any time by clicking the unsubscribe link in any such email or updating your notification preferences in your account settings. Transactional emails (password resets, payment confirmations, security alerts) cannot be disabled.

6.7 Cookie Preferences

You may manage cookie preferences through your browser settings or our cookie preference center. Note that disabling certain cookies may limit Platform functionality.

We will respond to all verifiable requests within 30 days. In exceptional cases, we may extend this period by an additional 60 days and will notify you of any such extension.

7. Children's Privacy

The Platform is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 13, please contact us at privacy@rootpit.com.

8. Cookies and Tracking Technologies

8.1 What We Use

We use the following categories of cookies and similar technologies:

Strictly Necessary Cookies Required for the Platform to function. These include session authentication tokens and CSRF protection tokens. Cannot be disabled without breaking core functionality.

Functional Cookies Remember your preferences and settings (e.g., display mode, sort order). Can be disabled, but doing so resets preferences on each visit.

Analytics Cookies Help us understand how the Platform is used in aggregate — which pages are most visited, where users encounter errors, etc. Data is pseudonymized. You may opt out without affecting Platform functionality.

We do not use advertising cookies or third-party tracking pixels for behavioral advertising.

8.2 Managing Cookies

You can control cookies through:

  • Your browser's built-in settings (typically under Privacy or Security)
  • Our cookie preference center, accessible from the footer of any page

8.3 Do Not Track

Our Platform does not currently respond to browser Do Not Track signals, as there is no established industry standard for honoring such signals. We will revisit this position if a standard is adopted.

9. Data Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction, including:

  • TLS encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Bcrypt hashing for passwords with individual salts
  • Role-based access controls limiting employee access to personal data
  • Regular security reviews and vulnerability assessments
  • Third-party payment processing (we never store raw payment card data)

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal information using commercially reasonable standards, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you as required by applicable law.

10. International Data Transfers

RootPit operates from the United States. If you are located outside of the United States, your information will be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated.

By using the Platform, you consent to the transfer of your information to the United States. We implement appropriate safeguards to protect your information when it is transferred internationally, including the use of standard contractual clauses where required.

10.1 Users in the European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation. Our legal bases for processing your personal information are:

  • Contract performance: Processing necessary to provide the Platform and fulfill our agreement with you (account creation, listing management, payment processing)
  • Legitimate interests: Processing for fraud prevention, platform security, product improvement, and direct marketing to existing users — where our interests are not overridden by your rights
  • Legal obligation: Processing required to comply with applicable law
  • Consent: Processing for optional communications and non-essential analytics cookies

You may lodge a complaint with your local data protection authority if you believe our processing of your personal information violates applicable law.

10.2 Users in California

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you additional rights, including the right to know, delete, correct, and opt out of the sale or sharing of personal information. As stated in this Policy, we do not sell or share your personal information for cross-context behavioral advertising. To exercise your rights, contact privacy@rootpit.com.

11. Third-Party Links

The Platform contains links to third-party websites and services, including rootapp.com. This Privacy Policy does not apply to third-party sites. We encourage you to review the privacy policies of any third-party services you visit through links on our Platform.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this document and provide notice through the Platform or via email, as required by applicable law. Your continued use of the Platform after any change constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

RootPit Privacy Team Email: privacy@rootpit.com General inquiries: hello@rootpit.com Website: rootpit.com/legal/privacy

We aim to respond to all privacy-related inquiries within 5 business days and will fully resolve all verifiable requests within 30 days.

RootPit is an independent platform. "Root" and the Root logo are trademarks of their respective owners. RootPit is not affiliated with, endorsed by, or in any way officially connected with Root or Rootapp, Inc.