Privacy Policy
Effective Date: January 15, 2025
Last Updated: January 15, 2025
Introduction
RootWise ("we," "our," or "us") is committed to protecting your privacy and the privacy of your children. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (the "Service").
IMPORTANT: This app is designed for parents and caregivers. We are committed to full compliance with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect personal information from children under 13 without verified parental consent.
Information We Collect
Personal Information You Provide
- Account Information: Email address, password (encrypted), and profile information
- Child Profiles:
- What We Collect: Child's nickname (first name only) and date of birth
- How It's Used: We calculate your child's exact age for personalized content
- What We DON'T Collect: No last names, photos, medical information, contact details, or detailed profiles
- Communication Data: Messages and conversations with our AI chat feature
- Journal Entries: Personal reflections and notes you create in the app
- User Preferences: App settings, language preferences, and customization choices
Automatically Collected Information
- Usage Analytics: App usage patterns, feature interactions, and performance metrics (Firebase Analytics)
- Device Information: Device type, operating system, app version, and unique device identifiers
- Technical Data: Crash reports, error logs, and diagnostic information to improve app stability
Device Permissions
- Microphone Access (Optional):
- Purpose: Speech-to-text input for the AI chat feature
- How It Works: When you tap the microphone button in chat, your device's built-in speech recognition converts your voice to text
- Privacy Protection: Audio is processed entirely on your device - we do not record, store, or transmit audio recordings
- User Control: You can deny microphone permission and still use the app fully with keyboard text input
Children's Information (COPPA Compliance)
- Limited Collection: We collect only a child's nickname and date of birth from parents
- No Direct Collection: We do not collect personal information directly from children under 13
- Parental Control: Parents have full control over their child's profile information
- Privacy Protection:
- Stored encrypted on your device only
- Converted to age ranges (0-6 months, 6-12 months, 1-2 years, 2-4 years, 4-6 years, 6-12 years, 12-18 years) for all analytics
- Never used for advertising or marketing
- Never shared with third parties except as necessary for AI chat responses
How We Use Your Information
Primary Uses
- Personalized Experience: Provide age-appropriate parenting content and recommendations
- AI Chat Service: Deliver contextual parenting advice based on your child's age and development stage
- Speech Input: Enable optional voice input for chat through on-device speech recognition
- Content Delivery: Curate relevant articles, scripts for challenging moments, and meditation content
- App Improvement: Analyze usage patterns to enhance features and user experience
- Technical Support: Troubleshoot issues and provide customer support
Legal Basis for Processing (GDPR)
- Consent: Analytics and optional features require your explicit consent
- Contract Performance: Core app functionality necessary to provide our service
- Legitimate Interest: App improvement and security measures
Data Storage and Security
Encryption and Protection
- AES-256 Encryption: All personal data stored locally is encrypted with industry-standard AES-256 encryption
- Secure Storage: Encryption keys are stored securely using platform-specific secure storage systems
- Local Storage Priority: Most data is stored locally on your device, minimizing cloud exposure
- Firebase Security: Cloud data protected by Google Firebase's enterprise-grade security infrastructure
Data Retention
Specific Retention Periods
- Account Data: Retained until you delete your account or 2 years of inactivity
- Chat History: Stored on your device until you manually delete (no automatic expiration)
- Child Profiles: Retained until you delete them or delete your account
- Journal Entries: Stored on your device until you delete them (no automatic expiration)
- Analytics Data: 26 months (Firebase Analytics standard retention)
- Crash Reports: 90 days (Firebase Crashlytics standard retention)
- Email Communications: 3 years for legal compliance
Your Deletion Rights
- Immediate Deletion: Delete any data instantly through the app
- Account Deletion: Removes all your data from our systems
- Right to be Forgotten: Request complete data erasure by contacting privacy@rootwise.app
- Backup Deletion: Local device backups are also deleted with account deletion
Third-Party Services
Device Speech Recognition (On-Device)
- Purpose: Convert voice to text for chat input
- Data Processing: All speech processing happens locally on your device
- No Data Sharing: Audio is never transmitted to our servers or third parties
- Privacy Protection: Your device's operating system handles speech recognition privately
Firebase (Google)
- Purpose: Authentication, analytics, and crash reporting
- Data Shared: Email address, anonymized usage analytics, crash reports
- Privacy Policy: Firebase Privacy Policy
OpenAI (AI Chat Service)
What We Share with OpenAI
- Your Messages: The parenting questions and concerns you type in the chat
- Child Context: Your child's nickname and age in years (e.g., "Alex who is 4 years old")
- System Instructions: Our prompts that restrict responses to evidence-based parenting content only
How OpenAI Processes Your Data
- No Storage: OpenAI does not store or retain your conversation data
- Processing Only: Messages are processed in real-time to generate responses and then discarded
- Vector Store: Responses are restricted to our curated parenting knowledge base
- No Training: Your conversations are not used to train OpenAI's models
Your Control
- Local Storage: All chat conversations are stored encrypted on your device only
- Delete Anytime: You can clear chat history at any time from the chat screen
- Per-Child Separation: Each child's conversations are stored separately
- Privacy Policy: OpenAI Privacy Policy
Content Delivery
- GitHub Repository: App content is delivered from our secure GitHub repository
- No Personal Data: Only anonymous requests for content updates
Data Categories and Third-Party Sharing
Detailed Data Sharing Table
| Data Category | Firebase Auth | Firebase Analytics | Firebase Crashlytics | OpenAI | GitHub |
|---|---|---|---|---|---|
| Email Address | β Stored | β | β | β | β |
| Name/Profile | β Stored | β | β | β | β |
| Firebase UID | β Created | β User ID | β User ID | β | β |
| Child Nickname | β | β | β | β In prompts | β |
| Child Age | β | β Age ranges only | β | β Exact years | β |
| Chat Messages | β | β | β | β Processed | β |
| Usage Analytics | β | β Events | β | β | β |
| Crash Reports | β | β | β Logs | β | β |
| Device Info | β | β Anonymized | β Device type | β | β |
| Audio/Voice Input | β | β | β | β | β |
| Journal Entries | β | β | β | β | β |
| App Settings | β | β Language only | β | β | β |
Purpose of Data Sharing
| Third Party | Purpose | Legal Basis |
|---|---|---|
| Firebase Auth | User authentication and account management | Contract performance |
| Firebase Analytics | App improvement and usage insights | Consent (can opt-out) |
| Firebase Crashlytics | App stability and bug fixing | Legitimate interest |
| OpenAI | AI-powered parenting advice | Contract performance |
| GitHub | Content delivery (no personal data) | Contract performance |
Your Privacy Rights
Data Control
- Access: View all personal information we have about you
- Correction: Update or correct your personal information
- Deletion: Request complete deletion of your account and data
- Portability: Export your data in a machine-readable format
- Opt-Out: Disable analytics and optional data collection features
Analytics and Tracking Details
What We Track
- App Usage: Features used, time spent, navigation patterns
- Performance Metrics: Load times, response times, error rates
- Anonymized Demographics: Parent type, children count, age ranges (not exact ages)
- Crash Reports: Technical errors and app stability issues via Firebase Crashlytics
- No Session Recording: We do not record your screen or capture sensitive interactions
How to Opt-Out of Analytics
- In-App Control: Go to Settings β Privacy β Analytics and toggle off
- Immediate Effect: Analytics collection stops immediately upon opt-out
- Essential Functions: All app features remain fully functional without analytics
- Crash Reporting: You can separately disable crash reporting in the same settings
- Global Privacy Control: We honor browser "Do Not Track" signals and Global Privacy Control
What Happens When You Opt-Out
- No usage data is sent to Firebase Analytics
- Your Firebase UID is not associated with analytics events
- Essential security and authentication functions continue to work
- You can re-enable analytics at any time in settings
Children's Rights (COPPA)
- Parental Access: Parents can review any information collected about their children
- Deletion Rights: Request deletion of your child's information at any time
- Consent Withdrawal: Withdraw consent for data collection without affecting app access
International Users and Data Transfers
Cross-Border Data Transfers
When you use RootWise, your information may be transferred to and processed in countries other than your own, including the United States where our service providers are located.
Transfer Safeguards
- Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses for transfers from the EU/EEA
- Adequacy Decisions: Where applicable, we rely on adequacy decisions by the European Commission
- Privacy Shield: Although invalidated, we maintain Privacy Shield-level protections for all international transfers
- Documentation: Contact privacy@rootwise.app to request documentation of our transfer safeguards
GDPR Compliance (EU Users)
- Lawful Basis: We process personal data based on consent, contract performance, or legitimate interest
- Data Subject Rights: Full access, rectification, erasure, portability, and objection rights
- Data Protection Officer: Contact privacy@rootwise.app for GDPR-related inquiries
- EU Representative: Contact privacy@rootwise.app for EU-specific concerns
CCPA Compliance (California Residents)
- Consumer Rights: Right to know, delete, and opt-out of personal information sales
- No Sales: We do not sell personal information to third parties
- Non-Discrimination: Equal service regardless of privacy choices
- Appeal Process: If we deny your request, you may appeal within 30 days by contacting privacy@rootwise.app
Colorado Privacy Act (Colorado Residents)
- Consumer Rights: Access, correction, deletion, data portability, and opt-out rights
- Sensitive Data: We process children's data only with parental consent
- Appeal Process: Appeal any denied request within 30 days to privacy@rootwise.app
- Response Time: We will respond to your request within 45 days
Connecticut Data Privacy Act (Connecticut Residents)
- Consumer Rights: Access, correction, deletion, portability, and opt-out of targeted advertising
- No Targeted Advertising: We do not engage in targeted advertising
- Appeal Process: You may appeal denied requests by contacting privacy@rootwise.app
- Data Minimization: We limit data collection to what's necessary for our services
Virginia Consumer Data Protection Act (Virginia Residents)
- Consumer Rights: Access, correction, deletion, data portability, and opt-out rights
- Sensitive Data Processing: Children's data processed only with explicit parental consent
- Appeal Process: Appeal rights available for all denied requests
- No Discrimination: Equal service regardless of exercising privacy rights
Children's Privacy (COPPA Detailed Compliance)
Age Verification
- Parent-Controlled: Only parents/caregivers create accounts and manage child profiles
- Age Disclosure: Children's ages are used solely for age-appropriate content curation
- No Direct Contact: We never communicate directly with children under 13
Parental Consent and Control
- Profile Management: Parents have complete control over child profile creation and deletion
- Data Minimization: We collect only the minimum information necessary (age) for service functionality
- Consent Mechanism: Ongoing parental consent through account control and profile management
Children's Data Protection
- No Behavioral Advertising: We do not use children's information for advertising purposes
- Restricted Access: Children's information is not shared with third parties except as necessary for service operation
- Secure Processing: All children's data is processed with the highest security standards
Data Sharing and Disclosure
We Do Not Sell Your Data
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
Limited Sharing Scenarios
- Service Providers: Trusted partners who help us operate the app (Firebase, OpenAI) under strict privacy agreements
- Legal Requirements: When required by law, court order, or to protect safety and security
- Business Transfers: In the event of a merger or acquisition, with notification to users
Anonymized Analytics
- Aggregate Data: We may share anonymized, aggregate usage statistics for research and improvement purposes
- No Personal Identification: Shared data cannot be used to identify individual users or children
Cookies and Tracking
Limited Tracking
- No Web Cookies: As a mobile app, we do not use traditional web cookies
- Analytics Identifiers: Firebase uses anonymized identifiers for analytics purposes
- Advertising ID: We do not collect or use advertising identifiers
- Cross-App Tracking: We do not track you across other apps or websites
- Opt-Out Available: You can disable all tracking in Settings β Privacy β Analytics
Global Privacy Control
We respect Global Privacy Control (GPC) signals. If your device sends a GPC signal, we automatically:
- Disable analytics collection
- Limit data processing to essential functions only
- Honor your privacy preferences across all app features
Updates to This Policy
Notification of Changes
- Email Notification: Significant changes will be communicated via email
- In-App Notification: Important updates will be displayed when you open the app
- Continued Use: Continued use of the app after changes constitutes acceptance of the updated policy
Version Control
- Date Tracking: Each update includes the effective date and revision information
- Change Log: Material changes will be summarized for user clarity
Contact Information
Privacy Questions
- Email: privacy@rootwise.app
- Response Time: We will respond to privacy inquiries within 30 days
- COPPA Inquiries: For questions about children's privacy, contact privacy@rootwise.app
Data Requests
- Access Requests: Request a copy of your personal data
- Deletion Requests: Request complete account and data deletion
- Correction Requests: Update or correct your personal information
Appeal Process
If we deny your privacy rights request, you have the right to appeal:
- How to Appeal: Email privacy@rootwise.app within 30 days of denial
- Appeal Review: Appeals are reviewed by our privacy team leadership
- Response Time: We will respond to appeals within 45 days
- Further Rights: If unsatisfied, you may contact your local data protection authority
Regulatory Contacts
- GDPR: For EU users, contact our Data Protection Officer at privacy@rootwise.app
- CCPA: For California residents, contact privacy@rootwise.app
- COPPA: For children's privacy concerns, contact privacy@rootwise.app
Legal Jurisdiction
This Privacy Policy is governed by German law. Any disputes will be resolved in the courts of Munich, Germany.
By using RootWise, you acknowledge that you have read, understood, and agree to this Privacy Policy.
This privacy policy is designed to be transparent, comprehensive, and compliant with major privacy regulations including COPPA, GDPR, and CCPA. For questions about specific provisions or your privacy rights, please contact us using the information provided above.