Privacy Policy
Effective Date: March 23, 2026 · Last Updated: March 23, 2026
Rootly Marketplace, LLC (“Rootly,” “we,” “us,” or “our”) operates the Rootly marketplace platform at rootlymarket.com and through our mobile applications. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what choices you have.
We have written this policy in plain English because we believe you should actually be able to understand it.
1. Information We Collect
1.1 Information You Provide
- Account information: Your name, email address, phone number, and password (stored as a secure hash — we never store your actual password).
- Profile information: Username, profile photo.
- Seller information: Store name, business address, store description, logo, cover photo, product listings, pricing, availability schedule, and business licensing documents (for meat and dairy Sellers).
- Payment information: We do not store your credit card numbers or bank account numbers. All payment processing is handled by Stripe, which stores your payment information securely under their own privacy policy.
- Order information: Items ordered, quantities, pickup times, order notes, order history.
- Messages: Content of messages you send through our messaging features.
- Reviews and posts: Text, star ratings, and photos you include in reviews and community posts.
- Verification documents: If you are a Seller applying for meat or dairy verification, copies of the licensing documents you upload.
1.2 Information Collected Automatically
- Location data: When you grant permission, we collect your device's geographic coordinates to show you nearby Sellers. If you do not grant permission, you can search by address or city.
- Device information: Device type, operating system, app version, and push notification tokens.
- Usage data: Pages visited, features used, search queries, and interaction patterns.
- Cookies: We use cookies and local storage for session management, preferences, and cart persistence. We do not use advertising cookies or third-party tracking cookies.
1.3 Guest Checkout Data
If you check out as a guest, we collect your email address and phone number to create a temporary account. If you do not convert to a full account, your guest data is retained only as long as needed to complete your order.
2. How We Use Your Information
- Operate the Platform: Process orders, facilitate payments, enable messaging, display Seller listings on the map, and provide customer support.
- Communicate with you: Send order confirmations, pickup reminders, dispute notifications, and subscription reminders via email and push notifications.
- Improve the Platform: Analyze usage patterns to improve features and fix bugs.
- Ensure safety and security: Detect fraud, enforce our Terms of Service, and resolve disputes.
- Seller analytics: Provide Sellers with aggregated, anonymized data about their store performance.
- AI-powered features: We use Anthropic's Claude AI to analyze product images and generate descriptions. Images submitted to AI features are processed by Anthropic's API and are not used to train AI models.
- Legal compliance: Comply with applicable laws and respond to legal requests.
We do not sell your personal information. We do not use your data for third-party advertising.
3. Who We Share Your Information With
3.1 Between Buyers and Sellers
When you place an order, the Seller receives your name, order details, pickup time, and any notes. After confirmation, you receive the Seller's full pickup address.
3.2 Service Providers
We use third-party services to operate the Platform:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payments, subscriptions, payouts, tax | Payment info, transactions, names, email |
| Supabase | Database, auth, storage, realtime | Account data, messages, orders, files |
| Vercel | Website hosting | IP address, request data |
| Resend | Transactional email | Email address, email content |
| Mapbox | Map display, address search | Approximate location, search queries |
| Anthropic | AI product analysis | Product images (only when Seller uses AI features) |
| Expo | Push notifications, app distribution | Push tokens, device type |
| Apple / Google | App distribution, authentication | Email, name (from auth provider) |
| FirstPromoter | Affiliate tracking | Subscription data, referral source |
3.3 Legal Requirements
We may disclose your information if required by law, subpoena, court order, or government request.
3.4 Business Transfers
If Rootly is acquired or merges, your information may be transferred. We will notify you of any such transfer.
4. Data Retention
- Active accounts: Data retained for as long as your account is active.
- Closed Seller accounts: Store data retained for 30 days (to allow reactivation), then permanently deleted.
- Guest accounts: Data retained only as long as needed to support the order.
- Order history: Retained for the life of your account and a reasonable period after closure.
- Messages: Retained for the life of the associated accounts.
- Verification documents: Retained while verification status is active, plus a reasonable period after store closure.
5. Seller Address Privacy
To protect Seller privacy, we display only an approximate location on the public map — a fuzzy circle of about 0.2 miles around the Seller's general area, with the city and state shown. The Seller's full street address is revealed to a Buyer only after the Seller confirms that Buyer's order, for the purpose of pickup.
6. Your Rights and Choices
- Access and Correction: View and update your account information in your account settings.
- Deletion: Request deletion by contacting support@rootlymarket.com. We process requests within 30 days.
- Notification Preferences: Manage push notifications in device settings and in-app preferences. Transactional notifications for active orders cannot be disabled.
- Location Data: Disable location sharing in device settings at any time. You can search by address manually.
- Cookies: Our cookies are functional only (session, cart, preferences). No advertising cookies. Disabling cookies may affect functionality.
7. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the CCPA:
- Right to know: Request disclosure of the information we have collected about you.
- Right to delete: Request deletion of your personal information.
- Right to non-discrimination: We will not discriminate against you for exercising your rights.
- Right to opt out of sale: We do not sell personal information.
To exercise your CCPA rights, contact support@rootlymarket.com.
8. Children's Privacy
Rootly is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children. Users must be at least 18 to create an account.
9. Data Security
We use industry-standard measures including encrypted connections (HTTPS/TLS), secure password hashing, Stripe PCI-DSS compliance for payments, Row-Level Security on our database, and access controls. No system is 100% secure.
10. Third-Party Links
The Platform may contain links to third-party websites. We are not responsible for their privacy practices.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes at least 14 days before they take effect.
12. Contact Us
Rootly Marketplace, LLC
Email: support@rootlymarket.com
Website: rootlymarket.com