Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account information: Your name, email address, phone number, and password (stored as a secure hash — we never store your actual password).
• Profile information: Username, profile photo.
• Seller information: Store name, business address, store description, logo, cover photo, product listings, pricing, availability schedule, and business licensing documents (for meat and dairy Sellers).
• Payment information: We do not store your credit card numbers or bank account numbers. All payment processing is handled by Stripe, which stores your payment information securely under their own privacy policy.
• Order information: Items ordered, quantities, pickup times, order notes, order history.
• Messages: Content of messages you send through our messaging features.
• Reviews and posts: Text, star ratings, and photos you include in reviews and community posts.
• Verification documents: If you are a Seller applying for meat or dairy verification, copies of the licensing documents you upload.

1.2 Information Collected Automatically

• Location data: When you grant permission, we collect your device's geographic coordinates to show you nearby Sellers. If you do not grant permission, you can search by address or city.
• Device information: Device type, operating system, app version, and push notification tokens.
• Usage data: Pages visited, features used, search queries, and interaction patterns.
• Cookies and similar technologies: We use cookies and local storage for session management, preferences, and cart persistence. When you accept cookies, the following services may collect data: Microsoft Clarity (session analytics), FirstPromoter (affiliate tracking), and Sentry (error monitoring under legitimate interest). We do not use advertising cookies.

1.3 Guest Checkout Data

If you check out as a guest, we collect your email address and phone number to create a temporary account. If you do not convert to a full account, your guest data is retained only as long as needed to complete your order.

2. How We Use Your Information

• Operate the Platform: Process orders, facilitate payments, enable messaging, display Seller listings on the map, and provide customer support.
• Communicate with you: Send order confirmations, pickup reminders, dispute notifications, and subscription reminders via email and push notifications.
• Improve the Platform: Analyze usage patterns to improve features and fix bugs.
• Ensure safety and security: Detect fraud, enforce our Terms of Service, and resolve disputes.
• Seller analytics: Provide Sellers with aggregated, anonymized data about their store performance.
• AI-powered features: We use Anthropic's Claude AI to analyze product images and generate descriptions. Product images sent to Anthropic for AI analysis are processed in real-time and are not retained by Anthropic or used for model training.
• Legal compliance: Comply with applicable laws and respond to legal requests.

We do not sell your personal information. We do not use your data for third-party advertising.

3. Who We Share Your Information With

3.1 Between Buyers and Sellers

When you place an order, the Seller receives your name, order details, pickup time, and any notes. After confirmation, you receive the Seller's full pickup address.

3.2 Service Providers

We use third-party services to operate the Platform:

3.3 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government request.

3.4 Business Transfers

If Rootly is acquired or merges, your information may be transferred. We will notify you of any such transfer.

4. Data Retention

• Active accounts: Data retained for as long as your account is active.
• Closed Seller accounts: Store data retained for 30 days (to allow reactivation), then permanently deleted.
• Guest accounts: Data retained only as long as needed to support the order.
• Order history: Retained for the life of your account and a reasonable period after closure.
• Messages: Retained for the life of the associated accounts.
• Verification documents: Retained while verification status is active, plus a reasonable period after store closure.
• Usage and analytics data: Usage and analytics data (analytics_events) is retained for 12 months and then automatically deleted.

5. Seller Address Privacy

To protect Seller privacy, we display only an approximate location on the public map — a fuzzy circle of about 0.2 miles around the Seller's general area, with the city and state shown. The Seller's full street address is revealed to a Buyer only after the Seller confirms that Buyer's order, for the purpose of pickup.

6. Your Rights and Choices

• Access and Correction: View and update your account information in your account settings.
• Deletion: Request deletion by contacting support@rootlymarket.com. We process requests within 30 days.
• Notification Preferences: Manage push notifications in device settings and in-app preferences. Transactional notifications for active orders cannot be disabled.
• Location Data: Disable location sharing in device settings at any time. You can search by address manually.
• Cookies: You can accept or decline non-essential cookies through the cookie consent banner. Essential cookies (session, cart, preferences) are always active. Disabling cookies may affect functionality.
• Data Portability: You may request a copy of your personal data in a portable format by contacting support@rootlymarket.com. We will provide your data within 30 days.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. When you accept cookies, the following services may collect data:

• Sentry: We use Sentry for error monitoring to improve app stability. Sentry collects error reports and stack traces without personally identifiable information. This operates under legitimate interest.
• Microsoft Clarity: We use Microsoft Clarity for session analytics, including heatmaps and session recordings, to improve user experience. This is only active after you accept cookies.
• FirstPromoter: We use FirstPromoter for affiliate and referral tracking. This is only active after you accept cookies.

You can manage your cookie preferences at any time using the cookie consent banner. Essential cookies for session management, cart persistence, and preferences are always active.

8. Data Processors

The following third-party data processors handle data on our behalf:

• Stripe — Payment processing, subscriptions, and payouts
• Supabase — Database hosting, authentication, and file storage
• Resend — Transactional email delivery
• Sentry — Error monitoring and application stability
• Microsoft Clarity — Session analytics and heatmaps
• FirstPromoter — Affiliate and referral tracking
• Mapbox — Geocoding and map display
• TaxCloud — Sales tax calculation, reporting, and filing

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

• Right to know: Request disclosure of the information we have collected about you.
• Right to delete: Request deletion of your personal information.
• Right to non-discrimination: We will not discriminate against you for exercising your rights.
• Right to opt out of sale: We do not sell personal information.

To exercise your CCPA rights, contact support@rootlymarket.com.

10. For European Union Users (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to access: You may request a copy of your personal data.
• Right to rectification: You may request correction of inaccurate data.
• Right to erasure: You may request deletion of your personal data.
• Right to data portability: You may request your data in a machine-readable format.
• Right to object: You may object to processing based on legitimate interests.
• Right to restrict processing: You may request restriction of processing in certain circumstances.

To exercise these rights, contact support@rootlymarket.com. We will respond within 30 days.

Legal basis for processing: Contract performance (orders), consent (analytics, AI features), legitimate interests (security, error monitoring).

11. Children's Privacy

Rootly is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children. Users must be at least 18 to create an account.

12. Data Security

We use industry-standard measures including encrypted connections (HTTPS/TLS), secure password hashing, Stripe PCI-DSS compliance for payments, Row-Level Security on our database, and access controls. No system is 100% secure.

13. Third-Party Links

The Platform may contain links to third-party websites. We are not responsible for their privacy practices.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 14 days before they take effect.

15. Contact Us

Rootly Marketplace, LLC
Email: support@rootlymarket.com
Website: rootlymarket.com