RootRecord ("we", "our") provides monitoring, dashboards, and automation services. This policy describes what data we collect, how we use it, and your choices.
Overview
RootRecord provides monitoring, dashboards, and automation. This policy describes what data we collect, how we use it, and your choices.
Data we collect
- Account data: You can create an account via our signup page (e.g. email, social login, or username and password). We store identifiers and a hashed version of your password where applicable; session cookies keep you signed in. Optional Telegram-linked accounts may store a Telegram user identifier. If you choose a key-storage method in Settings, we store that preference.
- Payment and billing data: Supporter payments are processed by Stripe. We do not store your full card number or card verification details. We store your subscription status, Stripe customer ID, and Stripe subscription ID so we can grant access, show your plan on the Billing page, and let you use "Manage subscription" (Stripe Customer Portal). Subscription data for lapsed accounts is retained for one year after the cycle end, then removed. Stripe's privacy policy applies to payment data they collect and process.
- Monitoring data: Data from devices and services you connect (e.g. solar/power statistics via EcoFlow, weather via Open-Meteo, system metrics). This is stored in our database and shown in dashboards and reports. If you enable a public Power Statistics dashboard, the data you choose to share there is visible to anyone with the link.
- Page view and analytics: We log page views: path, referrer, IP address, user agent, and (when logged in) your account identifier. We use a persistent cookie (
_rr_vid) to assign a unique visitor ID for traffic analysis. This cookie is HttpOnly, expires in one year, and is first-party only. We also capture UTM parameters for campaign attribution. - Affiliate redirect pages: When you visit our Amazon affiliate redirect pages, we log: visitor ID, IP, account identifier if logged in, referring page, destination link, and whether you completed the redirect. The destination (Amazon) has its own privacy policy.
- Operation logs: Standard server logs (IP, path, timestamp) for operation and security.
How we use it
We use data to provide dashboards, reports, alerts, and automation; to maintain security and availability; and to improve our services. We do not sell your data.
RootRecord can access all posts, reports, and content you provide regardless of your privacy settings. Your privacy controls determine who else (other users, the public) can see your content; the platform retains access for moderation, AI report generation, support, and compliance.
AI report data and our own models
When you or the platform generates AI reports, we send relevant inputs to an AI provider to produce the report. We save input/output pairs on our systems. We use this data to create, train, and improve our own AI models. We do not use it to sell your data or to train third-party commercial models. See our Terms of Service for contractual permission.
Sharing
We do not sell your data. We share data only as needed: with hosting and database providers; Stripe for payments; identity providers when you use those sign-in options; and service providers for features you use. Each third party's privacy policy applies. We may disclose data when required by law.
Affiliate links
Some links (e.g. to Amazon) are affiliate links. Clicks may pass through our redirect pages before opening the external site. We log those visits as described above. If you make a qualifying purchase, we may earn a commission. See our Terms for more.
Cookies
- Session cookie: Keeps you signed in. Expires when you close the browser or after inactivity.
- _rr_vid (visitor ID): One-year identifier for traffic analysis. HttpOnly, first-party, not used for advertising. Clear cookies to reset.
Retention
We retain monitoring and log data as needed for the service and operational/legal purposes. Subscription data for lapsed accounts is stored for one year after the billing cycle ends, then purged. You may permanently delete your account from your profile. See Terms of Service for billing rules.
Security and infrastructure
We use industry-standard measures (hashed passwords, HTTPS, access control). Our infrastructure may be off-grid or power-managed; scheduled unavailability (e.g. 12:00 a.m.–5:00 a.m. HST) is described in our Terms of Service.
Your choices
- Account: Manage your account and dashboards from your profile.
- Download your data: Download a copy of your account data (ZIP) from your profile before deleting.
- Permanent deletion: Delete your account and all associated data from your profile. Requires password confirmation. Irreversible. Some data may remain in backups for a limited period.
- Cookies: Clear or block cookies in your browser. Blocking the session cookie prevents staying signed in.
Changes
We may update this policy. The "Last updated" date will change. Continued use after changes means you accept the updated policy.