RootRecord (“we”, “our”) provides RootRecord Business Manager (Windows desktop software) and rootrecord.info account and billing services. This policy describes what data we collect for online services, how optional desktop features interact with our servers, and your choices.
Overview
Local-first desktop: Your primary RootRecord Business Manager database file stays on your computer unless you move it. We do not receive the contents of that file over the network unless you use optional features (for example secure backup copy or sync) that explicitly transmit data you configure.
Web and account services: When you use rootrecord.info, we collect and process data as described below.
Data we collect
- Account data: You can create an account via our signup page (e.g. email, social login, or username and password). We store identifiers and a hashed version of your password where applicable; session cookies keep you signed in. Optional Telegram-linked accounts may store a Telegram user identifier. If you choose a key-storage method in Settings, we store that preference.
- Payment and billing data: Supporter payments are processed by Stripe. We do not store your full card number or card verification details. We store your subscription status, Stripe customer ID, and Stripe subscription ID so we can grant access, show your plan on the Billing page, and let you use “Manage subscription” (Stripe Customer Portal). Subscription data for lapsed accounts is retained for one year after the cycle end, then removed. Stripe’s privacy policy applies to payment data they collect and process.
- Monitoring data (web services): Data from devices and services you connect (e.g. solar or power statistics, weather via Open-Meteo, system metrics). This is stored in our database and shown in dashboards and reports. If you enable a public Power Statistics dashboard, the data you choose to share there is visible to anyone with the link.
- Desktop app and our servers: When you sign in, check license or subscription status, use sync, or use optional secure online backup copy, the app contacts our services over HTTPS. We process the minimum data needed for those features (for example account identity, license state, encrypted backup blobs where you enable backup). We do not use your local database contents for advertising.
- Page view and analytics: We log page views: path, referrer, IP address, user agent, and (when logged in) your account identifier. We use a persistent cookie to assign a unique visitor ID for traffic analysis. This cookie is HttpOnly, expires in one year, and is first-party only. We also capture UTM parameters for campaign attribution.
- Affiliate redirect pages: When you visit our Amazon affiliate redirect pages, we log: visitor ID, IP, account identifier if logged in, referring page, destination link, and whether you completed the redirect. The destination (Amazon) has its own privacy policy.
- Operation logs: Standard server logs (IP, path, timestamp) for operation and security.
How we use it
We use data to provide dashboards, reports, alerts, and automation; to maintain security and availability; and to improve our services. We do not sell your data.
For content you upload to online Services, our Terms of Service describe platform access for moderation, AI report generation, support, and compliance. Your privacy controls determine who else (other users, the public) can see your content where those controls exist.
AI report data and our own models
When you or the platform generates AI reports on online services, we send relevant inputs to an AI provider to produce the report. We save input/output pairs on our systems. We use this data to create, train, and improve our own AI models. We do not use it to sell your data or to train third-party commercial models. See our Terms of Service for contractual permission.
Sharing
We do not sell your data. We share data only as needed: with hosting and database providers; Stripe for payments; identity providers when you use those sign-in options; and service providers for features you use. Each third party’s privacy policy applies. We may disclose data when required by law.
Affiliate links
Some links (e.g. to Amazon) are affiliate links. Clicks may pass through our redirect pages before opening the external site. We log those visits as described above. If you make a qualifying purchase, we may earn a commission. See our Terms for more.
Cookies
- Session cookie: Keeps you signed in on the website. Expires when you close the browser or after inactivity.
- visitor ID: One-year identifier for traffic analysis. HttpOnly, first-party, not used for advertising. Clear cookies to reset.
Retention
We retain monitoring and log data as needed for the service and operational or legal purposes. Subscription data for lapsed accounts is stored for one year after the billing cycle ends, then purged. You may permanently delete your account from your profile where offered. See Terms of Service for billing rules. Local desktop files remain under your control until you delete them.
Security and infrastructure
We use industry-standard measures (hashed passwords, HTTPS, access control) for services we host. Our infrastructure may be off-grid or power-managed; scheduled unavailability (e.g. 12:00 a.m.–5:00 a.m. HST) is described in our Terms of Service.
Your choices
- Account: Manage your account and dashboards from your profile.
- Download your data: Download a copy of your account data (ZIP) from your profile before deleting, where available.
- Permanent deletion: Delete your account and associated online data from your profile where offered. May require password confirmation. Irreversible. Some data may remain in backups for a limited period.
- Desktop: Disable optional online features, sign out, or uninstall the application. Export or back up your local database before removal if you need copies.
- Cookies: Clear or block cookies in your browser. Blocking the session cookie prevents staying signed in.
Changes
We may update this policy. The “Last updated” date will change. Continued use after changes means you accept the updated policy.