Features How it Works Pricing Help Center Contact Us Sign In Get Started Free
Legal

Privacy Policy

Last updated: May 20, 2026

1. Overview

Rootz & Branches LLC is committed to protecting your family's privacy. This Privacy Policy explains how we collect, use, store and protect your personal information when you use our Service.

We never sell your data to third parties. Your family's memories stay in your family.

2. What We Collect

We collect the following information when you use Rootz & Branches LLC:

  • Account information — name, email address, date of birth, gender
  • Content you upload — photos, voice recordings, videos, timeline events, family tree data
  • Usage data — how you interact with the app, features you use
  • Device information — device type, operating system, app version
  • Payment information — processed securely through Stripe; we do not store card details

3. How We Use It

We use your information to:

  • Provide and improve the Service
  • Process payments and manage subscriptions
  • Send important account and service notifications
  • Respond to support requests
  • Ensure the safety and security of the Service

We do not use your content for advertising, AI training, or any purpose beyond providing the Service to you.

4. Data Storage

Your data is stored securely using industry-leading providers:

  • Database — Supabase with row-level security ensuring only authorized family members can access your data
  • Media files — Cloudflare R2 with encryption at rest and in transit
  • Payments — Stripe, a PCI-DSS compliant payment processor
  • Legacy Vault contents — AES-256 encrypted before storage; only decryptable by the vault owner

All data is encrypted in transit using TLS and encrypted at rest. Legacy Vault contents receive an additional layer of AES-256 application-level encryption.

5. Data Sharing

We do not sell, rent or trade your personal information to third parties. We share data only in the following limited circumstances:

  • With service providers who help us operate the Service (Supabase, Cloudflare, Stripe)
  • When required by law or to protect our legal rights
  • With your explicit consent

6. Data Retention

We retain your data for as long as your account is active. When you delete your account, your data is permanently deleted within 30 days, except where we are required by law to retain it.

Death Certificates:

Death certificates submitted for Legacy Vault release are subject to strict retention rules:

  • Certificates are only accessible by the admin responsible for verification
  • Certificates are permanently deleted immediately after the vault is released — no exceptions
  • Certificates are never downloaded, printed, forwarded, or stored outside the platform
  • A deletion confirmation is sent to the beneficiary after the certificate is removed
  • All certificate access is logged for security purposes

You can request a full export of your data at any time through Settings → Data.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Export your data in a portable format
  • Opt out of non-essential communications

To exercise any of these rights, contact us at privacy@rootzandbranches.com.

8. Children's Privacy

Rootz & Branches LLC requires a minimum age of 13. We take special care to protect the privacy of younger users. Please see our COPPA Policy for full details on how we handle data for users under 18.

9. Legacy Vault & Sensitive Data

Legacy Vault contents are treated with the highest level of privacy protection:

  • Vault contents are encrypted with AES-256 and are completely private — not visible to any family member, household admin, or platform staff while the owner is living
  • Death certificates contain highly sensitive Personally Identifiable Information (PII) and are handled with the utmost care
  • Only the designated platform admin may access a submitted death certificate, solely for the purpose of verification
  • In the event of a data breach involving a death certificate, the affected beneficiary will be notified immediately
  • Vault contents are only accessible to the designated beneficiary after the full release process is complete
  • Funeral Plan data including personal information, insurance details and service preferences is private and only accessible to you and your designated recipient
  • Funeral home links are secured with a unique token and expire after 72 hours
  • Funeral Plan data is never shared with funeral homes directly — only via the secure link you choose to generate and share

10. Contact Us

If you have questions about this Privacy Policy please contact us at:

Rootz & Branches LLC — Privacy
Email: privacy@rootzandbranches.com
Website: rootzandbranches.com