Privacy Policy

Last Updated: 16 February 2026

1. Introduction

This Privacy Policy describes how MyRooted ("we," "us," or "our") collects, uses, and protects your personal information when you use the Rooted mobile application ("App"), website at myrooted.app ("Website"), and related services (collectively, the "Service").

We are committed to protecting your privacy. Your hair care data is personal and sensitive, and we treat it with the utmost care and respect.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account or use the Service, you may provide:

  • Display name (for example, "Sarah")
  • Email address (when creating an account)
  • Password (encrypted and never stored in plain text)
  • Age category (13-17 or 18+)
  • Hair care preferences (goals, routine preferences, care frequency)
  • Hair care logs (dates, actions performed, optional notes)
  • Photos of your hair (Premium users only)
  • Avatar customisation choices (skin tone, hair style)

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

  • Device information (device type, operating system, app version)
  • Usage data (features used, screens viewed, time spent in app)
  • Crash reports and error logs (to improve app stability)
  • Analytics data (aggregated and anonymised usage patterns)

2.3 Information We Do NOT Collect

We do not collect:

  • Your precise location or GPS data
  • Contacts from your device
  • Data from other apps on your device
  • Social media profiles or activity
  • Health data beyond what you explicitly log in the app

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Display your hair care patterns and insights
  • Send you reminders (if you enable notifications)
  • Process your Premium subscription (if applicable)
  • Respond to your support requests
  • Improve the Service through analytics and usage patterns
  • Detect and prevent fraud, abuse, or security issues
  • Comply with legal obligations

We do NOT use your data for advertising, marketing to third parties, or any purpose not directly related to providing the Service to you.

4. How We Protect Your Information

4.1 Security Measures

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using TLS/SSL
  • All data is encrypted at rest in our database
  • Photos are stored in encrypted cloud storage
  • Passwords are hashed and never stored in plain text
  • Access to user data is strictly limited to essential personnel
  • We use Firebase Authentication and Firestore, which comply with industry security standards

4.2 Your Photos

If you upload photos (Premium feature), they are:

  • Stored in encrypted cloud storage (Firebase Storage)
  • Never shared with anyone except you
  • Never used for any purpose other than displaying them to you
  • Permanently deleted when you delete your account or delete the photo

5. How We Share Your Information

5.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing or any other purpose.

5.2 Service Providers

We share limited data with trusted service providers who help us operate the Service:

  • Firebase (Google) for database, authentication, storage, and analytics
  • Apple App Store / Google Play Store for subscription payment processing
  • Crashlytics (Google) for error and crash reporting

These service providers are contractually obligated to protect your data and use it only for providing services to us.

5.3 Legal Requirements

We may disclose your information if required by law, such as:

  • To comply with a legal obligation, court order, or government request
  • To protect the rights, property, or safety of MyRooted, our users, or others
  • To detect, prevent, or address fraud, security, or technical issues

6. Your Privacy Rights

6.1 Access Your Data

You can view all your data within the App at any time. Premium users can export their data (logs and photos) from Settings.

6.2 Correct Your Data

You can edit your display name, email, goals, preferences, and logs directly in the App.

6.3 Delete Your Data

You can delete your account at any time from Settings > Delete Account. This will permanently delete all your data, including logs, photos, and account information. This action cannot be undone.

6.4 Opt Out of Analytics

You can disable analytics tracking in your device settings (iOS: Settings > Privacy > Analytics; Android: Settings > Google > Ads).

6.5 Unsubscribe from Notifications

You can disable notifications in the App (Settings > Notifications) or in your device settings.

7. Data Retention

We retain your data as follows:

  • Account data: Until you delete your account
  • Logs and photos: Until you delete them or delete your account
  • Analytics data: Aggregated and anonymised indefinitely for product improvement
  • Anonymous user data: Deleted after 30 days of inactivity (if no account created)

When you delete your account, we permanently delete all your personal data within 30 days. Aggregated, anonymised analytics data may be retained for product improvement purposes.

8. Children's Privacy (Ages 13-17)

Rooted is available to users aged 13 and older. We take special care to protect the privacy of users under 18.

For users aged 13-17:

  • We display a privacy notice during onboarding explaining our data practices
  • We collect only the minimum information necessary to provide the Service
  • We do not share data with third parties for marketing purposes
  • Parents or guardians can request deletion of their child's account by contacting us

Users under 13 are not permitted to use the Service. If we learn that we have collected personal information from a user under 13, we will delete that information as quickly as possible.

9. International Data Transfers

Your data is stored on servers located in the United Kingdom and European Union (Firebase europe-west2 region). If you access the Service from outside the UK/EU, your data may be transferred to and processed in the UK/EU. By using the Service, you consent to such transfers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

  • Sending an email to your registered email address (if you have provided one)
  • Displaying a prominent notice in the App
  • Updating the "Last Updated" date at the top of this policy

Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

11. Third-Party Services

11.1 Firebase (Google)

We use Firebase services (owned by Google) for authentication, database, storage, and analytics. Firebase's privacy practices are governed by Google's Privacy Policy, available at: https://policies.google.com/privacy

11.2 Apple App Store / Google Play Store

If you subscribe to Premium, your payment is processed by the Apple App Store or Google Play Store. Their privacy practices are governed by their respective privacy policies.

11.3 Links to External Sites

The Service may contain links to external websites (such as our support documentation). We are not responsible for the privacy practices of these external sites.

12. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how we use it
  • Request deletion of your personal information
  • Opt out of the sale of your personal information (we do not sell your information)

To exercise these rights, contact us at hello@myrooted.app or delete your account directly in the App.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, you have the right to:

  • Access your personal data
  • Rectify inaccurate personal data
  • Erase your personal data ("right to be forgotten")
  • Restrict processing of your personal data
  • Data portability (export your data)
  • Object to processing of your personal data
  • Withdraw consent at any time

To exercise these rights, contact us at hello@myrooted.app.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: hello@myrooted.app
Website: myrooted.app

For data protection inquiries specific to the UK/EU, you may also contact your local data protection authority.