Privacy Policy

Last updated: April 2026

Your health data belongs to you.

We do not sell your personal data. We do not share it with advertisers. We treat your health information with the highest level of care and use it only to provide and improve the Root service.

1. Who We Are

Root is operated by Optimal Healing Solutions, LLC, a limited liability company based in Mesa, Arizona. This Privacy Policy explains how we collect, use, and protect your information when you use our Service. By using Root, you agree to the practices described here.

2. Information We Collect

Account information:

  • Email address
  • Password (stored as a secure hash, never in plain text)
  • Account creation date

Health profile and conversation data:

  • Health intake questionnaire responses
  • Conversation history with the Root AI
  • Health goals, symptoms, and concerns you share
  • Lab values and reports you upload or enter

Payment information:

Payment processing is handled entirely by Stripe. We do not store your credit card numbers. We receive only a payment confirmation token and basic billing details (last 4 digits, card type, expiration) from Stripe. See Stripe's Privacy Policy for how they handle payment data.

Technical data:

  • Browser type and version
  • Device type and operating system
  • IP address (used for security, not marketing)
  • Pages visited and feature usage (aggregate, anonymized)

3. What We Do NOT Do

  • We do not sell your personal data or health information to any third party.
  • We do not share your data with advertisers or data brokers.
  • We do not use your health information for targeted advertising.
  • We do not share your data with government agencies or law enforcement without a lawful legal requirement (e.g., valid court order or subpoena).
  • We do not train AI models on your personally identifiable health data without your explicit consent.

4. How We Use Your Information

  • To provide the Root service — powering your AI health conversations and health profile.
  • To personalize AI responses based on your health intake and history.
  • To process your subscription and communicate billing information.
  • To send service-related emails (account confirmation, billing notices, product updates).
  • To improve the quality and accuracy of Root's AI responses (using aggregate, de-identified data).
  • To detect and prevent fraud, abuse, and security threats.

5. How We Store Your Data

Your data is stored in Supabase, a managed database platform with encryption at rest and in transit. Supabase infrastructure is hosted on AWS and meets SOC 2 Type II standards.

Payment data is stored and processed by Stripe, which is PCI DSS Level 1 certified — the highest level of payment security certification.

All data transmission between your browser and our servers uses TLS (HTTPS). We do not transmit health data over unencrypted connections.

6. Health Data — Our Highest Commitment

We understand that health information is among the most sensitive personal data that exists. We treat it accordingly.

HIPAA status: Root is not a covered entity under HIPAA, as we are not a healthcare provider, health plan, or healthcare clearinghouse. However, we voluntarily apply high security standards consistent with HIPAA's spirit: access controls, encryption, audit logging, and minimum necessary data access.

Access to your health data within our systems is restricted to what is strictly necessary to operate the Service. We do not have support staff who casually browse your health conversations.

7. Your Rights

You have the following rights regarding your data:

  • Access: You can view all health data, conversation history, and profile information stored in your account at any time.
  • Export: You can request an export of your data in a portable format. Contact privacy@rootdoctor.ai to request an export.
  • Correction: You can update or correct your health profile and account information at any time through your account settings.
  • Deletion: You can delete your account at any time. Upon deletion, your personal data will be permanently removed within 30 days.
  • Opt out: You can opt out of non-essential communications (product updates, newsletters) via the unsubscribe link in any email.

8. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription, your account and data remain accessible until the end of your current billing period.

When you delete your account, we will permanently delete your personal data — including health profile, conversation history, and lab data — within 30 days. Anonymized, aggregated data that cannot identify you may be retained for product improvement purposes.

Certain billing records may be retained for up to 7 years as required by applicable financial regulations.

9. Cookies

We use minimal cookies. We set only what is necessary for the Service to function — primarily authentication session cookies that keep you logged in. We do not use third-party advertising cookies or tracking pixels. You can configure your browser to block or delete cookies, though doing so may affect your ability to stay logged in.

10. Third-Party Services

We use the following third-party services to operate Root:

  • Supabase: Database and authentication infrastructure
  • Stripe: Payment processing
  • Anthropic (Claude AI): AI model powering health conversations
  • Vercel: Application hosting and infrastructure

Each of these providers has its own privacy policy. We select providers with strong data protection practices and enter into data processing agreements where required.

11. Children's Privacy

Root is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a user under 18, we will delete it promptly. If you believe a child has provided us with personal information, contact us at privacy@rootdoctor.ai.

12. Changes to This Policy

We may update this Privacy Policy as the Service evolves. We will notify you of material changes via email or a notice within the app at least 14 days before they take effect. Continued use after the effective date constitutes acceptance of the updated policy.

13. Contact

For questions, data requests, or privacy concerns, please contact our privacy team:

Optimal Healing Solutions, LLC

Mesa, Arizona

privacy@rootdoctor.ai

Back to homeTerms of Service →

Root is an educational health tool, not a substitute for medical advice. Always consult a qualified healthcare provider. Full disclaimer