Legal
Privacy Policy
Last updated: July 9, 2026
Rooted ("Rooted," "we," "us," or "our") is a holistic wellness app that helps you build daily routines across four areas of life — body, mind, purpose, and people. We know the information you share with Rooted is personal — your sleep, your movement, your moods, the people you care about. Protecting it is central to what we do. This Privacy Policy explains what we collect, why, how we use and protect it, and the rights you have over it.
This policy is provided by Marija Markauskaitė, based in Vilnius, Lithuania. For any privacy question or request, contact us at hello@approoted.co.
1. Who this policy is for
Rooted is intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.
2. What data we collect
Data you provide
- Account information: your email address (used to create and secure your account).
- Wellness inputs: the routines you build, mood and energy check-ins, journal entries, goals, bucket-list items, challenge reflections, and notes you choose to write.
- Relationship information: if you use the People features, the names, relationship labels, birthdays, important dates, and notes you add about people you care about, and a log of connections you record.
Health & fitness data (Apple Health / HealthKit)
- With your explicit permission, Rooted reads certain health and fitness data from Apple Health (HealthKit) — such as sleep, steps, and workouts — to reflect them in your app and to calculate your vitality insights.
- You control this access in your device's settings and can revoke it at any time.
- In line with Apple's requirements, health and fitness data obtained from HealthKit is never used for advertising or data mining, is never sold, and is never stored in iCloud.
Data collected automatically
- Basic usage & diagnostic data: limited technical information (such as app version, device type, and crash/error diagnostics) used to keep Rooted working and improve it.
- Subscription status: whether you hold an active subscription (see Payments below).
3. How we use your data
- To provide the app — showing your routines, calculating vitality, surfacing reminders and insights.
- To save your progress so it's there across sessions and if you reinstall.
- To operate subscriptions and account access.
- To fix problems, prevent abuse, and improve Rooted.
- To contact you about your account or important service changes, where necessary.
We do not sell or rent your personal data. We do not use your health data for advertising.
4. Legal bases (GDPR)
If you are in the European Economic Area or the UK, we process your personal data on these bases:
- Performance of a contract — to provide the app you've signed up for.
- Consent — for health data from HealthKit and any optional features; you can withdraw consent at any time.
- Legitimate interests — to keep the service secure, working, and improving, balanced against your rights.
- Legal obligation — where we must retain or disclose data to comply with the law.
5. Who we share data with
We share data only with service providers that help us run Rooted, under agreements that require them to protect it. These include:
- Google Firebase (Firebase Authentication & Cloud Firestore) — secure account sign-in and cloud storage of your app data.
- RevenueCat — management of subscriptions and purchase status. Payment itself is processed by Apple; we never see your full card details.
- Apple — app distribution and, via HealthKit, health data you choose to share (on your device, under your control).
We may also disclose data if required by law, or to protect the rights, safety, and security of our users and service.
6. Where your data is stored
Your data is stored on secure cloud infrastructure operated by our providers (including Google Firebase). Some providers may process data outside your country, including outside the EEA. Where that happens, appropriate safeguards (such as Standard Contractual Clauses) are applied. If you have a preference for where your data is processed, contact us.
7. How we protect your data
- Data is encrypted in transit (TLS) and at rest by our cloud providers.
- Access is restricted and account access is secured through Firebase Authentication.
- We apply reasonable administrative, technical, and organizational safeguards appropriate to the sensitivity of the data.
No system is perfectly secure, but we work to protect your data and will notify you and the relevant authorities of a breach where the law requires.
8. Your rights
You have control over your data. Within the app you can:
- Export your data — download a copy of your data from Settings.
- Delete your account — permanently delete your account and associated data from Settings.
- Revoke health access — turn off HealthKit sharing in your device settings at any time.
If you are in the EEA/UK, you also have the right to access, correct, restrict, or object to processing, and the right to data portability and to lodge a complaint with your local data protection authority. To exercise any right, use the in-app tools or contact hello@approoted.co.
9. Data retention & deletion
- We keep your data for as long as your account is active.
- When you delete your account, we delete your personal data from our active systems promptly.
- Residual copies may remain in secure backups for a limited period (up to 30 days) before being permanently overwritten.
10. Not medical advice
11. Changes to this policy
We may update this policy as Rooted evolves. We'll post the new version here with an updated date and, for significant changes, notify you in the app.
12. Contact
Questions or requests about your privacy? Contact hello@approoted.co.