1. Information We Collect

Root AI collects the following information when you use our service:

• Account Information: Name, email address, and password (hashed) provided during registration.
• Conversation Content: Messages you send, AI responses, and any files you upload during conversations (including code, PDFs, images, documents, and archives).
• Usage Data: AI models selected, number of requests made, features used (DeepSearch, image generation, voice input/output), and timestamps of interactions.
• Device & Browser Information: Browser type, operating system, IP address, and session identifiers used for authentication and security purposes.
• Memory Data: User preferences, facts, and context stored by the AI memory system across conversations, which you can view and delete at any time.
• Voice Data: When you use voice input, audio is processed for speech-to-text conversion. Audio data is not permanently stored.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and improve the Root AI assistant service
• To process your requests through our integrated AI models (DeepSeek, GPT, Claude, and Gemini)
• To maintain conversation history, allowing you to revisit and continue previous conversations
• To power the cross-conversation memory feature for personalized responses
• To perform web searches when DeepSearch is enabled by you
• To generate and edit images based on your text descriptions
• To analyze uploaded files and provide relevant insights
• To enforce usage limits, rate limiting, and prevent abuse of the platform
• To send essential account-related communications (e.g., password resets)
• To maintain platform security and detect unauthorized access

3. Data Storage & Security

Your data is stored on secure servers with industry-standard protections. We implement the following security measures to safeguard your information:

• Encryption: All sessions are encrypted. Passwords are hashed using secure one-way algorithms and are never stored in plain text.
• Private File Storage: Uploaded files are stored in private server storage accessible only to your authenticated account. Files are not publicly accessible.
• Access Control: Role-based access control (RBAC) ensures users can only access their own data. Admin, Pro, and Free roles have distinct permission levels.
• Rate Limiting: Request rate limiting is enforced to protect against abuse, denial-of-service attacks, and excessive resource consumption.
• Input Validation: All user inputs are validated and sanitized to prevent injection attacks and malicious payloads.
• CSRF Protection: Cross-site request forgery tokens are used on all forms to prevent unauthorized actions.

4. Third-Party AI Models & Services

Root AI integrates with multiple third-party AI providers to deliver its services. When you send a message, your conversation content is transmitted to the AI model you have selected. Each provider has its own privacy policy and data handling practices. We encourage you to review their documentation:

Web Search: When DeepSearch is enabled, your search queries may be sent to third-party search engines to retrieve real-time web results. Only the search query is transmitted — not your full conversation history.

Image Generation: Image generation requests are processed by the nano-banana model. Your text prompt is sent to generate or edit images as requested.

5. Cookies & Local Storage

Root AI uses the following browser storage mechanisms:

• Session Cookies: Essential cookies for user authentication and maintaining your logged-in session. These are strictly necessary for the service to function.
• CSRF Tokens: Security cookies to protect against cross-site request forgery attacks.
• Local Storage: Used to store your theme preferences (light/dark mode), voice settings, sidebar state, and other UI preferences locally in your browser.
• No Tracking Cookies: Root AI does not use third-party tracking cookies, advertising cookies, or analytics cookies. We do not track you across other websites.

6. Your Rights

You have the following rights regarding your personal data:

• Access: You can access and view all your conversation data, uploaded files, and stored memory items at any time through your account.
• Export: You can export your conversations in multiple formats including Markdown, HTML, and JSON.
• Deletion: You can delete individual conversations, uploaded files, and memory items. You can also request deletion of your entire account and all associated data.
• Memory Control: You can view, manage, and clear your AI memory (stored preferences and facts) at any time from your profile settings.
• Rectification: You can update your account information (name, email, password) through your profile settings.
• Restriction: You can choose which AI models to use and whether to enable features like DeepSearch, voice input, and memory.

7. Data Retention

Your data is retained for as long as your account is active and you choose to keep it. Specific retention policies include:

• Conversations: Stored until you delete them or delete your account.
• Uploaded Files: Stored until you delete them, delete the associated conversation, or delete your account.
• Memory Items: Stored until you clear them or delete your account.
• Account Data: Retained while your account exists. Upon account deletion, all associated data (conversations, files, memory, preferences) is permanently removed.
• Voice Data: Audio from voice input is processed in real-time and is not permanently stored on our servers.

8. Children's Privacy

Root AI is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can take appropriate action to remove that information. If we become aware that we have collected personal data from a child under 13 without verified parental consent, we will take steps to delete that information promptly.

9. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, features, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this privacy policy periodically to stay informed about how we protect your data. Continued use of Root AI after changes are posted constitutes your acceptance of the updated policy.

10. Contact

If you have any questions, concerns, or requests regarding this privacy policy or how your data is handled, you can reach us through the following channels:

• Email: [email protected]
• Telegram: @roothk
• In-app support chat available within Root AI

We will respond to privacy-related inquiries as promptly as possible.