PRIVACY POLICY

Last Updated: January 23, 2026

1. Introduction

Rooted History ("Service") is operated by Rooted Security LLC, a Texas limited liability company. This Privacy Policy explains our data practices.

2. Data We Collect

• FamilySearch user ID and the tree data you permit via OAuth
• Email address (optional)
• Generated stories and usage metadata
• Standard web logs (IP, browser, timestamps)
• One strictly necessary session cookie

We never receive or store your FamilySearch password.

3. How We Use Your Data

• To authenticate you and generate stories using Anthropic's Claude models
• To enforce usage limits
• To improve the Service and troubleshoot
• To communicate with you

Legal bases (GDPR): contract performance, legitimate interests, and legal obligations.

3a. Quality Assurance and Content Review

We may review generated content, including biographies and investigation results, for quality assurance, service improvement, and linguistic accuracy verification. When sharing content with third-party reviewers or consultants, all user-identifying information (such as account details and email addresses) is removed. Information about deceased ancestors contained in generated content is not considered personal data under applicable privacy laws.

4. Data Sharing

We do not sell, rent, or share your personal data for marketing.

Data is shared only with:

• Anthropic (solely to generate stories)
• FamilySearch (OAuth & tree data)
• Essential processors (hosting, payment, email delivery) bound by contracts

5. International Transfers

Data is stored and processed in the United States. For EEA/UK/Swiss users we rely on Standard Contractual Clauses and processor certifications.

GDPR Article 27 Representative

We currently determine that our volume of EEA/UK/Swiss data subjects does not require appointment of an EU representative. If this changes we will appoint and identify one.

6. Security & Retention

We use industry-standard encryption, access controls, and monitoring.

Generated stories are kept until you delete them; account data is deleted on request (within 30 days).

7. Your Rights

EEA/UK/Swiss residents have rights of access, rectification, erasure, restriction, portability, objection, and complaint.

California residents: We do not sell or share personal information as defined by CCPA/CPRA.

Exercise rights or ask questions: privacy@rootedsecurity.io

8. Cookies

We use only one strictly necessary session cookie (`rooted_session`). No analytics or advertising cookies.

9. Children

We rely on FamilySearch's age verification and parental-consent mechanisms. We do not knowingly collect additional data from children under 13.

10. California Residents

We do not sell or share personal information. You have rights to know, delete, and non-discrimination.

11. Changes

Material changes will be notified by email or prominent notice.

12. Contact

Rooted Security LLC

PO Box 7311, Spring, TX 77387

Email: privacy@rootedsecurity.io

Website: https://rootedhistory.io