Limited time14-day free trial, no credit card required.Start free →
Roostr
Start free →

Privacy Policy

Effective: January 1, 2026 · Last updated: January 1, 2026

This Privacy Policy explains how Roostr, Inc. ("Roostr," "we," "us") collects, uses, shares, and protects personal information when you visit our websites, sign up for an account, or use the Roostr field-service-management platform (collectively, the "Service"). It applies to information about prospective customers, account administrators, Authorized Users, and visitors to our marketing sites.

When our Customers (home-service operators) use the Service to process information about their own end customers (homeowners, tenants), the Customer is the "controller" of that data and Roostr is the "processor." Our handling of that data is governed by our agreement with the Customer (typically our Terms of Service and Data Processing Addendum). If you are an end customer of a Roostr Customer and have questions about your data, please contact that business directly.

1. Information we collect

Information you provide. Account and profile information such as your name, email address, phone number, business name, role, password (stored hashed with Argon2id), and payment method (collected and stored by Stripe; we receive tokenized references only).

Information from your use of the Service. Usage data including pages viewed, features used, clickstream events, search queries, device information, IP address, browser type, language, timestamps, referring URL, and session and error logs.

Communications. Records of your correspondence with us (support tickets, emails, in-product messages) and metadata about transactional and marketing emails we send you (send, delivery, open, bounce events, provided by Resend).

Information from third parties. If you sign in with Google, we receive basic profile information (verified email, name, profile picture). If you connect Stripe, we receive connected-account identifiers and transaction metadata.

Cookies and similar technologies. Essential cookies for sign-in and session management; analytics cookies (PostHog) for product usage; preference cookies for theme/locale. See Section 7.

2. How we use information

We use personal information to:

  • provide, operate, secure, and maintain the Service;
  • authenticate you, prevent fraud, abuse, and unauthorized access, and investigate security incidents;
  • process payments (via Stripe) and bill subscriptions;
  • provide customer support, respond to inquiries, and send service-related messages (account, billing, security, outage, and policy notifications);
  • improve the Service, develop new features, and conduct analytics, including aggregated, de-identified analytics;
  • send marketing communications about Roostr (you may opt out at any time);
  • comply with legal obligations, enforce our agreements, and exercise or defend legal claims.

AI features. When you use AI features, the inputs you provide (photos, addresses, prompts) are sent to our AI sub-processor (Anthropic) under contracts that prohibit using your inputs to train their general models. Outputs are generated for you and are subject to the AI disclaimer in our Terms of Service.

We do not sell personal information.We do not sell or "share" personal information for cross-context behavioral advertising as those terms are defined under the CCPA / CPRA.

3. Legal bases for processing (EEA / UK)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under GDPR / UK GDPR: (a) performance of a contract to provide the Service you signed up for; (b) legitimate interests in operating, securing, improving, and marketing the Service, balanced against your rights; (c) consent for optional marketing emails and non-essential cookies; and (d) compliance with legal obligations (such as tax recordkeeping). You may withdraw consent at any time without affecting prior lawful processing.

4. How we share information

We share personal information only as described below:

  • Sub-processors. Vendors that help us deliver the Service, listed at roostr.app/legal/subprocessors. Each is contractually bound to security and confidentiality standards and may use the information only to provide their service to us.
  • Customer organizations.If you are an Authorized User invited by an account administrator, your profile, role, and Service-usage data are visible to that organization's administrators.
  • Legal and safety.When required by law, subpoena, court order, or other legal process; to enforce our policies; to protect Roostr's, your, or others' rights, property, or safety; or to detect, prevent, or investigate fraud or abuse.
  • Business transfers. In connection with a merger, acquisition, financing, reorganization, or sale of assets, in which case any acquirer will be bound to honor the commitments in this Policy.
  • With your consent. For any other purpose you authorize.

5. International transfers

Roostr is based in the United States and our sub-processors are listed with their primary regions on the sub-processors page. When we transfer personal data from the EEA, the UK, or Switzerland to a country not recognized as providing adequate protection, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (Module Two), the UK International Data Transfer Addendum, and supplementary technical and organizational measures.

6. Data retention

We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods (account data, payment records, security logs, AI inputs, etc.) are described in our Data Retention Policy.

7. Cookies and tracking

We use first-party and a small number of third-party cookies. Essential cookies (authentication, session, CSRF, active-tenant) are required and cannot be disabled. Functional cookies remember preferences such as theme. Analyticscookies (PostHog) help us understand product usage; you can opt out by adjusting your browser's "Do Not Track" or Global Privacy Control signal, which we honor for the analytics surface, or by emailing privacy@roostr.app. We do not use third-party advertising cookies.

8. Security

We maintain technical and organizational measures designed to protect personal information, including TLS encryption in transit, encryption at rest, Argon2id password hashing, PostgreSQL row-level tenant isolation, signed and server-validated session cookies, webhook signature verification, audit logging of privileged actions, and least-privilege access controls. No method of transmission or storage is 100% secure; we cannot guarantee absolute security but we work to continuously raise the bar.

9. Your rights

Depending on your location you may have the right to: (a) access the personal information we hold about you; (b) request correction of inaccurate or incomplete data; (c) request deletion; (d) restrict or object to certain processing; (e) request portability of your data in a structured, machine-readable format; (f) withdraw consent where processing is based on consent; and (g) lodge a complaint with your local data-protection authority (for EEA/UK residents).

California residents (CCPA / CPRA). You have the right to know what categories of personal information we collect and the purposes for collection; to request access to and deletion of your personal information; to correct inaccurate information; and to be free from discrimination for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising. To exercise your rights, email privacy@roostr.app. You may designate an authorized agent in writing. We will verify your identity using information already on file before responding.

We respond to verifiable requests within thirty (30) days (or other period required by law). If your data was provided to us by a Roostr Customer (i.e., you are their end customer), please direct your request to that business; we will assist them as their processor.

10. Children's privacy

The Service is not directed to, and we do not knowingly collect personal information from, children under 16. If you believe a child has provided us with personal information, contact privacy@roostr.app and we will delete it promptly.

11. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top of the page reflects the most recent revision. For material changes we will provide additional notice (for example, by email or an in-product banner) before the change takes effect. Continued use of the Service after the effective date constitutes acceptance.

12. Contact us

Roostr, Inc., 1209 Orange Street, Wilmington, Delaware 19801, USA. Privacy inquiries: privacy@roostr.app. Security incidents: security@roostr.app. For EU/UK matters, you may also contact our designated representative through the same address pending appointment of a local representative.