Privacy Policy

Last Updated: February 24, 2025

‍

1. Introduction

Roostr Inc. (“we,” “us,” or “our”) operates Roostr – including our website (https://www.getroostr.com) and our application (https://app.getroostr.com) – to provide AI-assisted procurement and quoting services. This Privacy Policy explains how we collect, use, store, and share your information when you use our Service. By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Note: We do not process your personal information for targeted advertising, nor do we use Google Workspace APIs (or data obtained from them) to develop, improve, or train generalized AI and/or ML models.

‍

2. Information We Collect

2.1. Account Information

When you register for our Service, we collect personal information you voluntarily provide, such as:

• Your name

• Your email address

2.2. Email Data and Integration Information

Through our Google integration, we access:

• Google Users:

• Email content from your Gmail account (only from your pre-approved whitelist)

• Email labels, drafts, and sent emails

• Google scopes we request include: gmail.labels, userinfo.email, userinfo.profile, openid, gmail.send, auth/gmail.modify, and gmail.compose

• Microsoft Users:

• We request scopes such as offline_access, openid, profile, User.Read, Mail.Read, Mail.Read.Shared, Mail.ReadWrite, Mail.ReadWrite.Shared, Mail.Send, and Mail.Send.Shared to facilitate integration.

2.3. Usage Data

We may collect usage information (e.g., log files and device data) to help us improve our Service. At present, we do not use this data for analytics or marketing purposes.

‍

3. How We Use Your Information

We process your personal information for purposes including, but not limited to:

• Providing and Maintaining the Service:

To facilitate account creation, authenticate users, and ensure smooth operation of the Service.

• Communication:

To contact you regarding account-related matters, updates, or customer support.

• Email Processing via Whitelist:

We operate a whitelist system so that only email communications from contacts or domains you pre-approve are processed. Emails not on your whitelist are ignored.

• Service Improvement:

To analyze usage patterns, troubleshoot issues, and enhance the Service.

• Database Management:

To structure rate information and store processed email data in our database for future reference and search functionality.

Important Use Limitations:

• No Targeted Advertising:

We do not use your information to deliver targeted advertising or sell your data to third parties.

• Google Workspace APIs:

We expressly do not use data from Google Workspace APIs to develop, improve, or train generalized AI and/or ML models.

Note: As a vertical SaaS company focused on deep domain expertise, you may use data to fine-tune specialized AI models that enhance our procurement and quoting functions.

‍

4. Legal Bases for Processing

We process your personal information only when we have a valid legal basis, including:

• Consent: When you have provided explicit permission.

• Contractual Necessity: To fulfill your requests and provide our Service.

• Legal Obligations: To comply with applicable laws and regulatory requirements.

• Legitimate Interests: When necessary for our business purposes, provided your interests and rights are not overridden.

For users in the EU, UK, Canada, and other regions with specific data protection laws, additional rights may apply. Please see Section 8 for details on your rights.

‍

5. Data Storage and Retention

• Retention:

We retain your data for as long as your account remains active or as needed to fulfill the purposes described in this Policy. If you terminate your account, you may request deletion of your data, subject to applicable legal requirements.

• Storage:

Your processed emails and other account information are stored in our secure databases. We may retain historical records to support Service functionality (e.g., search and rate history).

‍

6. Information Sharing

We share your personal information only in limited circumstances, including:

• Service Providers:

We engage trusted third-party providers (such as MongoDB for database services, Nylas for email processing, Vercel for website hosting, and Wristband for authentication) to help deliver our Service. These providers are contractually obligated to maintain confidentiality and are permitted to use your information solely to provide services on our behalf.

• Business Transfers:

In connection with a merger, sale of assets, or other business transactions, your information may be transferred, provided that the recipient agrees to protect your data in accordance with this Policy.

We do not share or sell your personal information for any business or commercial purposes, including targeted advertising.

‍

7. Data Security

We implement reasonable and appropriate technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. While we strive to secure your data, no transmission over the Internet or electronic storage method is 100% secure.

‍

8. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal information, including:

• Access: Request access to your personal data.

• Correction: Request correction of inaccurate or incomplete information.

• Deletion: Request deletion of your personal data (subject to legal obligations).

• Restriction: Request that we restrict processing of your data.

• Data Portability: Request a copy of your personal data in a structured, commonly used format.

• Objection: Object to certain processing activities.

For users in California, the EEA, UK, Canada, and other regions with specific privacy laws, additional rights (such as opt-out of data sales or targeted advertising) apply. To exercise your rights or for questions regarding your data, please contact us as provided in Section 11.

‍

9. Children’s Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe that we have inadvertently collected such data, please contact us so that we can promptly delete it.

‍

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page along with an updated “Last Updated” date. We encourage you to review this Policy periodically.

‍

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us by email at:

support@getroostr.com

For matters specifically related to our Service and email integrations, you may also reach out to:

mmote@getroostr.com

‍