Rootstead
Privacy Policy
Rootstead is a private home for the documents that run a household — IDs, insurance policies, warranties, bills. It is operated by Hubr AI ("Rootstead", "we", "us"). This policy explains what data the Rootstead iPhone app and the rootstead.app website handle, why, and the choices you have.
The short version: your documents belong to you. We collect the minimum needed to read, file, and remind. We show no ads, run no third-party analytics or tracking, and never sell or share your data for marketing.
What we collect
In the app
- Document photos and thumbnails you capture, stored in private, access-controlled storage.
- Extracted content — the fields Rootstead reads from your documents (names, dates, numbers), your corrections to them, and the records and key dates built from them.
- Questions you type into Ask, which are answered only from your own household's records.
- Your email address — only if you choose to claim your vault. You can use Rootstead without an account; claiming is optional and uses a one-time code, never a password.
- A push notification token — only if you turn on a reminder.
- An internal account identifier that scopes everything above to your household.
On the website
- Your email address, if you join the waitlist. One announcement, no marketing drip, unsubscribe any time. The website sets no analytics or advertising cookies.
How your documents are processed
When you capture a document, the app pre-reads it on your device and sends the least data necessary to be read. Processing uses service providers acting on our instructions:
- Supabase — database, authentication, and file storage.
- Amazon Web Services (Textract) — optical character recognition.
- Anthropic (Claude) — understanding the document and answering your Ask questions.
The AI services are used with zero-retention, no-training settings: your documents are processed to serve your request and are not retained by those providers or used to train their models. Data is stored in the United States.
How your data is protected
- Household isolation. Every household's records are walled off from every other's at the database level (row-level security). Your records can never surface in another family's app.
- Sensitive values encrypted at rest. High-sensitivity numbers (license numbers, account references, and similar) are stored only as ciphertext and stay masked in the app.
- Private storage. Document images live in private buckets, reachable only through short-lived signed links. There is no public URL to leak.
- Encryption in transit. All traffic uses TLS.
What we don't do
- No advertising, and no advertising SDKs.
- No third-party analytics or tracking in the app or on the site.
- No selling or renting your data — ever.
- No training AI models on your family's documents.
Retention and deletion
Your records are kept until you delete them. You can delete any document in the app (touch and hold it in your vault); this removes the document and its stored images. To delete your entire vault or account, email support@rootstead.app from the address on your vault and we will delete it within 30 days. Waitlist emails are deleted on unsubscribe or after launch announcements conclude.
Your rights
You can access and correct your records directly in the app. Depending on where you live, you may also have rights to request a copy of your data, its deletion, or restrictions on its processing — contact us at support@rootstead.app and we will honor applicable requests.
Children
Rootstead is made for the adults who run a household and is not directed at children under 13. We do not knowingly collect personal information from children under 13.
Changes to this policy
If this policy changes materially, we will update this page and note the new date above. Continued use after a change means the updated policy applies.
Contact
Questions about privacy, or a data request: support@rootstead.app.