Privacy Policy

Last updated: 7 June 2026

The short version

  • We collect what we need to run Root: your email, name, study sessions, and basic usage data.
  • We never see your card details — Stripe handles all payments.
  • Your tutoring conversations, test papers and revision are processed by our AI provider, Google (Gemini), to generate replies (with Anthropic's Claude retained only as a backup if Google is temporarily unavailable). They are not used to train AI models, by us or by them.
  • We don't sell your data. Ever.
  • You can download or delete everything we hold on you, anytime, from Settings.
  • Root is for users aged 13 and over. If you're under 18, you need a parent or guardian's consent to use a paid plan.

The full policy below is the legally binding version. If anything below contradicts the summary, the full policy wins.

1. Who we are

This Privacy Policy explains how Root (“Root,” “we,” “us,” or “our”) collects, uses, and protects personal information when you use the website at roottutor.comand the related services (the “Service”).

Root is operated by Root Tutor AI Ltd. For any privacy question, contact us at privacy@roottutor.com.

2. What we collect

We collect different kinds of information depending on how you interact with the Service.

2.1 Account information

When you create an account, we collect:

  • Your email address and display name (received from Google when you sign in with Google, or entered directly).
  • Your Google account identifier (a unique ID provided by Google for OAuth sign-in — not your password).
  • A profile photo if your Google account has one. This is optional and only used inside Root.

2.2 Onboarding information

During onboarding you may tell us your year level, the subjects you study, and your goals. This is used to personalise the tutoring experience.

2.3 Usage information

When you use the Service we collect the content you create and the way you interact with Root, including:

  • Study sessions and chat messages exchanged with the Root tutor.
  • Test papers you generate, your answers, and the feedback Root provides.
  • Revision activity, flashcards, progress data, streaks, topics studied and the time at which you studied them. We use this study activity (which topics, how recently, your accuracy on revision walkthroughs) to schedule personalised study and streak reminder emails.
  • Files or images you upload (for example, a worksheet you have a question about, or notes and past papers you add to a study unit). When you add files to a unit, Root reads them once to build a short topic summary it keeps as study context for that unit.
  • Notes you save in a unit — notes you write yourself, messages or suggestions you save from the tutor, and the short summaries Root generates of a study session or a completed unit.
  • Aggregate usage signals such as feature interactions, button clicks, and time spent on the Service.

2.4 Billing information

Payments are processed by Stripe. We do not see, store, or have access to your full payment card number. We receive a Stripe customer ID, the last four digits and brand of the card, your billing country, your subscription tier, and the status of your subscription (active, past due, cancelled, etc.).

2.5 Technical information

Automatically collected when you use the Service:

  • IP address (used for rate-limiting and anti-abuse).
  • Browser type and version, operating system, device type, and screen size.
  • Referring URL and pages viewed within the Service.
  • Approximate location derived from IP address (country / region only).
  • Cookies and similar technologies (see Section 6).

3. How we use your information

We use the information we collect to:

  • Operate, maintain, and improve the Service.
  • Generate AI-powered tutoring responses, test papers, and feedback in response to your inputs.
  • Personalise the experience to your year, subjects, and learning history.
  • Process subscriptions, payments, refunds, and invoices through Stripe.
  • Send transactional messages (account confirmations, billing receipts, security alerts, important service notices). You cannot opt out of these while you have an active account.
  • Send study reminder emails based on your learning activity, including weekly streak reminders (when your streak is at risk of resetting) and spaced-repetition reminders (when a topic you previously studied is due for review). You can turn these off at any time from Settings → Notifications. They are on by default.
  • Detect, investigate, and prevent abuse, fraud, and security incidents.
  • Enforce our Terms of Service and comply with our legal obligations.
  • Analyse aggregated usage to understand how the Service is performing and to plan improvements.

Study reminder emails are scheduled by an automated system that reads your topic history and the time elapsed since you last revised each topic. The schedule follows established spaced-repetition research (review intervals of approximately 3, 7, 16, 35, and 70 days). At most one reminder email per day is sent to any user. The content of these emails is generated from templates filled with your first name, the topic name, the unit name, and the elapsed time — we do not generate per-email content with AI.

4. Legal bases for processing (EEA / UK users)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information on the following legal bases:

  • Performance of a contract — to provide the Service you signed up for, including running the AI tutor and processing your subscription.
  • Legitimate interests — to improve the Service, secure the platform, and prevent abuse, where these interests are not overridden by your privacy rights.
  • Consent — for optional analytics and any communications that require consent under your local law. You can withdraw consent at any time.
  • Legal obligation — where we must process information to comply with applicable laws (for example, tax or accounting rules).

5. Who we share information with

We do not sell your personal information. We share it only with the service providers listed below, each of which is bound to confidentiality and security obligations and may use your information only to provide services to us.

  • Supabase — hosts our database and stores your account, study sessions, and progress data.
  • Anthropic, PBC— provides the Claude AI models retained as a backup AI provider. Content is sent to Anthropic's API only if we temporarily fail over to it during a Google outage; in normal operation no content is sent to Anthropic. Per Anthropic's commercial API terms, API content is not used to train their models.
  • Stripe, Inc. — processes subscription payments and stores billing details.
  • Vercel, Inc. — hosts the Root web application and processes related logs.
  • Google LLC— provides “Sign in with Google” authentication, and the Gemini AI models used for all tutoring, test papers, marking, and revision. The relevant inputs are sent to Google's paid Gemini API to produce the reply. Per Google's API terms for paid services, this content is not used to train Google's models.
  • PostHog, Inc. — provides product analytics so we can understand how the Service is used.
  • Upstash, Inc. — provides rate-limiting infrastructure used to protect the Service from abuse.
  • Resend, Inc. — sends transactional and study reminder emails (welcome emails, referral notifications, weekly streak reminders, spaced-repetition study reminders) on our behalf. Resend receives your email address, your first name, and the contents of the email we send you.

We may also disclose information when we believe in good faith that it is required by law, court order, or government request; to enforce our Terms of Service; to protect the rights, property, or safety of Root, our users, or the public; or in connection with a corporate transaction such as a merger, acquisition, or sale of assets (in which case we will ensure the recipient is bound by privacy commitments at least as protective as this Policy).

6. AI processing and training

Root uses a third-party AI API to generate tutoring replies, test questions, marking, and revision feedback: Google's Gemini API for all of these features (with Anthropic's Claude API retained only as a backup used if Google is temporarily unavailable). When you send a message or generate a test, the relevant content is transmitted to the applicable provider's API, processed to produce the response, and the response is returned to you and stored in your account.

We do not use your study sessions, messages, generated tests, or any other personal content to train AI models. Both providers' commercial API terms state that API content is not used to train their models (this includes Google's paid Gemini API). We do not opt in to any data-sharing programs that would change this.

7. Cookies and analytics

We and our service providers use cookies, local storage, and similar technologies to keep you signed in, remember your preferences, secure your session, measure usage, and prevent abuse. You can disable cookies in your browser settings, but parts of the Service may not work without them.

Root uses PostHog for product analytics. PostHog receives anonymised event data about how you use the Service. We do not use PostHog to track you across other websites.

8. How long we keep your data

We keep your information for as long as your account is active and as needed to provide the Service. When you delete your account, we delete or irreversibly anonymise your personal information within 30 days, except where we must keep certain records to comply with legal, tax, accounting, or anti-fraud obligations (for example, transactional records held by Stripe for tax purposes), or where information has been aggregated in a way that no longer identifies you.

Inactive free-tier accounts may be deleted after a prolonged period of inactivity (we will give notice by email before doing so).

9. Your rights

Depending on where you live, you may have the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you.
  • Portability — receive your data in a machine-readable format. You can do this yourself from Settings → Download my data.
  • Correction — correct inaccurate or incomplete information.
  • Deletion — delete your account and the personal information we hold about you. You can do this yourself from Settings → Delete account.
  • Restriction or objection — restrict or object to certain processing.
  • Withdraw consent — where we rely on consent, withdraw it at any time.
  • Lodge a complaint with your local data protection authority. (UK: ICO. EU: your member-state authority. California: California Privacy Protection Agency.)

To exercise any right that isn't available in-app, email privacy@roottutor.com. We will respond within 30 days. We may need to verify your identity before acting on your request.

10. Children's privacy

Root is intended for users aged 13 and over. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, email privacy@roottutor.com and we will delete it.

If you are between 13 and 17(or under the age of majority in your country), you may use the free tier on your own, but you must have a parent or legal guardian's consent to subscribe to a paid plan. By subscribing, you confirm that consent has been given.

11. International transfers

Root is a global service. Your information may be processed in countries other than the one you live in, including the United States and the European Union, where our service providers operate. Where we transfer personal data out of the UK, EEA, or other regions with similar protections, we rely on transfer mechanisms approved by the relevant authority — typically Standard Contractual Clauses or equivalent.

12. Security

We use industry-standard technical and organisational measures to protect your personal information, including encryption in transit (HTTPS), encryption at rest for our database, access controls, rate limiting, and routine security reviews. No system can be guaranteed 100% secure; if we become aware of a security incident affecting your data, we will notify you in line with applicable law.

13. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through an in-app notice before the changes take effect. The “Last updated” date at the top of this page tells you when the current version became effective.

14. Contact us

If you have questions about this Policy or how we handle your data, email us at privacy@roottutor.com.

← Back to home