Privacy Operations.
We treat your calendar and attention as high-stakes assets. Our systems are engineered around complete data custody and absolute transparency.
Core Privacy Commitments
Zero Data Brokerage
We do not sell, rent, or trade your calendar metadata, schedules, or personal email address to advertising networks or third-party developers.
Envelope Encryption
Your connected accounts, integration secrets, and API access tokens are safeguarded using envelope encryption at rest, dynamically isolated from direct backend processes.
1. Information We Collect
To operate the Rootine agentic engine, we collect basic registration data (email address) and temporary auth tokens for calendars and services you explicitly grant us access to. We do not index your email contents or store calendar events unrelated to execution optimization.
2. How Data is Processed by AI Agents
Rootine uses large language models and autonomous agents to manage your focus blocks and schedule. These agents operate strictly on a transactional runtime context. We enforce secure pipelines ensuring that no calendar data or scheduling logs are used to train foundational AI models.
3. Third-party Integrations
When you connect external providers like Google Calendar, Keycloak, or Postmark, data is shared solely to execute target scheduling requests. You maintain the right to instantly disconnect these services and trigger full workspace deletion at any time.
4. Security Hardening
We deploy state-of-the-art protections, including rate limiting, honeypot filters to sinkhole bot requests, and optional Cloudflare Turnstile token validation on all public-facing API interfaces.
Contact & Data Deletion Requests
If you would like to purge your waitlist profile or exercise your GDPR/CCPA data rights, dispatch a secure request to privacy@rootine.ai.