Last update: March 26, 2021
Managing panic attacks and anxiety is a journey. Our hope is for Rootd to be your partner along the way – available to offer support any time, any where, for any reason.
Any successful partnership needs to start with trust. For this reason, and countless others, we take the privacy of your data seriously.
1. What Data We Collect
We collect information that alone or in combination with other information in our possession could be used to identify you (“Personal Data”) as follows:
Personal Data You Provide: We collect the following categories of Personal Data from you when you create an account, sign up for our newsletter, use the Service, or communicate with us:
- Identification Data: We collect your email address, name or nickname you provide when creating your account, password you set, the telephone number and name of the emergency contact you provide, and unique identifiers assigned by third party platforms (such as analytics or communication tools).
- Stats Page Data: We collect information relating to your account stats page, such as the number of panic attacks conquered, warrior points, healing streak, and time spent using the Breathr and Visualizr tools.
- Communication Data: We may collect information when you contact us with questions or concerns and when you voluntarily respond to questionnaires, surveys, or requests for market research seeking your opinion and feedback. Providing this information is optional to you.
- Social Media Data: We have pages on social media sites like Instagram, Facebook, Twitter, and LinkedIn (“Social Media Pages”). When you interact with our Social Media Pages, we may collect Personal Data that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.
- Stats Page Check-In Data (STAI-6 Survey): The State-Trail Anxiety Inventory (STAI) is a commonly used measure of how strong a person’s feelings of anxiety are. All of the individual-level data you provide in connection with this feature will be processed by Rootd solely for the purpose of providing you with the Check-In feature. If you are a member through a Community Subscription, we may report aggregate or anonymized data to such organizations, but will never do so in a manner that identifies you as an individual. Please see the How We Share Data section below for more information.
Rootd does not collect or process credit or debit card (“Payment Card”) data. Apple and Google collect Payment Card data with respect to in-app purchases made through the Apps, and our payment processor Stripe collects Payment Card data with respect to purchases made through the Websites. Such payment processors generally provide us with some limited data related to you, such as a unique, anonymous token that enables you to make additional purchases using the data they’ve stored, and your card’s type, expiration date, billing address, and the last four digits of your card number.
Internet Activity Data: When you visit, use, and interact with the Service, we may receive certain information about your visit, use, or interactions. For example, we may monitor the number of people that visit the Service, peak hours of visits, which page(s) are visited, the domains our visitors come from (e.g., google.com, yahoo.com, etc.), and which browsers people use to access the Service (e.g., Chrome, Firefox, Microsoft Internet Explorer, etc.), broad geographical information, and navigation pattern. In particular, the following information may be created and automatically logged in our systems:
- Log Data: Information that your browser automatically sends whenever you visit the Site. Log Data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interacted with the Site. Such Log Data is also collected when you interact with the App.
- Device Data: Includes name of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings.
- Usage Data: We collect information about how you use our Service, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities.
- Location Data: We may derive a rough estimate of your location from your IP address to understand your broad, non-specific geographic location to help us identify groups of users by general geographic market
- Email Open/Click Data: We use pixels in our email campaigns that allow us to collect your email and IP address as well as the date and time you open an email or click on any links in the email.
On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the following links for guidance on how to modify your web browser’s settings on the most popular browsers: Apple Safari, Google Chrome, Internet Explorer, Mozilla Firefox.
Advertising: We partner with third parties, such as Facebook and Google, to manage our advertising of the Service on other sites or platforms as well as across your other devices based on your past visits to our Website. Our third party partners may use technologies such as cookies to gather data about your activities within the Service to deliver such advertising to you, such as retargeting ads. We are not always able to respond to do-not-track signals. For more data about interest-based ads, including how to opt-out of having your web-browsing data used for behavioural advertising purposes, please visit www.aboutads.info/choices. Please note that this does not opt you out of being served ads. You may continue to receive generic ads on these third party platforms. You may also opt out of receiving ads across devices by adjusting your ad preference in your Google account.
If you access the Site on your mobile device, you may not be able to control tracking technologies through the settings.
2. How We Use Data
We may use Personal Data for the following purposes:
- To provide the Service and help you track your journey managing anxiety and panic attacks and display your progress over time;
- To verify your ownership of your account;
- To authenticate your access to the Service;
- To respond to your inquiries, comments, feedback, or questions;
- To send administrative information to you, for example, information regarding the Service and changes to our terms, conditions, and policies;
- To analyze and better understand how you interact with our Service;
- To maintain and improve the Service;
- To develop new products and services;
- To prevent fraud, criminal activity, or misuses of our Service, and to ensure the security of our IT systems, architecture, and networks; and
- To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
Marketing. We may use your Personal Data to contact you to tell you about products or services we believe may be of interest to you. For instance, if you elect to provide your email, we may use that information to send you special offers. You may opt out of receiving emails by following the instructions contained in each promotional email we send you. In addition, if at any time you do not wish to receive future marketing communications, you may contact us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications but we may continue to contact you regarding management of your account, other administrative matters, and to respond to your requests.
3. How We Share Data
Rootd does not sell your Personal Data. In certain circumstances we may share the categories of Personal Data described above without further notice to you, unless required by the law, with the following categories of third parties:
Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share Personal Data with vendors and service providers, including providers of cloud hosting/computing services, database providers, email delivery and in-app/push messaging services, advertising and marketing services, payment processors, content monitoring services, and web, subscription, and app analytics services. Pursuant to our instructions, these parties will access, process, or store Personal Data in the course of performing their duties to us. We take commercially reasonable steps to ensure our service providers adhere to the security standards we apply to your Personal Data.
Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your Personal Data and other information may be shared in the diligence process with counter-parties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Service, or the public, or (v) protect against legal liability.
Advertisements: We may share data with third parties, such as Facebook, in order to serve Rootd advertisements on such third party platforms, to the extent that you have consented to such practices under applicable law.
Corporate and other Community Sharing: If you access the Service as part of a company plan, government program, or wellness platform, we may share aggregate Personal Data with the organization you are associated with, and use the aggregated information to analyze the effectiveness of our Service, to improve and add features to our Service, and for other similar purposes. As part of analyzing the effectiveness of our Service, we may share aggregate or anonymized data with educational institutions strictly for scientific research purposes.
While Rootd is a consumer products company, there is increasing interest by large consumer communities (corporations, universities, hospitals, governments, etc.) (“Communities”) to introduce the Service to their employees and members. If you have registered to use the Service through a code or other registration credential furnished by a Community (a “Community Subscription”), the Community will have access to your name and the date you registered to use the Products and will have access to your usage information on an aggregated basis with all other members of the Community that are using the Products. While we do not otherwise share your personal information with your Community, when you register to use the Products you will have the opportunity to opt-in to agree to share additional personal information as well as usage information with your Community, and in this case, your Community will have access to this information. For example, many employers are offering incentive programs based on employee participation in health & wellness programs and desire to better understand how each of their employees is using the Products.
Our Service is not directed to children who are under the age of 16. Rootd does not knowingly collect Personal Data from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided Personal Data to Rootd through the Service please contact us and we will endeavour to delete that information from our databases.
5. Other Websites
The Service may, from time to time, contain links to other websites not operated or controlled by Rootd, including those of our partner networks, advertisers, and affiliates. If you follow a link to any of these external websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these websites or their policies. Please check these policies before you submit any personal data to these external websites.
You use the Service at your own risk. We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or e-mail. Please keep this in mind when disclosing any Personal Data to Rootd via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third party websites.
7. International Users
Rootd is based in Canada and processes information in Canada, which may not provide equivalent levels of data protection as your home jurisdiction.
8. Your Choices
Account Information: Please contact us at [email protected] if you need to change, correct, or delete your Personal Data. We will respond to your request in a reasonable timeframe. To reset your password, click the link on the Sign In page of the Apps. If you wish to disable your account, please contact us, but note that we retain certain information when required or permitted by law. We also retain cached or archived copies of information about you for a certain period of time.
Promotional Communications: You may opt out of receiving promotional emails from Rootd by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
Mobile Push Notifications/Alerts: With your consent, we send promotional and other push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
9. Your Rights as a Data Subject
The sections below apply to you if you use the Service while in Switzerland, the United Kingdom, or the European Economic Area (collectively, “Europe”).
Legal Basis for Processing
When we process your personal data we will only do so in the following situations:
- As necessary to perform our responsibilities under our contract with you (like providing the products or services you have requested);
- When we have a legitimate interest in processing your personal data, including to communicate with you about changes to the Service, to help secure and improve the Service (including to prevent fraud), and to analyze use of the Service;
- As necessary to comply with our legal obligations; and
- When we have your consent to do so.
Data Subject Requests
Subject to certain limits and conditions provided under law, you have the following rights:
- You have the right to access personal data we hold about you and to ask that your personal data be corrected, erased, or made available in a portable form.
- You also have the right to object to certain processing (like receiving direct marketing), or request that we restrict processing in certain circumstances (like to retain but not further process pending resolution of a claim).
- When we ask for your consent, you may withdraw that consent at any time.
- You have the right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning personal data about you. We encourage you to first reach out to us at [email protected] so we have an opportunity to address your concerns directly before you do so.
If you would like to exercise any of these rights and can’t do so directly via the Service or your device, you may contact us as indicated below.
10. Your Rights as a Resident of California
This section provides additional disclosures required by the California Consumer Privacy Act (or “CCPA”).
In the last 12 months, we collected the following categories of personal information: identifiers (such as name and contact information); internet or other electronic network activity information (such as browsing behaviour); and approximate geolocation data. For more details about the personal information we collect, including the categories of sources, please see the “What Data We Collect” section above. We collect this information for the business and commercial purposes described in the “How We Use” section above. We share this information with the categories of third parties described in the “How We Share Data” section above.
Subject to certain limitations and exceptions, the CCPA provides California consumers the right to request to know more details about the categories and specific pieces of personal information, to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
We do not “sell” the personal information we collect (and will not sell it in the future without providing a right to opt out).
California consumers may make a rights request by contacting us as indicated below. We will verify your request by asking you to provide information that matches information we have on file about you. Consumers can also designate an authorized agent to exercise these rights on their behalf, but we will require proof that the person is authorized to act on your behalf and may also still ask you to verify your identity with us directly.