Your data. Explained without the legalese.

Who we are

RootUIP ("RootUIP," "we," "us") is a content intelligence platform for civil law firms. This policy applies to rootuip.com and any product or service we offer that links to this policy.

Our company contact details, plus the controller / DPO information for GDPR purposes, are at the end of this page.

What we collect

Information you give us directly

• Contact information — name, email, phone, firm name, role — when you fill out a form, book a call, or email us.
• Account information — login credentials, billing details, and the configuration data you store in the platform.
• Communications — anything you send us via email, support tickets, or scheduled calls. We may record calls only with your explicit consent.

Information collected automatically

• Device + browser — IP address, user agent, referrer, timezone, screen size.
• Usage — pages viewed, time on page, clicks, search queries within the site.
• Cookies + similar technologies — see Cookie Policy.

Information from third parties

• Public professional records — for attorneys featured in the Author Network, we verify bar status and licensing through public state-bar records.
• Analytics + advertising partners — aggregated reports about site performance and ad campaigns.

How we use it

We use your information to:

• Operate and improve the platform
• Respond to inquiries, schedule calls, and provide support
• Send service-related emails (billing, security, product changes)
• Send marketing emails if you've opted in (you can opt out anytime)
• Detect, prevent, and respond to fraud, abuse, and security incidents
• Comply with legal obligations (tax, regulatory, court orders)
• Generate aggregated, anonymized statistics that we may publish (e.g., "civil firms using RootUIP rank on page one in 90 days")

We do not sell your personal information. We do not use it to train third-party AI models.

Legal bases (GDPR)

If you're in the EU, UK, or another GDPR-aligned jurisdiction, here's the legal basis for each use:

Who we share it with

We share data only with vendors who help us run the service, under written data-processing agreements. Categories include:

• Hosting + infrastructure — for serving the site and storing data
• Analytics — to understand product usage
• Email + scheduling — for transactional and marketing email, and call booking
• Payment processing — for billing
• Customer support — for ticketing and live chat (if applicable)

We may also disclose information when required by law, to protect our rights, or as part of a corporate transaction (merger, acquisition) — in which case we will notify affected users.

Cookies & tracking

We use a small number of cookies and similar technologies. The full breakdown — what each one does and how to opt out — is in the Cookie Policy. You can change your choice at any time via the Cookie Settings link in the footer.

How long we keep it

• Account data — for the life of your account, plus 3 years after deletion (for billing, audit, and legal-defense purposes), unless you request earlier deletion.
• Marketing leads — up to 24 months after last interaction, then deleted or anonymized.
• Server logs — 30 days for diagnostics, then aggregated.
• Backups — encrypted, rotated out within 90 days.

Your rights

You can ask us to:

• Access the personal data we hold about you
• Correct data that is inaccurate
• Delete data we no longer need to keep
• Restrict or object to certain processing
• Port your data to another service
• Withdraw consent for marketing or non-essential cookies

Email [email protected] with your request. We respond within 30 days. If you're not satisfied with our response, you can lodge a complaint with your supervisory authority (in the EU, that's your national DPA; in the UK, the ICO).

California rights (CCPA / CPRA)

California residents have specific rights under the California Consumer Privacy Act and the California Privacy Rights Act. In addition to the rights above, you may:

• Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes, and the categories of third parties we share with.
• Opt out of sale or "sharing" — we don't sell or share personal information, but you can confirm this at any time.
• Limit the use of sensitive personal information — we collect only the minimum needed to operate the service.
• Designate an authorized agent to make a request on your behalf.

To exercise any of these rights, email [email protected] with "California Privacy Request" in the subject line. We will not discriminate against you for exercising your rights.

Security

We use industry-standard safeguards: TLS 1.2+ in transit, AES-256 at rest, role-based access, audit logging, and least-privilege principles. No system is 100% secure — but we work hard to make ours close. If we ever experience a breach affecting your data, we will notify you and the relevant authorities within the timeframes required by law (72 hours under GDPR).

Children

RootUIP is a B2B product for law firms. It is not intended for and not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with information, contact us and we will delete it.

International transfers

RootUIP is operated from the United States. If you access the service from outside the US, your data will be transferred to and processed in the US. For transfers from the EU/UK, we rely on Standard Contractual Clauses (SCCs) and equivalent safeguards. You can request a copy of our SCC documentation at [email protected].

Changes to this policy

We update this policy when our practices change. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via email (if you have an account) or a banner on the site. Continuing to use RootUIP after a change means you accept the updated policy.

Contact

Questions, requests, or concerns about this policy or your data: