Root Cause.AI

Privacy Policy

Last updated: June 4, 2026

1. Who We Are

Jordan Chavez is the data controller for the Root Cause.AI Service. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our application.

2. What Personal Data We Collect

  • Account data: name, email address, authentication credentials (via our auth provider).
  • Usage data: number of analyses run, feature usage, timestamps, and device/browser identifiers.
  • Support data: messages and correspondence when you contact us for help.
  • Branding data (Business tier): company name, logo, and custom styling preferences you choose to upload.
  • Analysis data: issue descriptions, 5 Whys answers, generated reports, and sign-off information you enter into the Service.

3. How We Use Your Data

  • To create and manage your account and provide the Service.
  • To enforce usage limits and tier entitlements.
  • To improve the Service, fix bugs, and develop new features.
  • To provide customer support and respond to inquiries.
  • To send important service-related notifications (e.g., subscription changes, security alerts).
  • To comply with legal obligations and prevent fraud or abuse.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance: to provide the Service you signed up for.
  • Legitimate interests: to improve our product, ensure security, and prevent fraud.
  • Consent: where you explicitly agree (e.g., optional marketing communications).
  • Legal obligation: where required by applicable law.

5. Data Sharing

We do not sell your personal data. We may share it with the following categories of recipients:

  • Service providers: hosting, analytics, and support tooling providers who help us operate the Service.
  • Paddle: our Merchant of Record, for sale of the product, subscription management, payments, tax compliance, and invoicing.
  • Professional advisers: legal and accounting professionals, where necessary.
  • Authorities: where required by law or to protect our rights.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. When you delete your account, we will delete or anonymise your personal data within 90 days, except where we need to retain it for legal compliance, security, or fraud prevention purposes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data in certain circumstances.
  • Restriction — request restriction of processing in certain circumstances.
  • Portability — request transfer of your data to another service.
  • Objection — object to processing based on legitimate interests.
  • Complaint — lodge a complaint with a supervisory authority.

To exercise these rights, contact us using the support details in the Service.

8. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit and at rest, access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

9. Cookies and Tracking

We use essential cookies and similar technologies to operate the Service (e.g., authentication sessions). We may use analytics cookies to understand how users interact with the Service. You can manage your cookie preferences through your browser settings.

10. International Transfers

Your data may be transferred to and processed in countries outside your own. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) to protect your data during international transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us via the support details provided in the Service.