Rooted — Privacy Policy
Last updated: 17 June 2026
Rooted helps you track your sleep and dreams. This policy explains what we collect, why, who
processes it, and the control you have. We follow a privacy-by-design approach:
we collect the minimum needed, protect it in transit and at rest, and make deletion easy and complete.
What we collect
- Account data: your email address (sign-in) and an optional display name.
- Sleep data: sleep sessions, stage estimates, and scores derived from your device's motion sensor.
- Dream data: dream narratives you write, optional pre-sleep mood, and AI-generated themes/insights.
- Audio recordings (optional): nightly audio you choose to record. Recordings remain
on your device unless you save a dream with audio while signed in, in which case the
file is uploaded to your own private, access-controlled cloud storage.
- Push token (optional): if you enable notifications.
- Diagnostics: basic crash/error information to keep the app working.
We do not sell your data, and we do not use your dreams, audio, or sleep data for advertising.
How your data is protected
- Encrypted in transit (HTTPS/TLS) and at rest by our infrastructure provider.
- Every record is isolated to your account by row-level security — other users cannot access your data.
- Sign-in tokens are stored in your device's secure keystore.
Sub-processors
We share data only with the service providers needed to run the app:
| Provider | Purpose | Data shared |
|---|
| Supabase | Authentication, database, private file storage | Account, sleep, dream, mood data; audio recordings you save |
| Anthropic (Claude) | AI dream analysis (themes, insight, reflection) | The text of the dream you submit for analysis |
Dream text is sent to Anthropic only when you request analysis. Per their terms, API content is not used to train their models.
Data retention and deletion
- Your data is kept while your account is active.
- You can delete everything at any time. Settings → Delete account permanently erases your
dreams, sleep history, moods, push token, profile, and any uploaded audio from our servers, and removes your
account — in addition to wiping local data. This is irreversible (GDPR Article 17).
- To request a copy of your data, contact us at the email below.
Your rights
Depending on where you live (e.g. GDPR / UK GDPR / CCPA), you have rights to access, correct, delete, and
export your data, and to withdraw consent. You can delete in-app; for anything else, contact us.
Children
Rooted is not directed at children under 13 (under 16 in some regions) and we do not knowingly collect their data.
Changes
We'll update this page and the "Last updated" date when this policy changes.
Contact
Questions or requests: ajayi.olusegunb@gmail.com