Last updated: 1 May 2025

Privacy Policy

Rootline, Inc. ("Rootline", "we", "us") takes privacy seriously. This policy describes what information we collect when you use Rootline, how we use it, and the choices you have. If you have questions, email us at hi@rootline.io.

1. Information we collect

Account information: When you sign up we collect your name, email address, company name, and role.

Infrastructure signal data: Rootline ingests telemetry from your connected integrations — including metrics, logs, traces, deployment events, and topology data — to perform root cause analysis. This data is processed and stored in accordance with the terms you agree to.

Usage data: We collect data about how you interact with the Rootline application, including features used, investigations viewed, and integrations connected.

Communications: If you contact us by email or through the product, we retain those communications to respond and improve our support.

2. How we use your information

  • To operate and improve the Rootline platform
  • To perform root cause correlation across your infrastructure signals
  • To send you product updates, security notices, and support responses
  • To aggregate anonymised usage analytics to improve the product
  • To comply with legal obligations

We do not sell your data or use it to train third-party AI models without your explicit consent.

3. Sharing your data

We share data with third parties only in these limited circumstances:

  • Service providers: Hosting (AWS), analytics, and customer support tools — bound by data processing agreements
  • Legal requirements: If required by law, court order, or to protect our legal rights
  • Business transfers: In the event of a merger or acquisition, subject to standard protections

We never sell personal information to data brokers or advertising networks.

4. Data retention

We retain account data for the duration of your subscription and up to 90 days after deletion. Infrastructure signal data is retained per your plan (30 days on Starter, 12 months on Team, configurable on Enterprise). You can request full deletion at any time.

5. Security

Rootline is SOC 2 Type II certified. We use encryption at rest and in transit (TLS 1.2+), role-based access control, and regular third-party penetration testing. See our Security page for full details.

6. Your rights

Depending on your location, you have rights including: access, rectification, deletion, portability, restriction of processing, and objection. To exercise any right, email hi@rootline.io. We will respond within 30 days.

7. Cookies

We use essential cookies to operate the application (session management, authentication). We use analytics cookies to understand how the product is used. You can disable analytics cookies in your browser settings. We do not use advertising cookies.

8. GDPR and international transfers

Rootline is GDPR compliant. Our lawful basis for processing is contract performance and legitimate interests. Data is stored in the EU and US. International transfers use Standard Contractual Clauses. Enterprise customers can request a DPA.

9. Changes to this policy

We will notify you of material changes by email or in-product notice at least 14 days before they take effect. Your continued use after that date constitutes acceptance.

Questions about this policy?

Email our privacy team at hi@rootline.io — or write to Rootline, Inc., 548 Market St, San Francisco, CA 94104.