1. Introduction
Welcome to SelfLab. This Privacy Policy explains how ROOTS TO LLC ("we," "us," or "our") collects, uses, and discloses information about you when you access or use our website and services (collectively, the "Service"). We are committed to protecting your privacy and handling your data in an open and transparent manner.
This Policy applies to information we collect when you:
- Visit our website.
- Register for a SelfLab account.
- Use our Service to analyze coaching sessions.
- Communicate with us.
By using our Service, you agree to the collection and use of information in accordance with this policy.
2. What Information We Collect
We collect information in two main ways: information you provide to us directly, and information we collect automatically.
A. Information You Provide to Us:
- Account Information: When you register for an account, we collect your name, email address, company name (if applicable), and password (in a hashed format).
- Payment Information: When you make a purchase, our third-party payment processor, Stripe, Inc., collects your payment card information. We do not store or have access to your full payment card details on our servers.
- Communications: If you contact us directly (e.g., via our support email), we will maintain a record of that correspondence.
- Content You Upload ("Your Content"): When you use the Service, you upload audio recordings and related materials. The personal data within this content is processed by us on your behalf, as detailed in our Data Processing Addendum (DPA).
B. Information We Collect Automatically:
- Log and Usage Data: Like most websites, we automatically collect log files and usage data when you visit our site or use our Service. This information includes your IP address, browser type, operating system, referral URLs, pages viewed, and timestamps.
- Cookies and Similar Technologies: We use cookies to operate and administer our site and to improve your experience. Our Cookie Policy is detailed in Section 9 below.
3. How We Use Your Information
We use the information we collect for specific purposes, linking the data type to the function:
- To Provide and Maintain the Service: We use your Account Information and Payment Information to create and manage your account, process transactions, generate reports, and provide customer support.
- To Improve and Personalize the Service: We use Log and Usage Data to understand how our users interact with the Service, to develop new features, and to personalize your experience. We may also use anonymized and aggregated data for this purpose as described in our Terms of Service.
- To Communicate with You: We use your Account Information (specifically your email address) to send you essential service-related announcements (e.g., technical notices, security alerts) and, with your explicit consent, marketing communications.
- For Security and Fraud Prevention: We use Log and Usage Data (including IP addresses) and Account Information to protect our Service, our users, and the public from fraud, abuse, and security risks.
- For Legal Compliance: We may need to use and retain your information to comply with applicable laws, legal processes, or regulations.
4. Legal Basis for Processing (for EEA/UK Users)
If you are an individual in the European Economic Area (EEA) or the UK, our legal basis for collecting and using your information depends on the specific context. We will normally collect information from you only where:
- We need it to perform our contract with you (e.g., to provide the Service);
- The processing is in our legitimate interests and not overridden by your data protection interests (e.g., for fraud prevention, network security, or improving our Service);
- You give us consent to do so for a specific purpose (e.g., for marketing communications); or
- We need to process your data to comply with a legal obligation.
5. How We Share Your Information
We do not sell your personal data. We may share your information in the following limited circumstances:
- With Service Providers (Sub-processors): We share information with third-party vendors who need access to your data to perform services on our behalf (e.g., payment processing, cloud hosting, AI analysis). These providers are listed in our DPA and are contractually bound to protect your data.
- For Legal Reasons: We may disclose your information if we believe it's required by applicable law, regulation, or legal process.
- In Case of Business Transfer: If we are involved in a merger or acquisition, your information may be transferred as part of that transaction, as outlined in our Terms of Service.
6. Data Security and International Transfers
Security
We take the security of your data very seriously. We implement and maintain commercially reasonable technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, or destruction. These measures include, for example, encryption of data in transit and at rest, strict access controls, and regular security assessments.
International Transfers
Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located in the EEA, UK, or Switzerland, please note that we transfer personal data to the United States. We ensure such transfers are lawful by relying on approved data transfer mechanisms, such as the Standard Contractual Clauses (SCCs), as detailed in our DPA.
7. Data Retention
We retain your account information for as long as your account is active or as needed to provide you with the Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. For clarity, your rights to request erasure of your data may be limited by our legal obligation to retain certain information (e.g., for financial auditing purposes). We retain Your Content (audio files and reports) in accordance with the policies outlined in our Terms of Service and DPA.
8. Your Data Protection Rights
Depending on your location (e.g., EEA, UK, California), you may have the following rights regarding your personal data:
- The right to access, update, or delete your information.
- The right to rectification.
- The right to object to processing.
- The right to restrict processing.
- The right to data portability.
- The right to withdraw consent at any time where we relied on your consent to process your information.
To exercise any of these rights, please contact our Data Protection Officer at info@selflab.ai. You also have the right to lodge a complaint with a data protection authority about our collection and use of your personal data.
9. Cookie Policy
We use cookies and similar tracking technologies.
What are cookies?
Cookies are small files stored on your device (computer or mobile device).
What types of cookies do we use?
- Essential Cookies: These are necessary for the Service to function and cannot be switched off. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms.
- Analytics Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.
Your Choices
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. For more control, we recommend using a cookie consent management tool on our website.
10. Children's Privacy
Our Service is not intended for use by children under the age of 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete such information from our files as soon as possible.
11. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and, in the case of material changes, by sending you an email notification.