Legal

Privacy Policy

How we collect, use, and protect your family's data — written so a real person can read it.

Last updated: July 2025 GDPR · UK GDPR · CCPA

Key Points

  • We don't sell your data. Ever. No ads, no brokers.
  • You own your content. Export everything any time, in-app.
  • Encrypted in transit and at rest. On Google Cloud / Firebase.
  • Delete on request — we propagate the delete to every subprocessor.

1. Introduction

EverRoots ("we," "our," or "us") is committed to protecting the privacy of your personal and family data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and mobile application.

By using EverRoots, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Information You Provide

  • Account Information: Name, email address, and password when you create an account
  • Profile Information: Photos, biographical details, and family relationships you choose to add
  • Family Content: Stories, recipes, photos, videos, audio recordings, and documents you upload
  • Waitlist Information: Name, email, and optional family size when you join our waitlist
  • Communications: Information you provide when you contact us

Information Collected Automatically

  • Usage Data: How you interact with our services (features used, time spent)
  • Device Information: Device type, operating system, browser type, and unique identifiers
  • Log Data: IP address, access times, and referring URLs
  • Cookies: See our Cookie Policy for details

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the EverRoots platform
  • Create and manage your account
  • Enable family sharing and collaboration features
  • Send you updates, notifications, and marketing communications (with your consent)
  • Respond to your inquiries and support requests
  • Ensure security and prevent fraud
  • Comply with legal obligations

4. Data Sharing

We do not sell your personal data. We may share information with:

  • Family Members: Content you explicitly share with family members on the platform
  • Service Providers / Subprocessors: Trusted third parties who process data on our behalf under written Data Processing Agreements (see Subprocessors below)
  • Legal Requirements: When required by law or to protect our rights

Subprocessors

The following third parties process limited categories of personal data strictly to deliver EverRoots features. Each is bound by a DPA that includes deletion-on-request and EU Standard Contractual Clauses where applicable. We will update this list when we onboard or remove a subprocessor.

  • Google Cloud / Firebase (Authentication, Firestore, Cloud Storage, Cloud Functions, Crashlytics, Analytics, Cloud Messaging) — primary hosting, identity, and backend infrastructure. DPA.
  • OpenAI — AI-assisted features such as story prompts, summarization, and AI-Persona conversations. Inputs are not used to train OpenAI models under our API agreement. Policy · DPA.
  • ElevenLabs — voice synthesis for Voice/Video Legacies and AI-Persona playback. Policy · DPA.
  • RevenueCat — subscription entitlement, receipt validation, and billing analytics. Cannot access your family content. Policy · DPA.
  • Apple App Store & Google Play — payment processing, refunds, and tax-mandated receipt retention.
  • MailerSend — transactional email (data-export ready notifications, deletion confirmations, account alerts). Policy.
  • Sentry / Firebase Crashlytics — anonymized crash and error diagnostics. No family content is included.

We do not share any data with advertising networks or data brokers.

5. Data Security

We implement industry-standard security measures including:

  • Encryption of data in transit (TLS) and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication
  • Secure cloud infrastructure (Google Cloud / Firebase)

While we strive to protect your data, no method of transmission over the internet is 100% secure.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Legacy data (Forever Letters, Soul Capsules) is retained according to your designated preferences and Legacy Guardian settings. You may request deletion of your data at any time.

7. Your Rights

Depending on your location (GDPR, UK GDPR, CCPA / CPRA, LGPD, and similar laws), you have the right to:

  • Access & portability (Art. 15 / 20): request a machine-readable copy of your data via Me → Privacy Controls → Export my data
  • Correction (Art. 16): edit profile and content directly in the app
  • Erasure (Art. 17): permanently delete your account in-app, or via our public Delete Account page if you cannot reach the app
  • Withdraw consent for data processing
  • Object to or restrict certain processing activities
  • Lodge a complaint with your local supervisory authority

We respond to verified requests within 30 days. When you delete your account, we instruct each subprocessor listed above to erase associated personal data per their DPA, except where retention is legally required (e.g., billing receipts).

8. Children's Privacy

EverRoots is designed for families, but accounts must be created by users aged 13 or older. Children's profiles within a family tree are managed by adult family members. We do not knowingly collect personal data from children under 13 without parental consent.

9. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at: