Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account information: name, email address, company name, job title, and phone number when you create an account or book a consultation
• Payment information: billing address and payment card details (processed securely by Stripe — we do not store card numbers)
• Communications: messages you send us via email, contact forms, or our platform chat features
• Project data: information you enter into RootLogic PMO Hub including project details, risks, milestones, and Salesforce org information

1.2 Information Collected Automatically

• Usage data: pages visited, features used, time spent, and actions taken within our services
• Device information: browser type, operating system, IP address, and device identifiers
• Cookies and tracking: as described in our Cookie Policy
• AI interaction logs: interactions with our AI agents are logged for safety, quality, and compliance purposes as described in Section 4

2. How We Use Your Information

• Provide, maintain, and improve our services
• Process transactions and send related information including confirmations and invoices
• Send administrative communications including changes to terms, conditions, and policies
• Respond to your comments, questions, and customer service requests
• Monitor and analyze usage patterns to improve user experience
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Comply with legal obligations and enforce our agreements
• Send marketing communications (with your consent, and you may opt out at any time)

3. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

3.1 Service Providers

We share information with trusted service providers who assist us in operating our services, including:

• Anthropic: powers our AI agents (Doris) — subject to Anthropic's privacy policy and data handling agreements
• Stripe: payment processing
• Railway: cloud infrastructure and hosting
• Vercel: frontend hosting
• Dropbox Sign: electronic signature services
• QuickBooks Online: invoicing and accounting

3.2 Legal Requirements

We may disclose your information if required by law, subpoena, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.3 Business Transfers

If RootLogic is acquired, merged, or undergoes a similar transaction, your information may be transferred as part of that transaction, subject to the same privacy protections.

4. AI Data Handling

When you interact with our AI agents including Doris, your interactions are:

• Logged in our DorisAuditLog for safety, quality, and AppExchange compliance purposes
• Processed by Anthropic's API to generate responses — subject to Anthropic's usage policies
• Retained for the duration of your engagement plus the period required by applicable compliance obligations
• Reviewed by our team when flagged by content or integrity monitoring systems

We do not use your project data to train AI models. Your Salesforce organization data accessed during consulting engagements is treated as confidential per your SOW.

5. Data Security

We implement industry-standard security measures to protect your information including TLS encryption for all data in transit, AES encryption for sensitive data at rest, access controls and authentication requirements, regular security assessments, and monitoring for unauthorized access.

No method of transmission over the Internet is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Your Rights and Choices

6.1 Access and Correction

You may request access to or correction of your personal information by contacting us at legal@rootlogicconsulting.com. We will respond within 30 days.

6.2 Deletion

You may request deletion of your account and associated personal information. Some information may be retained as required by law or legitimate business purposes such as fraud prevention and financial records.

6.3 Marketing Communications

You may opt out of marketing emails by clicking the unsubscribe link in any marketing email or contacting us directly. You will continue to receive transactional emails related to your account.

6.4 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information (we do not sell personal information). Contact us to exercise these rights.

6.5 European Residents (GDPR)

If you are located in the European Economic Area, you have rights under the General Data Protection Regulation including access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. Contact us at legal@rootlogicconsulting.com to exercise these rights.

7. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy. Specifically:

• Account information: retained for the life of your account plus 3 years
• Transaction records: retained for 7 years for tax and accounting purposes
• AI interaction logs: retained for 2 years minimum per ISV compliance requirements
• Executed legal documents (SOWs, change orders): retained for 7 years

8. Children's Privacy

Our services are not directed to children under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where required by law, by email. Your continued use of our services after changes take effect constitutes acceptance of the revised policy.

10. Contact Us

For privacy-related questions or to exercise your rights:
RootLogic Consulting LLC — Privacy Team
Email: legal@rootlogicconsulting.com
Website: https://rootlogicconsulting.com