Effective date: July 17, 2026
This Privacy Policy explains how Innovaiden, Inc. ("Innovaiden", "we", "us") collects, uses, and protects your information when you use the Roots — Family Tree iOS app and its companion web service (together, "Roots"). Roots is a private, invitation-based family tree — not a public database or social network.
If anything here is unclear, contact us at admin@innovaiden.com.
1. What Roots is
Roots lets a family build a shared, private family tree: relatives with names, dates, and places; photos and galleries; written stories; and recordings of family conversations that Roots can transcribe and turn into suggested tree entries using AI. Access to a tree is limited to its owner and the members they invite or approve.
2. Information we collect
Account information. When you create an account we collect your name, email address, and a username/password, or — with Sign in with Apple — the name/email Apple shares (including Apple's private relay email if you choose to hide yours).
Family tree content you add. Names, dates, places, occupations, notes, relationships, photos, galleries, and written stories about your relatives. This may include information about people who do not themselves use Roots (see Section 5) and about children, if you choose to add them to your tree.
Audio recordings. If you use "Grow from a Conversation," the recording you make or upload is sent to our private storage and transcribed on our servers. The transcript is processed by an AI model to suggest people and relationships. Nothing is added to your tree until you review and apply suggestions.
Photos. Headshots and gallery photos you add are stored privately and shown only to members of your tree via short-lived, signed links. Photos are never public.
Purchase information. Subscriptions and one-time purchases are processed by Apple. We receive purchase state (product, status, expiry) to unlock Premium for your tree — never your payment card details.
Technical data. Standard server logs (IP address, timestamps, request metadata) for security and abuse prevention, and per-feature usage counts (e.g., number of AI extractions) to enforce plan limits.
What we do NOT collect. No advertising identifiers, no cross-app tracking, no location, no contacts, no DNA or health data. We do not sell or rent personal information — to anyone, ever.
3. How we use information
- To run Roots: build and display your tree, sync it across your family's devices, and store your photos, stories, and recordings privately.
- To provide AI features: transcribe recordings (speech-to-text) and generate suggested people/relationships from transcripts using large language models run on our cloud infrastructure (AWS, including Amazon Bedrock). Your content is not used to train these models.
- To operate Premium: verify purchases with Apple and apply plan limits.
- To secure the service: rate limiting, abuse prevention, and audit logging.
- To communicate essentials: account and service emails (we don't send marketing emails without consent).
4. Where your data lives, and who can see it
Your data is stored on Innovaiden-managed infrastructure on Amazon Web Services (US regions), in private databases and private storage buckets with no public access. Photos and audio are served only through short-lived signed links generated for authenticated members of your tree.
Within your family: members of your tree can see the tree content according to the access the owner grants (full tree or a branch). The tree owner controls membership, invitations, and approvals.
Service providers: we use AWS (hosting, storage, transcription, and AI inference via Amazon Bedrock) and Apple (sign-in, purchases, notifications). These providers process data only to provide their services to us.
No sale, no ads, no data brokers. We disclose personal information only if required by law, or to protect the safety and rights of users and the service.
5. Adding other people to your tree (important)
A family tree naturally describes people other than the person typing — parents, grandparents, cousins, children. If you add information about relatives:
- Only your tree's members can see it. It is never public and never searchable by other Roots users.
- You are responsible for having an appropriate basis to add it (in most family-history contexts this is your family's shared legitimate interest in documenting its own history).
- Any relative documented in a tree may contact us (or the tree owner) to request correction or removal of information about them, and we will honor verified requests.
- Recordings: obtain the speaker's permission before recording a conversation. Some places require the consent of everyone being recorded.
Children. Roots accounts are for adults (16+ in the EU/EEA/UK, 13+ elsewhere). Information about children may be added to a tree by adult family members, under the responsibility of the tree's owner; it stays private to the tree and can be removed at any time.
6. Your rights — everyone
- Access & portability: export your entire tree at any time as a standard GEDCOM file — free, on every plan (Settings → Your Data).
- Correction: edit any content you have access to in the app.
- Deletion: delete your account in the app (Settings → Delete Account). If you own the tree, this permanently deletes the tree and all its content — people, relationships, photos, stories, and recordings. Deletion is immediate in the app and completed in our systems and backups within 30 days.
7. Your rights — EU/EEA/UK (GDPR)
If you are in the EU, EEA, or UK, Innovaiden, Inc. is the data controller. Our legal bases are: performance of a contract (running Roots for you), legitimate interests (security, abuse prevention, and your family's documentation of its own history), and consent where required (e.g., recordings). You additionally have the rights to restrict or object to processing, the right to withdraw consent at any time, and the right to lodge a complaint with your supervisory authority. International transfers from the EU to the US are protected by Standard Contractual Clauses and equivalent safeguards through our providers. Contact admin@innovaiden.com to exercise any right; we respond within 30 days.
8. Your rights — United States
Depending on your state (including California, Colorado, Connecticut, Virginia, Utah and others), you may have rights to know, access, correct, delete, and obtain a portable copy of your personal information, and to opt out of "sales" or "sharing" of personal information. We do not sell or share personal information as defined by these laws, and we do not use sensitive personal information for anything beyond providing Roots. We honor verified requests at admin@innovaiden.com and do not discriminate against you for exercising your rights.
9. Retention
We keep your data while your account is active. Audio recordings and transcripts are retained so you can revisit them, and are deleted with the associated tree or on request. Deleted accounts/trees are purged from live systems immediately and from backups within 30 days. Purchase records are retained as required for accounting.
10. Security
Data in transit is encrypted (TLS). Databases and storage are in private networks with no public endpoints; photo and audio access requires short-lived signed URLs issued only to authenticated members. Access to production systems is limited and audited. Purchases are verified cryptographically with Apple. No method of storage is 100% secure, but private-by-design is the architecture, not an afterthought.
11. Changes to this policy
We will post any changes here with a new effective date, and for material changes we'll notify you in the app or by email. Continued use after changes take effect means you accept the updated policy.
12. Contact
Innovaiden, Inc. — admin@innovaiden.com
For privacy requests, include the email associated with your account. A relative who is documented in a tree but has no account may also contact us to request correction or removal.