Privacy Policy

1.1 Information You Provide

• Email address — when you join our waitlist, sign up, or contact us
• Name — when you create an account
• n8n server URL — the address of your automation server
• n8n API key — stored encrypted at rest using AES-256-GCM
• Alert preferences — Slack webhook URL, notification settings
• Payment information — handled entirely by Lemon Squeezy; we never store card numbers

1.2 Information Collected Automatically

• IP address and approximate geographic location (country/region level only)
• Browser type and operating system
• Pages visited and time spent on the Service
• Workflow execution metadata: names, statuses, error types, timestamps

1.3 What We Do NOT Collect

• We do not collect or store the payload data inside your n8n workflows
• We do not access the data your workflows process (customer data, orders, etc.)
• We do not sell your personal data to any third party
• We do not run advertising on this platform

• To provide and operate the Rootbrief monitoring service
• To send failure alerts and digest notifications you have configured
• To generate AI-powered workflow summaries (Pro plan only)
• To send service-related emails (billing receipts, account notices)
• To send waitlist updates and product announcements (you may unsubscribe anytime)
• To diagnose technical issues and improve the Service
• To comply with legal obligations

We share your data only with the following service providers necessary to operate Rootbrief:

We do not sell, rent, or trade your personal information to any other parties.

We implement the following security measures:

• n8n API keys are encrypted at rest using AES-256-GCM before storage
• Passwords are hashed using bcrypt and never stored in plain text
• All data in transit is protected by HTTPS/TLS encryption
• Database access is restricted and logged
• We conduct periodic security reviews

While we take reasonable precautions, no system is 100% secure. Please use a strong, unique password and enable two-factor authentication where available.

• Account data: Retained while your account is active
• Workflow execution history: Lite — 7 days; Pro — 30 days
• Alert logs: 90 days
• After account deletion: All personal data deleted within 30 days
• Billing records: Retained as required by applicable tax and financial regulations

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the data we hold about you
• Correction: Request that inaccurate data be corrected
• Deletion: Request deletion of your account and associated data
• Portability: Receive your data in a machine-readable format
• Opt-out: Unsubscribe from marketing emails at any time
• Objection: Object to certain types of data processing

To exercise any right, email us at privacy@rootbrief.app. We will respond within 30 days.

Rootbrief uses minimal cookies:

• Session cookie: Keeps you logged in; expires when your session ends or after 30 days
• Preference cookie: Remembers your dashboard settings

We do not use third-party advertising cookies or tracking pixels.

Rootbrief is operated internationally. Your data may be processed in the United States and European Union. When we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.

Rootbrief is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify registered users by email at least 14 days before material changes take effect. The "Last updated" date at the top reflects the most recent version.

For privacy questions: privacy@rootbrief.app

For general inquiries: hello@rootbrief.app