Privacy Policy
Last updated: April 6, 2026
1. Information We Collect
Account data: Email address, name, and authentication credentials (stored securely by Supabase Auth).
Family data: Names, dates, places, photos, stories, and other genealogical information you provide.
Usage data: Page views, feature usage, and error logs for improving the Service.
2. How We Use Your Data
We use your data solely to provide and improve the Service. We do not sell your personal information. Family data is used only to render your tree and related features.
3. AI Features
When you use AI features (chat, legacy letter, family report), your family data is sent to Anthropic's Claude API for processing. This data is not stored by Anthropic beyond the request.
4. Data Storage
Data is stored in Supabase (hosted on AWS) with Row Level Security. Photos and documents are stored in Supabase Storage. All data is encrypted at rest and in transit.
5. Data Sharing
We share data only with: Supabase (database), Stripe (billing), Anthropic (AI features), and Vercel (hosting). We do not share data with advertisers or data brokers.
6. Public Trees
If you make your tree public, anyone with the link can view your family data. Health records and private notes are never included in public views.
7. Data Export and Deletion
You can export all your data at any time via JSON, CSV, or GEDCOM. You can delete your account and all associated data permanently through Account Settings.
8. Children's Privacy
Family Roots Center is not directed at children under 13. We do not knowingly collect data from children. Family trees may contain information about minors entered by adult family members.
9. Cookies
We use essential cookies for authentication. We do not use tracking cookies or third-party advertising cookies.
10. Contact
For privacy questions or data requests, contact us through the app.
11. Request Removal of a Living Person
If you are a living person who appears in someone else's family tree on Family Roots Center and want your information removed, submit the form below. You do not need an account. We will review and respond within 30 days, as required by GDPR Article 17 (right to erasure).