RootRx
Start free trialSign In

Privacy Policy

Last updated: May 31, 2026

1. Scope and Role of This Policy

This Privacy Policy describes how RootRx ("RootRx," "we," "our," or "us") collects, uses, discloses, and protects personal information through the RootRx web application, related APIs, and services (collectively, the "Services").

RootRx is practice-management and workflow software for clinics and practitioners. Depending on how the Services are used, RootRx may act as a "service provider" or "processor" to a clinic (the "Organization"), and the Organization may be the party that determines why and how patient data is processed.

2. Information We Collect

We may collect the following categories of information:

  • Account and profile data, such as name, email address, role, organization affiliation, and login credentials.
  • Operational data entered into the platform, such as scheduling, inventory, order, charting, formula, and related workflow information.
  • Patient-related information provided by clinics and practitioners, which may include health-related or treatment-related details.
  • Billing and subscription data, including plan selection, invoice metadata, and payment-provider status updates.
  • Device and usage data, such as log entries, timestamps, IP address, browser type, feature usage, and security events.
  • Communications data when you contact support, submit requests, or participate in implementation, onboarding, or account management communications.

3. Sources of Information

We obtain information directly and indirectly from:

  • Users who create or manage accounts and records in the Services.
  • Organizations that provide workforce and patient information.
  • Integrations and service providers, such as payment processors and infrastructure providers.
  • Automatically collected technical logs and security telemetry.

4. How We Use Information

We use information to:

  • Provide, maintain, and improve the Services.
  • Authenticate users, enforce permissions, and secure accounts.
  • Support clinic operations, patient workflow, and record access management.
  • Process subscriptions, billing events, and plan changes.
  • Detect, investigate, and prevent fraud, abuse, and unauthorized access.
  • Comply with legal obligations and respond to lawful requests.
  • Communicate transactional, service, and support-related notices.

5. Legal Bases (Where Applicable)

Depending on jurisdiction, we process information based on one or more legal grounds, including contract performance, legitimate interests, legal obligations, and consent where required.

6. Healthcare and HIPAA Context

RootRx may process health-related data on behalf of Organizations. Where RootRx is a business associate or similar service provider, data handling is additionally governed by customer agreements, including Business Associate Agreements (when applicable).

RootRx does not provide medical advice and does not replace licensed clinical judgment. Patients should contact their healthcare professional for medical decisions.

7. Cookies and Similar Technologies

We use essential cookies and related session technologies to support authentication, account security, and core product functionality. We may also use limited telemetry necessary for performance, reliability, and abuse prevention.

We do not use personal data for third-party behavioral advertising through the Services.

8. Disclosure of Information

We may disclose information to:

  • Organizations and authorized users under their account controls.
  • Service providers and subprocessors that assist with hosting, security, support, and billing.
  • Advisors and auditors under confidentiality obligations.
  • Authorities or counterparties when legally required or to protect rights and safety.
  • Successors in connection with a merger, financing, or asset transaction.

We do not sell personal information for monetary consideration.

9. Data Retention

We retain information for as long as necessary to provide the Services, satisfy contractual and legal obligations, resolve disputes, and enforce agreements. Retention periods may vary by data type, customer settings, legal requirements, and archival policies.

10. Security Measures

We implement administrative, technical, and organizational safeguards designed to protect information. Examples may include encryption in transit, access controls, role-based permissions, authentication safeguards, and logging for security and auditing. No method of transmission or storage is completely secure, and absolute security cannot be guaranteed.

11. International Data Transfers

If data is transferred across borders, we use appropriate safeguards required by applicable law, including contractual protections and equivalent transfer mechanisms where necessary.

12. Your Privacy Rights

Depending on your location and role, you may have rights to:

  • Access, correct, or delete personal information.
  • Request restriction or object to certain processing.
  • Request portability of certain data.
  • Withdraw consent where processing is consent-based.
  • Appeal certain privacy request decisions.

If your data was submitted through a clinic or Organization account, contacting that Organization may be the fastest way to process your request.

13. Children's Privacy

The Services are intended for professional and healthcare operations and are not directed to children under 13 for direct consumer use. If you believe information has been provided inappropriately, contact us so we can investigate and take appropriate action.

14. Changes to This Policy

We may update this Privacy Policy periodically. We will post the revised version and update the "Last updated" date. Material changes may also be communicated through the Services or by account notice.

15. Contact Information

For privacy questions or requests, contact your clinic administrator and/or RootRx at:
Email: support@rootrx.org

If you are in a jurisdiction that provides a right to lodge a complaint with a supervisory authority, you may also contact that authority.