Last updated: May 2026 · Olive Root Tech LLC · Washington, DC
Plain English summary: We store your organization's data to run the platform. We never sell it. We never share it with other organizations. You own your data and can export or delete it at any time. Child records are protected under FERPA and handled accordingly.
Who we are
Rooted OS is operated by Olive Root Tech LLC, a Washington DC-based company. Our platform serves Black-led childcare centers, churches, and special education programs in the DC/MD/VA region and beyond.
Power assistant responses scoped to your organization's data only
Process billing through Stripe
FERPA compliance
Rooted OS handles student educational records as a "school official" under FERPA (Family Educational Rights and Privacy Act). This means:
Child and student records are accessible only to authorized staff within your organization
Records are never shared with other organizations or third parties without explicit consent
Parents and guardians have the right to access their child's records — use the Parent Portal or contact your organization's director
We maintain records for 7 years per FERPA requirements, then anonymize them
Row-level database security ensures records from one org cannot be accessed by another
Data sharing
We do not sell your data. We share data only with:
Stripe — payment processing only
Twilio — SMS delivery for Roll Call and alerts
SendGrid — transactional email delivery
Anthropic — assistant features (your org's context only; not used to train models)
Cloudflare R2 — document storage
All third-party services are governed by data processing agreements and are prohibited from using your data for any other purpose.
Data security
All data transmitted over HTTPS/TLS
Row-level security enforced at the database layer — organizations cannot access each other's data
Staff access is role-scoped — teachers see only their org; directors see their org only
JWT tokens expire after 1 hour; refresh tokens after 7 days
Admin accounts require MFA
Automated backups run daily; test restores quarterly
Your rights
You have the right to:
Export: Download all your org's data at any time via the director dashboard → Reports → Export
Delete: Request complete data deletion by emailing privacy@oliveroottech.com. We complete deletion within 30 days
Correct: Update any incorrect information through the dashboard
Portability: Receive your data in standard CSV/JSON format
CPRA (California) / GDPR (EU): These rights apply if you or your staff are located in California or the EU. Contact us to exercise them
Data retention
Child/student educational records: 7 years (FERPA requirement), then anonymized
Staff records: retained while account is active, deleted 90 days after account termination
Billing records: 7 years (tax compliance)
Assistant query logs: 90 days
Audit logs: 3 years
Cookies and tracking
We use a session cookie (JWT stored in localStorage) for authentication only. We do not use tracking cookies, ad cookies, or cross-site tracking. We do not use Google Analytics or any third-party analytics that sends data off-platform.
Children's privacy
We are aware that our platform stores records about children under 13. This data is submitted by licensed childcare providers and educational institutions, not by children or parents directly. All child records are protected under FERPA and handled per the terms in this policy.
Changes to this policy
We will notify all organization directors by email at least 30 days before any material changes to this policy. The updated date at the top of this page reflects the most recent version.