Roostr Logo

Privacy Policy - Roostr

Last Updated: February 24, 2025

1. Introduction

Roostr Inc. ("we," "our," or "us") operates Roostr (the "Service"), a software application for AI-assisted procurement and quoting. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Service, particularly regarding integration with Google services.

This policy applies to all users of the Service and visitors to our website at https://www.getroostr.com/ and the application at https://app.getroostr.com/.

2. Information We Collect

2.1. Account Information

When you register for our Service, we collect:

  • Your name
  • Your email address

2.2. Email Data

Through our Google integration, we access:

  • Email content from your Gmail account (we read only from your pre-approved whitelist)
  • Email labels
  • Email drafts and sent emails

For Gmail users, we request the following Google scopes:

  • gmail.labels - To see and edit your email labels
  • userinfo.email - To see your primary Google Account email address
  • userinfo.profile - To see your personal info, including publicly available info
  • openid - To associate you with your personal info on Google
  • gmail.send - To send email on your behalf
  • auth/gmail.modify - To read, compose, and send emails from your Gmail account
  • gmail.compose - To manage drafts and send emails

For Microsoft users, we request the following Microsoft scopes:

  • offline_access - To maintain access to your data
  • openid - To authenticate you with Microsoft
  • profile - To read your basic profile information
  • User.Read - To read your profile information
  • Mail.Read - To read your email messages
  • Mail.Read.Shared - To read email from shared folders
  • Mail.ReadWrite - To read and write your email messages
  • Mail.ReadWrite.Shared - To read and write to shared email folders
  • Mail.Send - To send email on your behalf
  • Mail.Send.Shared - To send emails from shared mailboxes

2.3. Usage Data

Currently, we do not collect usage analytics, but we may implement such collection in the future to improve our Service. If we do so, we will update this Privacy Policy accordingly.

3. How We Use Information

We use the information we collect to:

  • Provide and maintain our Service
  • Process email data from your pre-approved whitelist of contacts
  • Structure rate information and store it in a database for easier access
  • Generate draft responses to emails for your approval
  • Authenticate you and provide access to our platform
  • Improve and develop our Service

4. Whitelist Operation and Email Processing

Roostr operates based on a user-defined whitelist system:

  • Only emails from contacts or domains you have pre-approved will be processed by our Service
  • Emails not on the whitelist are ignored and will not be accessed by Roostr
  • Roostr will only send emails to addresses you have specifically approved
  • You maintain control over which email communications Roostr can access and process

5. Data Storage and Retention

  • We store copies of processed emails in our database for future reference and to enable search functionality
  • We retain your data indefinitely to maintain historical records of rates and communications
  • If you terminate your account, you may request deletion of your data (see User Rights section)

6. Information Sharing

We do not sell your personal information. We use third-party service providers to help us deliver our Service:

  • MongoDB for database services
  • Nylas for email processing
  • Vercel for website hosting
  • Wristband for authentication services

These service providers are only permitted to use your information to provide services to us and are required to maintain the confidentiality of your information.

7. Data Security

We implement and maintain reasonable security measures to protect your personal information, including:

  • Multi-tenant authentication with Wristband
  • Protected API routes so information can only be accessed by authenticated users for the appropriate organization
  • Standard industry practices for securing data in transit and at rest

However, no method of transmission over the Internet or electronic storage is 100% secure, so we cannot guarantee absolute security.

8. User Rights

You have the right to:

  • Access the personal information we have about you
  • View and interact with your data through our frontend interface
  • Request correction of inaccurate data
  • Request deletion of all your data by contacting us
  • Revoke access to your Google account through Google's security settings (https://myaccount.google.com/permissions)

9. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information about a child, please contact us so we can remove it.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at:

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.