RootedRooted
HomeAboutDiscoverPricingCompetition
Log inApply to join
RootedRooted
Apply
Rooted
HomeDiscoverPricingAboutTerms of UsePrivacy PolicyCancellation
© 2026 Rooted. All rights reserved.
HomeDiscover
ApplyAccount
← Legal

Privacy Policy

Last updated: 25 April 2026

2.1 Who we are

This Privacy Policy explains how Exit Operation Ltd (trading as Rooted) collects, uses, and protects your personal data when you use our Platform.

  • Company: Exit Operation Ltd
  • Companies House: 16595899
  • Registered office: 72b Osbaldeston Road, London N16 7DR
  • Data protection contact: support@rootedapp.co.uk
  • ICO registration: [to be inserted, ICO registration in progress]

We are the data controller for your personal information. If you have any questions about how your data is handled, please email support@rootedapp.co.uk.

2.2 What data we collect

When you sign up: name, email address, password (stored securely hashed, never in plain text).

When you apply as a stylist: name, email, phone, business name, Instagram and TikTok handles, borough and area of operation, services offered, pricing, portfolio photos, your working address if you offer mobile bookings.

When you book a service: name, email, phone, payment details (handled by Stripe, we do not store card numbers), your address if booking a mobile service.

When you use the Platform: device type, browser, IP address, pages viewed, and interactions with the Platform. We use Google Analytics to understand how the Platform is used. We use cookies (see our Cookie Policy).

When you contact us: any information you choose to share in your message.

2.3 How we use your data

We use your data to:

  • Create and manage your account
  • Enable bookings, payments and communication between customers and stylists
  • Calculate travel fees for mobile bookings
  • Send transactional emails (booking confirmations, reminders, receipts, cancellations)
  • Send platform announcements and updates (you can opt out at any time)
  • Investigate and resolve disputes
  • Prevent fraud, abuse and other illegal activity
  • Improve the Platform based on how it's used
  • Meet our legal and regulatory obligations

2.4 Legal basis for processing

We rely on the following legal bases under UK GDPR:

  • Contract: processing necessary to provide our services to you
  • Legitimate interests: improving the Platform, fraud prevention, marketing to existing users
  • Consent: for optional cookies, marketing to people who haven't used the Platform yet
  • Legal obligation: tax records, responding to law enforcement requests

2.5 Who we share your data with

We share your data with:

  • Stylists you book with. They see your name, contact details, your address if relevant, and any notes you add to the booking.
  • Customers who book you (if you're a stylist). They see what's on your public profile, plus any service-specific communication.
  • Stripe. Our payment processor. Handles card details, payouts, and refunds. Stripe's privacy policy applies to data they hold: https://stripe.com/privacy
  • Supabase. Our database and authentication provider.
  • Resend. Sends transactional emails on our behalf.
  • Vercel. Hosts the Platform.
  • Google. For Google Maps (travel fee calculation), Google OAuth login (if you use it), and Google Analytics.

We do not sell your personal data to third parties.

2.6 International data transfers

Some of our service providers (including Stripe, Supabase, Vercel, Resend, and Google) may process data outside the UK, primarily in the United States and the European Union. When this happens, we rely on the UK's adequacy decisions or appropriate safeguards (such as Standard Contractual Clauses) to protect your data.

2.7 How long we keep your data

  • Account data: for as long as your account is active. After you close your account, we delete or anonymise your personal data within 90 days, except where we need to keep it to meet legal obligations (for example, tax records kept for 6 years).
  • Booking data: retained for 6 years for tax and dispute resolution purposes.
  • Payment records: retained for 6 years as required by HMRC.
  • Support emails: retained for 3 years.

2.8 Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct any inaccurate data
  • Delete your data (subject to our retention obligations)
  • Restrict how we use your data
  • Object to certain uses of your data
  • Portability: get a copy of your data in a machine-readable format
  • Withdraw consent where we rely on consent
  • Complain to the ICO at https://ico.org.uk or by calling 0303 123 1113

To exercise any of these rights, email support@rootedapp.co.uk. We will respond within one month.

2.9 Keeping your data safe

We take security seriously. We use:

  • Encrypted connections (HTTPS) for all Platform traffic
  • Hashed passwords (never stored in plain text)
  • Access controls so only authorised staff can see personal data
  • Stripe for payment processing so we never store card numbers
  • Row-level security on our database so users can only access their own data

If we ever become aware of a data breach that affects your data, we will notify you and the ICO within 72 hours as required.

2.10 Cookies

See our Cookie Policy at /legal/cookies for details.

2.11 Children

The Platform is for adults aged 18 and over only. We do not knowingly collect personal data from anyone under 18. If you believe a child has given us their data, contact us immediately at support@rootedapp.co.uk and we will delete it.

2.12 Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on the Platform with an updated "Last updated" date. Material changes will also be emailed to active users.

2.13 Contact

Questions or concerns about privacy can be sent to support@rootedapp.co.uk. If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF