RootedIQ Health IntelligenceLogin
Legal

Privacy Policy

Last Updated: April 21, 2026

This Privacy Policy describes how Metabolic Terrain Omics, Inc., including its product offering, RootedIQ, and its corporate affiliates (collectively, "RootedIQ," "we," "us," or "our") process personal information that we collect or otherwise generate through our digital or online properties or services that link to this Privacy Policy (including as applicable, our website, mobile applications, social media pages) as well as our marketing activities, live events and other activities described in this Privacy Policy (collectively, the "Service").

RootedIQ may process personal information relating to your past, present, or future physical or mental health status, including information that may qualify as "consumer health data" under applicable U.S. state laws ("Consumer Health Data"). Where applicable, our Consumer Health Data Privacy Policy supplements this Privacy Policy.

This Privacy Policy does not apply to personal information that we process on behalf of our enterprise customers while providing RootedIQ services to them.

Guiding Privacy Principles

RootedIQ was built for families, including our own. Protecting your privacy is fundamental to how we operate.

We use de-identified and aggregated data to improve health insights, identify patterns across populations, and advance research, while maintaining the privacy and confidentiality of individual users.

Although RootedIQ and its affiliates may act as a "business associate" under HIPAA, HIPAA does not apply to all personal information we process. Regardless of applicability, we implement safeguards designed to protect your information.

Your identity is not for sale. RootedIQ does not sell your individually identifiable personal or health information to third parties. We do not disclose such information to third parties for their independent marketing or commercial purposes without your explicit authorization.

We minimize collection and retention. We collect only the personal information reasonably necessary to provide our Services and retain it only as long as required to fulfill legitimate business or legal purposes.

We limit disclosure of health data. When necessary to deliver Services, we may share information with laboratory and healthcare partners. We limit how such partners may use your personal information.

Personal Information We Collect

Depending on how you interact with the Service, the personal information you may provide to us through the Service or that we generate about you may include:

  • Contact data, such as your name, salutation, email, billing/mailing addresses, and phone number.
  • Demographic data, such as city, state, country, postal code, age, date of birth, gender or gender identity, racial or ethnic identity, assigned sex at birth, and sexual orientation.
  • Account data, such as username and password, biographical details, photograph, social profile links, preferences.
  • Service-eligibility data, if you access the Service via an enterprise customer benefit.
  • Health-related data, such as mental or physical history, conditions and diagnoses, treatments, medications, medical images, biomarkers, lab samples, lab results, clinical notes, wearable/IoT data, and other physical or mental health information.
  • Genetic data from lab tests that produce inherited-characteristic information.
  • Audiovisual recording data, such as video and audio recordings.
  • Transactional data, such as order numbers and transaction history.
  • Communications data from our exchanges with you.
  • Relationship data, such as familial or other relationship to third parties whose info you provide.
  • Payment data needed to complete transactions.
  • Marketing data, including preferences and engagement.
  • User-generated content data, with associated metadata.
  • Derived data, including inferences we derive about you.

Information from Third-Party Sources

We may combine information you provide with information from public sources, private data providers, linked third-party services (e.g., Google, Apple), linked wearable/IoT devices, lab and provider partners, enterprise customers, corporate affiliates, marketing partners, service providers, third parties you designate, and business transaction partners.

Automatic Data Collection

We, our service providers, and our business partners may automatically log:

  • Device data (OS, manufacturer, browser, screen resolution, IP, identifiers, language, network info, general location).
  • Precise geolocation data when you authorize our mobile app to access location.
  • Online activity data (pages/screens viewed, navigation paths, access times, email opens/clicks).
  • Communication interaction data via pixel tags / clear GIFs.

We use cookies, local storage (HTML5), web beacons, and chat technologies to facilitate this collection.

How We Use Personal Information

Certain uses of your health-related information, including personalized recommendations and research use, are governed by separate authorizations that you may choose to provide. We only use your information for those purposes where you have provided the applicable authorization.

We may use your personal information to:

  • Provide, operate and improve the Service and our business
  • Personalize the Service
  • Establish and maintain your user profile
  • Enable security features (security codes, device recognition)
  • Communicate Service-related announcements, updates, alerts, support and admin messages
  • Communicate about events or contests
  • Understand your needs and interests
  • Provide support and respond to feedback

Insights and development. We may use de-identified and aggregated data for research, analytics, and development. Where required by law, we rely on user authorization before using health-related data for research purposes.

Marketing and advertising. We may send you direct marketing (which you may opt out of). Our third-party advertising partners may use cookies for interest-based advertising. We do not use health-related information or genetic data for interest-based advertising.

Testimonials, promotions, contests, service improvement, compliance and protection. As described and as legally permitted.

De-identified / aggregated data. We may create aggregated, de-identified, and/or anonymized data and share it for lawful business purposes, including research.

How We Share Personal Information

We may share your personal information with:

  • Affiliates — corporate subsidiaries and affiliates.
  • Service providers — hosting, IT, customer support, email delivery, marketing, analytics.
  • Payment processors — e.g., Stripe.
  • Research partners — only de-identified and aggregated data; individually identifiable health data is shared only with explicit authorization.
  • Advertising partners — never with health-related or genetic data.
  • Lab and provider partners — as necessary to provide Services.
  • Enterprise customers — limited info only; no health-related or genetic data.
  • Third parties designated by you.
  • Business and marketing partners for joint offerings.
  • Linked third-party services or devices (Google, wearables, IoT).
  • Professional advisors (lawyers, auditors, bankers, insurers).
  • Authorities and others, where necessary for compliance or protection.
  • Business transferees in M&A or similar transactions.
  • Other users and the public, for content you make public.

GDPR Privacy Notice Supplement (EU / EEA / UK Users)

If you are located in the EEA, UK, or Switzerland, your personal data is processed in accordance with the GDPR and applicable local data protection laws.

  • RootedIQ is the Data Controller for personal data collected directly from subscribers and website users.
  • Where we process patient data on behalf of healthcare providers or institutional clients, we act as a Data Processor under Article 28 GDPR.

Categories of Personal Data Collected: Identity & Contact Data, Account & Subscription Data, Health Data (Special Category Data under Article 9 GDPR), Technical & Usage Data.

Legal Bases for Processing:

  • Contractual Necessity (Art. 6(1)(b))
  • Legal Obligation (Art. 6(1)(c))
  • Legitimate Interests (Art. 6(1)(f))
  • Explicit Consent (Art. 6(1)(a) and Art. 9(2)(a)) for special category health data, or Art. 9(2)(h) for healthcare provision.

Special Category Health Data safeguards: Encryption in transit and at rest, role-based access controls, MFA, audit logging, data minimization, strict confidentiality obligations.

Data Retention. We retain personal data only for as long as necessary to fulfill purposes, comply with legal obligations, resolve disputes, and enforce agreements. Medical records are retained per applicable healthcare regulations.

Data Sharing and Processors. All third-party processors are bound by Data Processing Agreements (DPAs) compliant with Article 28 GDPR. We do not sell personal data.

International Transfers. We rely on Standard Contractual Clauses (SCCs), UK IDTA where applicable, and adequacy decisions.

Your GDPR Rights (Articles 15–22): Access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and freedom from automated decision-making/profiling. Email privacy@RootedIQ.ai. We respond within one month.

Supervisory Authority. You may lodge a complaint with your local DPA (or the UK ICO).

Security Measures (Art. 32). We notify supervisory authorities within 72 hours of qualifying breaches.

Children's Data (GDPR). Services are not directed to children under 16 in the EEA unless under a healthcare professional's direction with appropriate consent.

California Privacy Notice (CCPA/CPRA)

Categories collected (last 12 months): Identifiers; customer records; commercial information; internet/network activity; geolocation data; sensitive personal information (including health and genetic data).

Sale or Sharing. We do not sell personal information for monetary compensation. Some analytics/advertising technologies may constitute "sharing" under California law. We do not use health-related or genetic data for interest-based advertising.

Your rights: know, delete, correct, opt out of sale/sharing, limit use of sensitive personal information, and non-discrimination. Contact privacy@RootedIQ.ai.

Children's Privacy

We do not knowingly collect personal information directly from children under 13 without verifiable parental consent (COPPA).

For lab testing or health services requested for a minor, the parent/legal guardian must provide required information and represent legal authority to consent. We may collect: name, date of birth, contact information, health/lab data, and parent/guardian contact information.

Parents may review, correct, request deletion (subject to legal retention), or withdraw consent for future processing. Email privacy@RootedIQ.ai.

We do not knowingly sell or share personal information of minors for advertising purposes.

Your Choices

  • Access or update account information by logging in.
  • Opt out of marketing emails via unsubscribe or by contacting us. Reply STOP for SMS.
  • Cookies — manage in browser settings.
  • Advertising choices — browser, plug-in, and platform settings.
  • Do Not Track — we currently do not respond to DNT signals.
  • Mobile location data — disable in device settings.
  • Declining to provide information — may limit our ability to provide certain services.
  • Privacy rights — contact privacy@RootedIQ.ai.

Security

We employ technical, organizational, and physical safeguards designed to protect personal information. However, security risk is inherent in all internet and information technologies and we cannot guarantee absolute security.

Data Retention

We generally retain personal information to fulfill the purposes for which we collected it, including legal, accounting, reporting, claims, and fraud-prevention purposes. When no longer needed, we delete, anonymize, or isolate it.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Material changes will be reflected by an updated date and posting on the Service.

Contact Us

Email: privacy@RootedIQ.ai

© 2026 RootedIQ, Inc. All rights reserved.