Four commitments we never compromise on.
Encrypted in transit and at rest. Stored in isolated per-farm buckets. Never shared with third parties.
Your files never train any public or private model. We use Anthropic's API with zero data retention — Anthropic itself does not train on API requests.
One click in the dashboard hard-deletes the file. Storage blobs are physically removed after a 30-second undo window — not soft-deleted.
Built to meet South African POPIA and European GDPR standards from day one. Full data export on request, audit trail on every access.
What we store and how we protect it.
What happens to my files when I upload them?
Your files are uploaded over an encrypted HTTPS connection and stored in a private Supabase Storage bucket. Each farm has its own isolated bucket — no other RootCheck farm can access your files. Files are encrypted at rest using AES-256. We read them only during analysis and do not cache file contents beyond what’s needed to run the scoring engine.
What can other farms see about me?
Nothing. Every farm is row-level-security-isolated in the database — your user ID is the key. No other RootCheck user can query your farm, your files, your classifications, or your reports. Full stop. This is enforced at the database schema level, not as an application-layer policy.
What data do you collect beyond my uploaded files?
We collect your email address and the farm details you enter (name, region, season). We log analysis runs and report generation events for your audit trail. We store your credit balance and transaction history. We do not collect payment card details — card processing is handled by a PCI-compliant third party and we never see your card number.
Will you use my files to train AI?
Does RootCheck train on my farm data?
No. Never.We use Anthropic’s Claude API with zero data retention enabled — Anthropic itself contractually does not train on API requests made under this policy. On our side, files are stored in your private bucket, encrypted at rest, and never fed back into any model — our own or anyone else’s — for training purposes. This is a hard architectural constraint, not just a promise.
Does the AI see my raw file contents?
Yes, during analysis only. Our classifier and scoring engine pass relevant extracted content from your files to the AI model in order to evaluate certification rules. This is the core product function. The content is processed in a stateless API call — it is not stored by the model provider and is not retained beyond the analysis session.
What is "anonymised cross-farm learning"?
How does anonymous learning work, and what's excluded?
We learn patterns like “in Stellenbosch, 60% of farms are missing carbon footprint evidence on their first run”. This helps us improve the classifier and give better suggestions to all farms. The aggregate pattern table has no farm ID, no user ID, no file ID, and no file contents. POPIA compliance is a schema invariant — a farm identifier cannot be stored in this table by design, not by policy.
| What’s in the aggregate | Included? |
|---|---|
| Region + cert scheme + rule code | Yes |
| Pass / partial / fail distribution | Yes |
| File type classification accuracy | Yes |
| Farm ID or user ID | Never |
| Farm name or estate name | Never |
| File names or file contents | Never |
| Any personally identifiable information | Never |
Inside DataRoot AI — who has access?
Can DataRoot AI engineers read my files?
For bug debugging only, and only with your written consent. Service-role database access is audited. We never read your files for curiosity or research. Access requests require a written record of the reason, the scope, and explicit approval from the farm owner.
Do you share data with third parties?
We use a small number of sub-processors to operate the platform: Supabase (database and storage), Anthropic (AI analysis via API with zero data retention), and a PCI-compliant payment processor. We share only what each processor needs to perform their function, under data processing agreements. We do not sell data, and we do not share data with certification bodies, auditors, or any other third party without your explicit instruction.
Physical data location.
Where is my data physically stored?
All farm data is stored in the Supabase EU-West (Ireland) region. When we expand to France, Spain, and Italy, we can offer regional data pinning on request — our schema is country-aware from the ground up, so farm data routing is already built in. South African farms are also stored in the EU-West region by default; a ZA-region option is on the roadmap.
Deleting your data — what actually happens.
How do I delete a file?
Click delete in the dashboard. You get a 30-second undo toast. After that, the storage blob is physically removed from the bucket and the database row is marked for the 30-day audit window, then hard-deleted. This is not a soft-delete — the file contents are gone and cannot be recovered by us or anyone else.
What happens if I close my account?
Everything is deleted in one cascading database transaction: your farm record, every file, every analysis run, every report. Anonymised aggregate learning patterns (no farm ID, no identifiers) remain in the aggregate table — this is the POPIA-compliant design described above. If you want confirmation that deletion is complete, contact us and we’ll provide a written acknowledgement within 5 business days.
Regulatory alignment.
Is RootCheck compliant with POPIA?
We’ve built the platform to meet South Africa’s Protection of Personal Information Act (POPIA) requirements: lawful processing, purpose limitation, data minimisation, data subject rights (access, correction, deletion), and breach notification obligations. Our data processing is limited to what’s necessary to deliver the certification analysis service you signed up for.
What about GDPR for European farms?
Our EU-West (Ireland) data hosting and sub-processor agreements are structured to meet GDPR requirements. When we launch in France, Spain, and Italy, European farms will be onboarded under GDPR-compliant terms. You can request a full data export at any time.