ReRooted

Privacy Policy

Last updated: 28 February 2026

ReRooted ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our visa application tracking service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address (for authentication and communication)
  • Name (for personalization)
  • Password (stored securely using industry-standard hashing)
  • Profile image URL (if signing in with a social provider)

If you sign in using a social provider such as Google or Facebook, that provider shares your email address, name, and profile image with ReRooted. The provider's own privacy policy governs how they handle your data.

1.2 Application Tracking Data

When you use our service, we collect:

  • Application labels (user-defined names for your applications)
  • Application status (workflow status such as "In Progress" or "Submitted")
  • Relationship milestone dates (e.g., when your relationship started, cohabitation began)
  • Application milestone dates (e.g., lodgement date, grant date)
  • Requirement completion statuses
  • Structured prompt responses (limited to 1,000 characters per response)
  • Applicant and sponsor nationality (optional)

1.3 Information We Do NOT Collect

We are committed to data minimization. We explicitly do not collect:

  • Passport numbers
  • Full dates of birth
  • Physical addresses
  • Document numbers or identification numbers
  • Private message transcripts
  • Free-form personal notes (we use structured prompts instead)

Our structured prompt system includes warnings reminding you not to enter sensitive information such as passport numbers or private messages.

1.4 Automatically Collected Information

When you use our service, we automatically collect certain technical information for security and operational purposes:

  • IP address (stored per session for security auditing)
  • User-Agent and browser information (stored per session)

This information is used for security auditing, abuse prevention, and rate limiting. It is associated with your session and retained in accordance with our data retention policy.

1.5 Subscription & Billing Data

If you subscribe to a paid plan, we store:

  • Subscription status (e.g., active, trialing, cancelled)
  • Trial end date (if applicable)
  • Current billing period start and end dates

We do not store your credit card details. All payment information is handled entirely by Stripe, our payment processor. See Section 7 for more information.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our visa application tracking service
  • Enable you to track your progress against visa requirements
  • Calculate and display your application completion progress
  • Authenticate your account and maintain your session
  • Process your subscription and billing (if applicable)
  • Send important service-related communications

3. Data Storage and Security

Your data is stored securely using industry-standard practices:

  • All data is transmitted using HTTPS encryption
  • Passwords are hashed using secure algorithms (never stored in plain text)
  • Session cookies use HttpOnly, Secure, and SameSite=Lax attributes
  • Access to data is restricted to authorized personnel only

4. Data Retention

  • Active accounts: Your data is retained for as long as your account is active.
  • Deleted accounts: When you delete your account, all your personal data is immediately and permanently deleted (cascade deletion).
  • System logs: Technical logs are retained for 30 days for security and debugging purposes, then automatically deleted.

5. Your Rights

You have the right to:

  • Access your data: View all information we hold about you through your account.
  • Delete your account: Permanently delete your account and all associated data at any time from your account settings. For step-by-step instructions, see our Data Deletion page.
  • Update your information: Modify your account details and application data.
  • Request your data: You may request a copy of your personal data in a portable format. Automated data export is planned for a future release; in the meantime, contact us to request a manual export.

6. Cookies

We use essential cookies for authentication and session management. For more details, please see our Cookie Policy.

7. Third-Party Services

We use the following third-party services:

  • Stripe:For payment processing. Stripe's privacy policy applies to payment data. We do not store your credit card information.
  • Google & Facebook: For social sign-in (OAuth authentication). If you choose to sign in with Google or Facebook, your email address, name, and profile image are shared with us by the provider. Their respective privacy policies govern how they handle your data.
  • Resend: For transactional email delivery. Your email address is shared with Resend to deliver password reset emails, verification emails, and other service-related communications.
  • Hosting & infrastructure providers: Our service is hosted on secure cloud infrastructure in Australia and internationally. This includes database hosting, session management infrastructure (e.g., Redis for CSRF token storage), and content delivery networks.

8. International Data Transfers

Some of our third-party service providers (including hosting, email delivery, and payment processing) may process your data outside of Australia. Where your data is transferred internationally, we take reasonable steps to ensure that the recipient handles your personal information in accordance with the Australian Privacy Principles (APP 8) and that adequate protections are in place.

We encourage you to review the privacy policies of our third-party providers listed in Section 7 for details on their data handling and transfer practices.

9. Children's Privacy

ReRooted is intended for users aged 18 and over, consistent with our Terms of Service. We do not knowingly collect personal information from children under 18 years of age. If you believe a child under 18 has provided us with personal information, please contact us and we will promptly delete it.

10. Australian Privacy Principles

ReRooted is designed with the Australian Privacy Principles (APPs) in mind. We are committed to:

  • Collecting only the minimum data necessary for our service
  • Using data only for the purpose it was collected
  • Maintaining appropriate security measures
  • Providing transparency about our data practices
  • Giving you control over your personal information

11. Automated Decision-Making

ReRooted does not use automated decision-making or profiling that produces legal or similarly significant effects. All visa application tracking and progress calculations are based on information you provide and are entirely user-directed.

12. Data Breaches

In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us through our support channels.

Note: ReRooted provides general information to help you organize your visa application. It is not legal advice. For official information about Australian visas, please refer to the Department of Home Affairs.