Skip to main content
CCedroots
Privacy PolicyEULA

Cedar Roots LLC

Privacy Policy

This policy explains how Cedar Roots LLC handles personal data in the Cedroots website, waitlist, account flows, and customer workspaces.

Effective date: April 1, 2026

1. Overview

This Privacy Policy explains how Cedar Roots LLC collects, uses, discloses, and otherwise processes personal data in connection with Cedroots, including the public website, waitlist, authentication flows, customer workspaces, and related support and communications.

Cedroots is designed for intermediary teams that coordinate requests and suppliers on behalf of their own customers. Because of that, Cedroots processes both data Cedar Roots LLC controls directly and operational data submitted by business customers through the platform.

2. Data We Collect

We collect different categories of data depending on how you interact with Cedroots.

  • Site and waitlist data, such as full name, company name, work email, phone number, notes, and source path when you request access or communicate with us.
  • Account and profile data, such as your name, email address, login credentials handled through our authentication providers, profile image, and workspace role information.
  • Workspace operational data, such as customers, suppliers, contacts, orders, notes, communications, purchase orders, attachments, uploaded documents, feedback, screenshots, and related workflow records submitted by customers and users.
  • Integration data, such as Google OAuth account connection details, Gmail message or thread content and metadata, OpenPhone communication data, and similar data made available when a customer connects third-party services.
  • Technical and usage data, such as authentication and session cookies, short-lived signup intent cookies, request metadata, device and browser information, IP-based rate-limit data, logs, and local storage items used for preferences or interface state.

3. How We Use Data

  • Provide, maintain, secure, and improve Cedroots and its business workflows.
  • Authenticate users, maintain sessions, provision workspaces, and enforce account permissions.
  • Process waitlist requests, onboarding communications, support requests, and customer feedback.
  • Sync communications, process uploaded files, and support customer-configured integrations.
  • Monitor performance, troubleshoot incidents, prevent abuse, enforce our terms, and comply with legal obligations.

4. Our Data Roles

Cedar Roots LLC generally acts as the controller for personal data collected through the public website, waitlist, account registration, support, business relationship management, marketing, and direct communications with us.

Cedar Roots LLC generally acts as a processor or service provider for operational data that customers submit to Cedroots through their workspaces, including customer records, supplier records, communications, files, and workflow data processed on the customer's behalf.

If you are an end user accessing Cedroots through your employer or another business customer, that organization may control some of the data Cedroots processes about you in the workspace context.

5. Legal Bases for Processing

Where applicable under international privacy laws, we rely on one or more legal bases to process personal data, including performance of a contract, our legitimate interests in operating and securing Cedroots, your consent where required, and compliance with legal obligations.

6. How We Share Data

  • With infrastructure, hosting, storage, authentication, communications, and workflow service providers that support Cedroots, such as Supabase, Google, Resend, and OpenPhone, subject to appropriate contractual or technical safeguards where applicable.
  • With third-party integrations and connected services at the direction of the customer or authorized user.
  • With professional advisors, auditors, insurers, or counterparties in connection with financing, diligence, or business transactions.
  • When required by law, regulation, subpoena, court order, or other valid legal process, or when reasonably necessary to protect rights, safety, users, customers, or the service.
  • In connection with a merger, acquisition, financing, reorganization, sale of assets, or similar corporate transaction.

7. International Transfers

Cedroots may process and store personal data in the United States and in other jurisdictions where our service providers operate. When personal data is transferred across borders, we use reasonable steps designed to provide appropriate safeguards consistent with applicable law.

8. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the service, maintain security, comply with legal obligations, resolve disputes, and enforce agreements.

Retention periods may vary by category of data, such as waitlist records, account records, support communications, system logs, uploaded content, integration data, and workspace operational records, and may depend on customer configuration, legal requirements, or legitimate business needs.

9. Your Rights and Choices

Depending on your location and the nature of our relationship with you, you may have rights to request access to personal data, correction of inaccurate data, deletion, portability, or restriction or objection to certain processing.

California residents may also have rights under California privacy law, including the right to know, request deletion, request correction, and receive information about categories of personal data collected, disclosed, or sold or shared. Cedroots does not describe any separate analytics or advertising stack in this policy unless and until one is implemented.

If Cedar Roots LLC processes your data on behalf of a Cedroots customer, we may direct your request to that customer because it may be the party best positioned to respond.

You may submit privacy requests to onboarding@cedroots.com.

10. Cookies and Similar Technologies

Cedroots uses cookies and similar technologies that are necessary to operate and secure the service, including authentication and session cookies, a short-lived signup intent cookie used during public signup flows, and local storage used for product preferences and interface state.

This Privacy Policy does not describe a separate analytics, advertising, or cross-site tracking stack because we have not confirmed one in the current Cedroots implementation.

11. Security

We use reasonable administrative, technical, and organizational measures designed to protect personal data. No method of transmission, storage, or security control is guaranteed to be completely secure, and we cannot guarantee absolute security.

12. Children

Cedroots is not directed to children under 13, and Cedar Roots LLC does not knowingly collect personal data directly from children under 13 for the public service.

13. Changes and Contact

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice by updating the effective date, posting the revised policy on the site, or using other reasonable communication methods.

Questions or privacy requests may be sent to onboarding@cedroots.com.