Legal

Privacy Policy

Last updated: March 2026

This Privacy Policy explains how Digital Root Tools ("we", "us", "our") collects, uses, and protects your personal data when you use our website and AI-powered SEO content tools at digitalroottools.com.

We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Digital Root Tools is an AI-powered SEO content tool platform based in London, UK. We are the data controller responsible for your personal data collected through this website.

If you have any questions about how we handle your data, please contact us at hello@digitalroottools.com.

We collect the following categories of data when you use Digital Root Tools:

  • Email address — provided voluntarily when you use tools that deliver results by email (Alt Text Generator, Blog Post Generator). We use this solely to send you your requested output.
  • IP address — automatically collected by our servers for rate limiting purposes (to enforce free tier usage limits). We do not store IP addresses beyond the current day.
  • Form inputs — content you enter into our tools (product names, blog topics, keywords, etc.) is processed by our AI systems to generate your requested output. This content is not stored by us after processing is complete.
  • Images — images uploaded to the Alt Text Generator are processed by our AI model to generate alt text and are not retained after processing.
  • Usage data — basic analytics about how the site is used (pages visited, time on site) may be collected through Vercel's infrastructure. This data is aggregated and anonymised.

We do not collect payment card details directly. Payment processing (when available) is handled by Stripe, which is PCI DSS compliant.

We use the data we collect for the following purposes:

  • Service delivery — to process your tool requests and email you the results you have requested.
  • Rate limiting — to enforce free tier usage limits and protect our service from abuse.
  • Service improvement — to understand how our tools are used and identify areas for improvement.
  • Communications — if you contact us directly, to respond to your enquiry.
  • Legal compliance — to comply with applicable laws and regulations.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

To deliver our services, we use the following third-party providers. Each has its own privacy policy and data processing practices:

  • OpenRouter / AI Model Providers — your form inputs and images are sent to OpenRouter's API, which routes requests to AI model providers (including Google, Meta, and Anthropic). Data is processed to generate your requested output. Please refer to OpenRouter's privacy policy for details of how they handle data.
  • Resend — used to deliver email results to the address you provide. Your email address and generated content are transmitted to Resend for delivery. Please refer to Resend's privacy policy for details.
  • Vercel — our website and serverless functions are hosted on Vercel's infrastructure. Vercel may collect standard server log data. Please refer to Vercel's privacy policy for details.
  • Stripe (future paid tiers) — payment processing will be handled by Stripe. We will never store card details on our own servers.

We retain your data only for as long as necessary:

  • Email addresses — retained only for the purpose of delivering your requested results. We do not maintain a marketing database of user email addresses unless you have explicitly opted in.
  • IP addresses — used for daily rate limiting only, not stored beyond the end of each calendar day.
  • Form inputs and images — not stored by us after AI processing is complete.
  • Contact enquiries — retained for up to 24 months to allow us to respond to follow-up questions.

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access — you can request a copy of the personal data we hold about you.
  • Right to rectification — you can ask us to correct inaccurate data.
  • Right to erasure — you can ask us to delete your personal data where we have no legitimate reason to continue processing it.
  • Right to restriction — you can ask us to restrict processing of your data in certain circumstances.
  • Right to data portability — you can request your data in a structured, machine-readable format.
  • Right to object — you can object to processing based on our legitimate interests.

To exercise any of these rights, please contact us at hello@digitalroottools.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Digital Root Tools does not use tracking cookies or advertising cookies. Our website may use essential functional cookies required for the site to operate correctly (such as those set by our hosting infrastructure at Vercel). These cookies do not collect personal information and cannot be used to identify you.

We do not use Google Analytics, Facebook Pixel, or any other third-party tracking or advertising technology.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Our website uses HTTPS encryption for all data transmitted between your browser and our servers. API keys and sensitive credentials are stored as encrypted environment variables and are never exposed in our codebase.

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security, and you provide your data at your own risk.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of Digital Root Tools after any changes constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

We aim to respond to all privacy-related enquiries within 5 business days.