Privacy Policy

Last updated: March 2026

1. Introduction

EntityRoot ("we", "us", or "our") operates the entity-root.com website and provides business verification services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

  • Email address
  • Name
  • Password (stored as a secure hash, never in plain text)
  • Organization name

Business Information (Voluntarily Provided)

  • Business legal name and trading name
  • Business address
  • Phone number
  • Email address
  • Website URL
  • Business hours
  • Service areas
  • Business registration numbers

Technical Information

  • IP addresses
  • Browser type and version
  • Access timestamps
  • API request logs

3. How We Use Your Information

  • To provide and maintain our service
  • To verify domain ownership
  • To publish business facts via our API (with your consent)
  • To generate cryptographic signatures for your business data
  • To track AI bot visits to your published facts
  • To communicate with you about your account
  • To improve our service

4. Public Information

Important: When you publish business facts through EntityRoot, this information becomes publicly accessible via our API. This is the core purpose of our service - to make verified business information available to AI systems and the public.

Published information includes:

  • Business name
  • Business address
  • Phone number
  • Business hours
  • Service areas
  • Website URL

You can unpublish your business facts at any time through your dashboard.

5. Data Security

We implement appropriate security measures including:

  • Password hashing using Argon2id
  • HTTPS encryption for all data transmission
  • Row-level security in our database
  • Regular security audits
  • Access logging and monitoring

6. Data Retention

We retain your account data for as long as your account is active. Published business facts remain available until you unpublish them. After account deletion, we retain anonymized analytics data but remove all personally identifiable information.

7. Your Rights

Under Australian Privacy Principles and GDPR (where applicable), you have the right to:

  • Access: Request a copy of all data we hold about you
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your personal data
  • Data Portability: Export your data in a machine-readable format
  • Withdraw Consent: Unpublish your business facts at any time

To exercise these rights, use the Data Export and Data Deletion features in your account settings, or contact us at privacy@entity-root.com.

8. Cookies

We use essential cookies for:

  • Authentication (keeping you logged in)
  • Security (CSRF protection)

We do not use advertising or tracking cookies.

9. Third-Party Services

We may use the following third-party services:

  • Cloudflare: For CDN and edge workers (if you enable Cloudflare integration)
  • AWS: For hosting infrastructure

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: privacy@entity-root.com