Roo Code Cloud Privacy Policy
Last Updated: June 19, 2025
This Privacy Policy explains how Roo Code, Inc. ("Roo Code," "we," "our," or "us") collects, uses, and shares information when you:
- browse any page under roocode.com (the Marketing Site); and/or
- create an account for, sign in to, or otherwise use Roo Code Cloud at app.roocode.com or through the Roo Code extension while authenticated to that Cloud account (the Cloud Service).
Extension‑Only Usage
If you run the Roo Code extension without connecting to a Cloud account, your data is governed by the standalone Roo Code Extension Privacy Policy.
Quick Summary
- Your source code never transits Roo Code servers. It stays on your device and is sent directly—via a client‑to‑provider TLS connection—to the third‑party AI model you select. Roo Code never stores, inspects, or trains on your code.
- Prompts and chat snippets are collected by default in Roo Code Cloud so you can search and re‑use past conversations. Organization admins can disable this collection at any time.
- We collect only the data needed to operate Roo Code Cloud, do not sell customer data, and do not use your content to train models.
1. Information We Collect
| Category | Examples | Source |
|---|---|---|
| Account Information | Name, email, organization, auth tokens | You |
| Workspace Configuration | Org settings, allow‑lists, rules files, modes, dashboards | You / Extension (when signed in) |
| Prompts, Chat Snippets & Token Counts | Text prompts, model outputs, token counts | Extension (when signed in) |
| Usage Data | Feature clicks, error logs, performance metrics (captured via PostHog) | Services automatically (PostHog) |
| Payment Data | Tokenized card details, billing address, invoices | Payment processor (Stripe) |
| Marketing Data | Cookies, IP address, browser type, page views, voluntary form submissions (e.g., newsletter or wait‑list sign‑ups) | Marketing Site automatically / You |
2. How We Use Information
- Operate & secure Roo Code Cloud (authentication, completions, abuse prevention)
- Provide support & improve features (debugging, analytics, product decisions)
- Process payments & manage subscriptions
- Send product updates and roadmap communications (opt‑out available)
3. Where Your Data Goes (And Doesn't)
| Data | Sent To | Not Sent To |
|---|---|---|
| Code & files you work on | Your chosen model provider (direct client → provider TLS) | Roo Code servers; ad networks; model‑training pipelines |
| Prompts, chat snippets & token counts (Cloud) | Roo Code Cloud (encrypted at rest) | Any third‑party |
| Workspace Configuration | Roo Code Cloud (encrypted at rest) | Any third-party |
| Usage & Telemetry | PostHog (self‑hosted analytics platform) | Ad networks or data brokers |
| Payment Data | Stripe (PCI‑DSS Level 1) | Roo Code servers (we store only the Stripe customer ID) |
4. Data Retention
- Source Code: Never stored on Roo Code servers.
- Prompts & Chat Snippets: Persist in your Cloud workspace until you or your organization admin deletes them or disables collection.
- Operational Logs & Analytics: Retained only as needed to operate and secure Roo Code Cloud.
5. Your Choices
- Manage cookies: You can block or delete cookies in your browser settings; some site features may not function without them.
- Disable prompt collection in Organization settings.
- Delete your Cloud account at any time from Security Settings inside Roo Code Cloud.
6. Security Practices
We use TLS for all data in transit, AES‑256 encryption at rest, least‑privilege IAM, continuous monitoring, routine penetration testing, and maintain a SOC 2 program.
7. Updates to This Policy
If our privacy practices change, we will update this policy and note the new Last Updated date at the top. For material changes that affect Cloud workspaces, we will also email registered workspace owners before the changes take effect.
8. Contact Us
Questions or concerns? Email privacy@roocode.com.