@@ -14,7 +14,7 @@ export default function Privacy() {
1414 < h1 className = "text-3xl font-bold tracking-tight sm:text-4xl md:text-5xl" >
1515 Roo Code Cloud Privacy Policy
1616 </ h1 >
17- < p className = "text-muted-foreground" > Last Updated: June 19 , 2025</ p >
17+ < p className = "text-muted-foreground" > Last Updated: January 30 , 2025</ p >
1818
1919 < p className = "lead" >
2020 This Privacy Policy explains how Roo Code, Inc. ("Roo Code," "we,"
@@ -63,6 +63,11 @@ export default function Privacy() {
6363 We collect only the data needed to operate Roo Code Cloud, do < strong > not</ strong > sell
6464 customer data, and do < strong > not</ strong > use your content to train models.
6565 </ li >
66+ < li >
67+ We use cookies and similar technologies for{ " " }
68+ < strong > analytics and interest‑based advertising</ strong > (aka “retargeting”);
69+ you can opt‑out at any time (see Section 6).
70+ </ li >
6671 </ ul >
6772
6873 < h2 className = "mt-12 text-2xl font-bold" > 1. Information We Collect</ h2 >
@@ -127,6 +132,19 @@ export default function Privacy() {
127132 Marketing Site automatically / You
128133 </ td >
129134 </ tr >
135+ < tr >
136+ < td className = "border border-border px-4 py-2 font-medium" >
137+ Marketing & Advertising Data
138+ </ td >
139+ < td className = "border border-border px-4 py-2" >
140+ Online identifiers (IP, cookie ID, device ID), pages or screens viewed, referral
141+ source, marketing pixel events (e.g., Google Ads remarketing, Meta Pixel,
142+ LinkedIn Insight)
143+ </ td >
144+ < td className = "border border-border px-4 py-2" >
145+ Marketing Site automatically / Pixels
146+ </ td >
147+ </ tr >
130148 </ tbody >
131149 </ table >
132150 </ div >
@@ -238,29 +256,93 @@ export default function Privacy() {
238256 < strong > Delete your Cloud account</ strong > at any time from{ " " }
239257 < strong > Security Settings</ strong > inside Roo Code Cloud.
240258 </ li >
259+ < li >
260+ < strong > Opt‑out of targeted advertising</ strong > via the footer links described in Section 6
261+ or by sending a GPC signal.
262+ </ li >
241263 </ ul >
242264
243- < h2 className = "mt-12 text-2xl font-bold" > 6. Security Practices</ h2 >
265+ < h2 className = "mt-12 text-2xl font-bold" >
266+ 6. Targeted Advertising, “Sale or Share,” and How to Opt Out
267+ </ h2 >
268+ < p >
269+ We use Google Ads, Meta (Facebook) Pixel and LinkedIn Insight Tag to show ads to visitors who
270+ have previously interacted with Roo Code (“retargeting” or “cross‑context
271+ behavioral advertising”). Under the California Consumer Privacy Act as amended by the
272+ CPRA—and similar laws in CO, CT, VA, UT, OR, TX and others—disclosing personal information (like
273+ a cookie ID) to an ad network for this purpose may be considered a{ " " }
274+ < strong > “sale” or “share.”</ strong >
275+ </ p >
276+
277+ < h3 className = "mt-8 text-xl font-bold" > Your Options</ h3 >
278+ < ol >
279+ < li >
280+ < strong > Site links.</ strong > Every page now displays a
281+ < ul >
282+ < li >
283+ < strong >
284+ “Do Not Sell or Share My Personal Information / Opt Out of Targeted
285+ Advertising”
286+ </ strong > { " " }
287+ link that lets you disable all non‑essential advertising cookies; and
288+ </ li >
289+ < li >
290+ < strong > “Your Privacy Choices”</ strong > link that provides the same
291+ opt‑out for other states.
292+ </ li >
293+ </ ul >
294+ </ li >
295+ < li >
296+ < strong > Global Privacy Control (GPC).</ strong > We automatically honor the browser‑level{ " " }
297+ < em > GPC</ em > signal. When received, we block marketing pixels and treat the request as a
298+ valid opt‑out of sale/share.
299+ </ li >
300+ < li >
301+ < strong > Ad platform tools.</ strong > You may also set ad‑preferences directly with Google
302+ Ads, Meta, or LinkedIn; those choices are respected across sites.
303+ </ li >
304+ </ ol >
305+ < p >
306+ We do < strong > not</ strong > knowingly sell/share data of consumers under 16, and we prohibit our
307+ ad partners from creating interest‑based profiles of such users.
308+ </ p >
309+
310+ < h2 className = "mt-12 text-2xl font-bold" > 7. Security Practices</ h2 >
244311 < p >
245312 We use TLS for all data in transit, AES‑256 encryption at rest, least‑privilege IAM, continuous
246313 monitoring, routine penetration testing, and maintain a SOC 2 program.
247314 </ p >
248315
249- < h2 className = "mt-12 text-2xl font-bold" > 7 . Updates to This Policy</ h2 >
316+ < h2 className = "mt-12 text-2xl font-bold" > 8 . Updates to This Policy</ h2 >
250317 < p >
251318 If our privacy practices change, we will update this policy and note the new{ " " }
252319 < strong > Last Updated</ strong > date at the top. For material changes that affect Cloud
253320 workspaces, we will also email registered workspace owners before the changes take effect.
254321 </ p >
255322
256- < h2 className = "mt-12 text-2xl font-bold" > 8 . Contact Us</ h2 >
323+ < h2 className = "mt-12 text-2xl font-bold" > 9 . Contact Us</ h2 >
257324 < p >
258325 Questions or concerns? Email{ " " }
259326 < a href = "mailto:[email protected] " className = "text-primary hover:underline" > 260327261328 </ a >
262329 .
263330 </ p >
331+
332+ < h2 className = "mt-12 text-2xl font-bold" > 10. State‑Specific Privacy Rights</ h2 >
333+ < p >
334+ Residents of California, Colorado, Connecticut, Utah, Virginia, Oregon, Texas and other states
335+ with comprehensive privacy statutes have additional rights, including to access, correct,
336+ delete, and{ " " }
337+ < strong >
338+ opt‑out of the sale or sharing of personal information and of targeted advertising
339+ </ strong >
340+ . You may exercise these rights through the mechanisms in Sections 5–6 or by emailing{ " " }
341+ < a href = "mailto:[email protected] " className = "text-primary hover:underline" > 342+ 343+ </ a >
344+ . We will respond within the timeframe required by your state law (usually 45 days).
345+ </ p >
264346 </ div >
265347 < / d i v >
266348 </>
0 commit comments