Opt-Out and Data Subject Rights

Effective Date: May 1, 2026 Version: 2

Rootlake LLC (“Rootlake,” “we,” “us,” or “our”) provides this page as a single place where you can learn about and exercise your rights to opt out of the processing of your personal information and to make data subject requests covering access, deletion, correction, and other rights under applicable privacy laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other U.S. state comprehensive privacy laws (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Hampshire, and others enacted or coming into force).

This page complements our Privacy Policy, which describes the categories of data we collect and how we use it.

1. How Rootlake collects your data

Rootlake’s software development kit (“SDK”) is embedded inside third-party mobile applications. We do not collect data directly from end users; we collect data through these partner applications, with end-user consent obtained by the application’s Consent Management Platform (“CMP”) and subject to the operating system’s advertising-identifier and location-permission controls.

Rootlake’s SDK does not capture data from devices located in the United States.

The data we may collect through our SDK is described in detail in our Privacy Policy.

2. Opt-out mechanisms

You have multiple, independent ways to opt out of the collection and processing of your personal information through Rootlake.

The most reliable way to opt out is at the operating-system level. Rootlake’s SDK respects these controls automatically.

On Android:

  1. Open Settings.
  2. Go to Security & privacy → Privacy → Ads (the exact path may vary by device manufacturer).
  3. Tap Delete advertising ID (or the equivalent option such as “Opt out of Ads Personalization”).

When you delete or reset your Android Advertising ID, our SDK detects the change and ceases to associate further data with your previous identifier.

On other Android variants (Amazon Fire OS, Huawei devices): the same control is available under your device’s privacy or ads settings. Look for “Advertising ID,” “Ad tracking,” or “Personalized ads.”

On iOS:

The Rootlake SDK is not currently deployed on iOS. If that changes, the equivalent control is Settings → Privacy & Security → Tracking → Allow Apps to Request to Track (off) and Settings → Privacy & Security → Apple Advertising → Personalized Ads (off).

Each application that integrates the Rootlake SDK presents you with a consent dialog through its CMP, typically on first launch. You can revisit those settings within the app (look for “Privacy Settings,” “Consent Preferences,” or a similar option in the app’s settings) and withdraw consent at any time.

When consent is withdrawn under the IAB Transparency and Consent Framework v2 — specifically under purpose 1 (storage and access of information on a device) or special feature 1 (use of precise geolocation data) — Rootlake stops processing the affected data and stops transferring it to any third party.

2.3 In-app “delete my data”

If the application that integrates Rootlake’s SDK exposes a “Delete my data” or “Reset privacy” button, tapping it instructs the SDK to immediately wipe all locally cached personal data and identifiers, and to stop further transmission from that device.

2.4 Browser-based opt-out signal (Global Privacy Control)

For interactions with rootlake.io, we honor the Global Privacy Control (GPC) signal as a valid opt-out request from your browser. When your browser transmits GPC, we treat it as a request to opt out of the sale and sharing of personal information under the CCPA / CPRA and equivalent U.S. state laws.

2.5 Web-based opt-out and erasure request

If you would like Rootlake to delete data we have already collected and to suppress your identifiers from future collection, contact us at privacy@rootlake.io with the subject line “Opt-Out / Erasure Request” and include the following information:

Finding your Mobile Advertising ID

Android: Open Settings → Security & privacy → Privacy → Ads (path varies by device). Your Advertising ID is displayed on that screen — copy it into your email to us.

If you have already reset or deleted your advertising ID, please provide your previous identifier if known, or as much context as possible (the app name, approximate date of use, and device model) so that we can locate the records.

Upon receiving a verified request, we will:

  1. Record your identifiers in our suppression register. The register is enforced server-side: once your identifiers are recorded, our ingestion API drops any further records associated with them before they reach our data lake or any downstream partner.
  2. Delete historical records associated with those identifiers from our data lake.
  3. Notify our business customers (including third parties to whom we have transferred your data) of your erasure request, so they can remove your data from their systems where required by law.
  4. Confirm completion to you by email.

3. Other data subject rights

In addition to opt-out and erasure, depending on your jurisdiction you may have the right to:

To exercise any of these rights, email privacy@rootlake.io with a description of the right you wish to exercise and the identifying information described in section 2.5.

4. Authorized agents (California and other applicable U.S. states)

You may use an authorized agent to submit a request on your behalf. We will require:

We follow the procedures set out in the California regulations at 11 CCR §7063 for verifying authorized-agent requests on behalf of California residents. For requests under other U.S. state laws, we apply equivalent verification procedures.

5. Response time

We will acknowledge your request within 5 business days and provide a substantive response within 30 calendar days of receipt, as required by GDPR Article 12(3) and CCPA §1798.130. Where a request is particularly complex or where we have received a high number of requests, we may extend the response period by up to a further 60 calendar days; in that case we will notify you of the extension and the reasons for it within the initial 30-day period.

There is no charge for exercising your rights, except where requests are manifestly unfounded or excessive (in which case we may charge a reasonable fee or refuse to act, as permitted by law).

6. Verification

To protect your privacy and prevent unauthorized requests, we may need to verify your identity before completing certain requests. We will use the minimum information necessary for verification (for example, the advertising identifier you provide) and will not retain that information beyond what is required to process your request.

For California residents, we follow the verification standards in 11 CCR §§7060–7063. For residents of other U.S. states with comprehensive privacy laws, we apply equivalent procedures.

7. Non-discrimination

We will not deny our services to you, charge different prices, or provide a different level or quality of service because you exercised any privacy right described on this page. We will not retaliate against you for filing a complaint with a supervisory authority.

8. Contact

For any questions about this page, this process, or your privacy rights:

Email: privacy@rootlake.io Postal address: Rootlake LLC — Privacy Office 30 N Gould St Ste N Sheridan, WY 82801 United States