Privacy

Last updated 8 June 2026

Roots is built so there is almost nothing to say here — because there is almost nothing to collect. Your family tree never leaves your browser.

What we collect

Nothing on a server. Roots has no backend, no database, and no user accounts. We do not collect your name, email, or any personal information, and we cannot see the family trees you build.

Where your family tree lives

Your entire family tree is encrypted in your browser with AES-256-GCM (keys derived with PBKDF2, 600,000 iterations) and stored inside the page's URL — the part after the #. Sharing your tree means sharing that link and its passphrase; only someone with both can open it. Because the data is in the URL fragment, it is never even sent to the server that hosts the page.

There is no passphrase recovery. If you lose the passphrase, the encrypted tree cannot be opened — by you or by anyone, including us.

Tracking & cookies

• No analytics, no tracking, no advertising. There are no analytics or telemetry scripts of any kind.
• No cookies. Roots stores only a few small preferences in your browser's localStorage — such as your chosen theme (light/dark), your language, and which one-time tips you have dismissed — which never leave your device.

Third parties

In the interest of full honesty, two ordinary things happen when any web page loads:

• The site is served by Cloudflare Pages, which (like any web host) processes standard request logs such as IP address — never your family-tree data.
• Fonts are loaded from Google Fonts, so your browser requests those font files from Google's CDN. No family-tree data is included in those requests.

That is the full extent of any data leaving your browser, and none of it includes the contents of your tree.

Open source

Roots is open source under the Apache-2.0 license, so every claim on this page is verifiable in the code: github.com/AbdAsh/Roots-FamilyTreeVisualizer.