Home Blog Referral Flex Features Pricing

Privacy Policy

Last updated: November 13, 2025

This Privacy Policy explains how Routerra Anatolii Trubin ("we", "us") collects, uses, discloses, and safeguards personal information when you use our web application and mobile applications (collectively, the "Services"). If you do not agree, please do not use the Services. Contact us at [email protected].

Summary of key points

We collect the data you provide (e.g., email), precise location while using the app (mobile), microphone input (opt-in), camera/photos you choose, files you select, purchase/diagnostic data, and analytics/usage data.
Processors include Clerk (auth), RevenueCat (mobile subscriptions), Mapbox & Google Maps (maps), Hotjar (web analytics, heatmaps & session replay), Tawk.to (web live chat), Sentry (error monitoring), PostHog (analytics & optional session replay on web and mobile - hosted in US), and Bugsnag (crash reporting on mobile).
We collect device identifiers (Android ID, device fingerprints) via PostHog, Bugsnag, RevenueCat, and Clerk for analytics, crash reporting, purchase validation, and authentication.
Website cookies: Our website uses cookies only for analytics purposes. By continuing to browse after seeing our cookie notice, you consent to analytics cookies.
You control device permissions (mobile) and can disable optional analytics (PostHog) in Settings → Analytics. However, crash/error reporting (Bugsnag on mobile, Sentry on web/server) is always active to maintain app stability and cannot be disabled. We do not sell personal data.
Your data may be processed outside your country with appropriate safeguards (e.g., Standard Contractual Clauses for EEA/UK). PostHog data is stored in the United States.
Data retention: Session recordings (90 days), analytics events (12 months), active account data (while account is active), deleted account data (30 days to full deletion).

Web App Cookie Consent & Your Choices

When you visit our web application (app.routerra.io), we ask for your explicit consent before using any non-essential cookies. You have full control over which cookies you accept:

Essential Cookies: Always active - Required for authentication and basic functionality
Analytics & Performance Cookies: Optional - Help us understand usage with Sentry and Hotjar
Support & Chat Cookies: Optional - Enable Tawk.to live chat support

You can change your cookie preferences at any time through:

The cookie banner when you first visit
Settings → General → Cookie Settings in the web application

Your choices are stored locally in your browser and respected across all your sessions.

What information do we collect?
Platforms (Web vs Mobile)
Mobile App Analytics and Session Recording
How do we use your information?
Legal Basis for Data Processing
When and with whom do we share data?
Third-Party Service Providers
Cookies, SDKs, and tracking
International data transfers
Data retention
Your rights and controls
Children
Security
Contact & Data Controller
Updates to this Policy

1. What information do we collect?

Information you provide

Account & Contact: email, password or OAuth identity (via Clerk), support messages (incl. via live chat).
User content: photos/files you select (e.g., attachments to route stops), route names/notes.

Information collected automatically

Usage & analytics: screens, interactions, performance (web via cookies/SDKs; mobile via SDKs).
Session replay: on web via Hotjar (heatmaps & replay); on mobile optionally via PostHog Session Replay. Sensitive fields are masked where supported; you can disable PostHog analytics/replay via in-app Settings.
Diagnostics & errors: crash reports, stack traces, device/OS, device identifiers, app version (Bugsnag on mobile; Sentry on web/server). These diagnostics are always active and cannot be disabled as they are essential for app stability and security.
Technical: app/instance IDs, device/OS info, locale, time zone, network status.
Device or other identifiers: Android ID, installation IDs, device fingerprints collected by:
- • PostHog (analytics) — can be disabled via Settings
- • Bugsnag (crash reporting) — always active, cannot be disabled
- • RevenueCat (purchase validation) — always active
- • Clerk (authentication) — required for account management

Information from device permissions (mobile)

Precise location (while using the app): navigation, ETAs, route optimization (expo-location/Mapbox). No background location collection.
Microphone: speech-to-text to quickly add stops. Audio is used for transcription and not stored unless you save a transcript.
Camera & Photos: capture/select images for your routes. We access only the media you choose.
Files: documents you select via Document Picker (e.g., CSV import). We do not scan other files.

1a. Platforms (Web vs Mobile)

Web (browser)

Auth: Clerk (sign-in, sessions).
Maps: Mapbox GL JS / Google Maps.
Analytics & replay: Hotjar (heatmaps, session replay), PostHog (website analytics).
Support chat: Tawk.to (chat transcripts & metadata you send).
Error monitoring: Sentry (client & server errors; scrubbed).
Cookies/storage: consent banner, cookies/localStorage for preferences and sessions.
Files/Clipboard: uploads/downloads (drag&drop, file-download), copy-to-clipboard.

Mobile (apps)

Auth: Clerk.
Maps: Mapbox SDK.
Purchases: RevenueCat.
Analytics: PostHog (+ optional Session Replay).
Diagnostics: Bugsnag.
Permissions: location (while-in-use), microphone, camera/photos, file picker.

1b. Mobile App Analytics and Session Recording

What We Collect

Our mobile applications (iOS and Android) and website collect anonymous analytics data to help us improve the user experience:

Usage Analytics: Anonymous event tracking of app features and interactions
Session Recordings: Screen interactions and navigation patterns within the app
Device Information: Device model, operating system version, app version
Performance Metrics: App load times, error logs, crash reports

How We Collect Data

We use PostHog (https://posthog.com), a GDPR-compliant analytics and session recording platform, to collect this data on both mobile apps and our website.

What is Protected

To protect your privacy, we automatically mask sensitive information in session recordings:

✅ User text inputs (forms, search fields, text entries) are masked
✅ Images and photos are masked
✅ Passwords and payment information are never recorded
✅ Personal identifiable information in form fields is masked

What remains visible: UI labels, buttons, navigation elements, and app layout - this helps us understand user experience without compromising privacy.

Your Control

You have full control over analytics and session recording:

Navigate to Settings → Analytics in the mobile app
Toggle analytics on/off
Toggle session recording on/off independently
Changes take effect immediately
Your preferences are saved across app sessions

For website analytics cookies, you can manage preferences through your browser settings or our cookie banner.

2. How do we use your information?

Provide the Services (routing, navigation, subscriptions) — GDPR: Contract (Art. 6(1)(b)).
Authenticate & secure accounts — Contract; Legitimate interests (security, fraud prevention).
Process purchases/subscriptions (mobile) — Contract; Legal obligation (tax/records).
Analytics & product improvement (PostHog, Hotjar) — Legitimate interests; where required, Consent (e.g., Hotjar on web; PostHog session replay on mobile; analytics cookies on web). You can disable PostHog analytics in mobile app Settings.
Error/crash monitoring & debugging (Bugsnag, Sentry) — Legitimate interests; Legal obligation (maintaining app security). This is always active and cannot be disabled.
Communications (service/support messages) — Contract; Legitimate interests.
Compliance — Legal obligations.

2a. Legal Basis for Data Processing

We process your personal data based on the following legal grounds under GDPR:

Consent (GDPR Art. 6(1)(a))

Mobile app analytics (when you enable it in Settings → Analytics)
Session recording (when you enable it in Settings → Analytics)
Website analytics cookies (when you continue browsing after seeing cookie notice)

You can withdraw consent at any time through app Settings or browser settings.

Legitimate Interest (GDPR Art. 6(1)(f))

Product improvement and development
App performance monitoring
Bug fixing and error resolution
User experience optimization
Security and fraud prevention

Our legitimate interests do not override your fundamental rights and freedoms.

Contract Performance (GDPR Art. 6(1)(b))

Providing the route planning and navigation services you requested
Maintaining your account
Delivering core app functionality
Processing subscriptions and purchases

Legal Obligation (GDPR Art. 6(1)(c))

Maintaining app security and stability
Tax and financial record keeping
Compliance with applicable laws and regulations

3. When and with whom do we share data?

Processors acting on our behalf include:

Clerk — authentication & accounts (web & mobile).
RevenueCat — in-app purchases & subscription status (mobile).
Mapbox / Google Maps — maps/tiles, geocoding, navigation (web & mobile as applicable).
Hotjar — web analytics, heatmaps & session replay (web only).
Tawk.to — live chat widget & chat transcripts (web only, initiated by you).
Sentry — web/server error monitoring; PII is minimized/scrubbed.
PostHog (+ Session Replay) — product analytics (web & mobile).
Bugsnag — crash reporting (mobile).
Hosting & CDN — cloud infrastructure and content delivery.

We do not sell personal information and do not share it for cross-context behavioral advertising.

3a. Third-Party Service Providers

Below are detailed descriptions of key third-party processors that handle your data:

PostHog (Analytics and Session Recording)

Service: PostHog Inc.
Purpose: Analytics, session recording, and product analytics for our website and mobile applications
Data Shared: Anonymous usage data, masked session recordings, device information, performance metrics
Location: United States (hosted on US servers at us.i.posthog.com)
Privacy Policy: https://posthog.com/privacy
GDPR Compliance: PostHog is GDPR-compliant and acts as a data processor
Data Processing Agreement: In place

PostHog processes data on our behalf according to our instructions and their Terms of Service. They do not use your data for their own purposes.

Clerk (Authentication)

Purpose: User authentication and account management
Data Shared: Email, authentication credentials, user profile data
GDPR Compliance: GDPR-compliant with appropriate safeguards

RevenueCat (Subscription Management)

Purpose: In-app purchase validation and subscription management (mobile only)
Data Shared: Purchase receipts, subscription status, device identifiers
GDPR Compliance: GDPR-compliant with appropriate safeguards

Mapbox & Google Maps (Mapping Services)

Purpose: Maps, geocoding, routing, and navigation services
Data Shared: Location data, route information, map interactions
GDPR Compliance: Both services are GDPR-compliant

Bugsnag & Sentry (Error Monitoring)

Purpose: Crash reporting and error monitoring (Bugsnag for mobile, Sentry for web/server)
Data Shared: Error logs, stack traces, device information (PII is minimized/scrubbed)
Note: These services are essential for app stability and cannot be disabled

4. Cookies, SDKs, and tracking

Web Application Cookies

Our web application (app.routerra.io) uses cookies for analytics and essential functionality. When you first visit, we ask for your explicit consent before loading non-essential cookies.

What cookies we use:

Essential cookies for website functionality, authentication, and session management (always active)
Analytics cookies (via Hotjar and Sentry) to understand site performance and improve user experience (requires consent)
Support cookies (via Tawk.to) for live chat functionality (requires consent)
Functional cookies for language preferences and UI settings (always active)

Hotjar (User Behavior Analytics)

Purpose: Understand how users interact with our web application to improve user experience
Data Collected: Anonymous session recordings, heatmaps, click patterns
IP Anonymization: Enabled by default
Keystroke Suppression: Enabled by default (no personal data captured in forms)
Consent Required: Yes - Only loads after you accept "Analytics & Performance" cookies
Consent Control: Uses Hotjar Consent API to respect your privacy choices
Do Not Track: We respect browser DNT settings
Provider: Hotjar Ltd. (GDPR compliant, EU-based)
Privacy Policy: https://www.hotjar.com/legal/policies/privacy/

Sentry (Error Tracking - Web)

Purpose: Monitor application errors and performance to maintain service quality on the web application
Data Collected: Error messages, stack traces, browser information, anonymized user IDs
Consent Required: Yes - Only initializes after you accept "Analytics & Performance" cookies
No Personal Data: We do not send personally identifiable information to Sentry
Environment: Only active in production (app.routerra.io)
Provider: Functional Software, Inc. (GDPR compliant)
Privacy Policy: https://sentry.io/privacy/

Tawk.to (Live Chat Support)

Purpose: Provide real-time customer support on the web application
Data Collected: Chat messages, name (if provided), email (if provided)
Consent Required: Yes - Only loads after you accept "Support & Chat" cookies
Data Retention: Chat history stored according to our data retention policy
Provider: tawk.to inc. (GDPR compliant)
Privacy Policy: https://www.tawk.to/privacy-policy/

Your consent: When you first visit our web application, you'll see a cookie consent banner that allows you to choose which categories of cookies to accept.

You can change your preferences at any time through Settings → General → Cookie Settings in the web application.

How to manage cookies:

Use the cookie banner when you first visit the web application
Access Settings → General → Cookie Settings in the web application at any time
You can also control cookie preferences through your browser settings
Note: Blocking essential cookies will affect website functionality

Cookie retention: Analytics cookies are retained for 12 months. Your consent preferences are stored locally in your browser for 1 year.

Environment-Specific Behavior (Web Application)

To protect the accuracy of our analytics and your privacy:

Development environments: Analytics tools (Sentry, Hotjar) never load, regardless of consent
Production (app.routerra.io): Analytics tools only load if:
- 1. You have given explicit consent
- 2. Your browser's Do Not Track (DNT) setting is not enabled

This ensures that internal testing and development work does not affect our understanding of how real users experience the application.

Consent-Based Data Collection (Web Application)

Before Consent:

No analytics scripts are loaded
No tracking cookies are set
Only essential authentication cookies may be used
No data is sent to third-party analytics providers

After Consent:

Analytics tools initialize based on your preferences
Session recordings may begin (Hotjar, if consented)
Error tracking activates (Sentry, if consented)
Live chat becomes available (Tawk.to, if consented)

After Consent Withdrawal:

All analytics scripts stop loading on new page visits
Existing session data is retained per our retention policy
No new data collection occurs
Essential functionality remains unaffected

Mobile App Tracking

Our mobile application does not use cookies. Analytics are handled through the PostHog SDK as described in section 1b above.

Mobile SDKs: Required vs Optional

On mobile, we use the following SDKs:

Required (always active):

Clerk — Authentication (required for account functionality)
RevenueCat — Subscription management (required for purchase features)
Bugsnag — Crash reporting and diagnostics (required for app stability; cannot be disabled)
Mapbox — Maps and navigation (required for core app functionality)

Optional (can be disabled in Settings):

PostHog — Product analytics and optional session replay (you can disable this in Settings → Analytics)

Device identifiers are collected by all of the above to enable their respective functions.

Cookies We Use (Web Application)

Below is a detailed table of cookies used in our web application:

Cookie Name	Purpose	Type	Duration	Consent Required
`routerra-cookie-consent`	Stores your cookie preferences	Essential	1 year	No (essential)
`__clerk_*`	Authentication session	Essential	Session	No (essential)
`_hjSession*`	Hotjar session tracking	Analytics	Session	Yes
`_hjIncludedInSessionSample`	Hotjar sampling	Analytics	Session	Yes
TawkTo cookies	Live chat functionality	Support	Varies	Yes

Cookie/SDK categories (web)

Strictly necessary — auth/session, security, load balancing
Functional — language, UI preferences
Analytics — Hotjar usage metrics, heatmaps, session replay; Sentry error tracking
Support — Tawk.to live chat widget

We do not use advertising cookies or SDKs.

5. International data transfers

Data Location

Your data may be transferred to and processed in countries outside your country of residence, including:

United States: PostHog analytics data is stored on US servers (us.i.posthog.com)
Other regions: Depending on the service provider's infrastructure (Clerk, RevenueCat, Mapbox, etc.)

Safeguards

When we transfer data internationally, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): We use Standard Contractual Clauses approved by the European Commission for data transfers to countries outside the EEA/UK
Data Processing Agreements: We have data processing agreements with all third-party processors that include data protection requirements
GDPR Compliance: All our processors are certified as GDPR-compliant and implement appropriate technical and organizational measures

Your Rights

Your privacy rights remain protected regardless of where your data is processed. You can exercise your rights as described in section 7 below.

6. Data retention

We retain your data only as long as necessary for the purposes outlined in this policy:

Mobile App & Website Data

Session recordings: 90 days from recording date
Analytics events: 12 months from collection
Device information: 12 months from last app use
Error logs and crash reports: 90 days from occurrence

Account Data

Active accounts: Retained while your account is active
Deleted accounts: Data deleted within 30 days of account deletion request
Route data and user content: Retained while your account is active; deleted within 30 days of account deletion

Website Data

Analytics cookies: 12 months
Website analytics data: 12 months from collection

Early Deletion

You can request earlier deletion of your data by contacting us at [email protected].

7. Your rights and controls

Under GDPR and applicable data protection laws, you have the following rights:

Right to Access

You can request access to the personal data we hold about you.

Right to Rectification

You can request correction of inaccurate personal data.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. See our Data Deletion Policy for details.

Right to Restrict Processing

You can request that we limit how we use your data.

Right to Data Portability

You can request a copy of your data in a machine-readable format.

Right to Object

You can object to processing of your data for specific purposes.

Right to Withdraw Consent

You can withdraw your consent for analytics and support cookies at any time:

For Web Application (app.routerra.io):

Open Settings in the web application
Navigate to General → Cookie Settings
Adjust your preferences for Analytics & Performance and Support & Chat cookies
Click "Save Preferences"

Withdrawing consent will:

Stop all future analytics data collection
Prevent support chat widgets from loading
Not affect essential functionality (authentication, navigation)
Be applied immediately for future sessions

For Mobile App:

Open the mobile app and go to Settings → Analytics
Toggle off Analytics and/or Session Replay

Note: Crash/error reporting (Bugsnag on mobile, Sentry on web/server) and authentication (Clerk) cannot be disabled as they are essential for app functionality and security.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]
Subject: "Privacy Rights Request - GDPR"

We will respond to your request within 30 days. We may verify your identity before processing your request.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your country, particularly in the EU member state where you live, work, or where an alleged infringement of data protection law occurred.

8. Children

The Services are not directed to children under 18. If we learn we collected data from a minor, we will delete it.

9. Security

We use technical and organizational measures appropriate to the risk (e.g., encryption in transit, access controls). No method is 100% secure.

10. Contact & Data Controller

Privacy Questions

If you have questions about this privacy policy or our data practices:

Email: [email protected]
Subject: Privacy Inquiry

Cookie Settings

For questions specifically about cookies and data collection:

Email: [email protected]
Cookie Settings: Access directly in the web app (Settings → General → Cookie Settings)
General Inquiries: [email protected]

Response Time

We aim to respond to all privacy-related inquiries within 48 hours for cookie questions and within 30 days for GDPR requests.

Terms & Conditions Data Deletion Policy

11. Updates to this Policy

How We Notify You

Material changes: We'll notify you via email or in-app notification
Minor changes: Posted on this page with updated "Last updated" date

Your Continued Use

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

Change History

November 13, 2025: Updated cookie consent mechanism for web application to be fully GDPR compliant:
- • Added explicit consent requirement for analytics and support cookies
- • Implemented granular cookie controls (Essential, Analytics & Performance, Support & Chat)
- • Added ability to withdraw consent at any time via Settings → General → Cookie Settings
- • Clarified data collection practices for Hotjar, Sentry, and Tawk.to on web application
- • Added environment-specific behavior documentation (development vs production)
- • Added consent-based data collection timeline (before/after/withdrawal)
- • Added detailed cookie table with consent requirements
- • Enhanced IP anonymization, keystroke suppression, and DNT respect details
November 5, 2025: Added comprehensive mobile app and website session recording disclosure, PostHog data processor information, enhanced GDPR rights section, detailed data retention periods, legal basis for processing, international data transfer safeguards, third-party service provider details, and website cookie consent information
October 28, 2025: Previous version