Routerra Logo

Privacy Policy

Last updated: Oct 28, 2025

This Privacy Policy explains how Routerra Anatolii Trubin (“we”, “us”) collects, uses, discloses, and safeguards personal information when you use our web application and mobile applications (collectively, the “Services”). If you do not agree, please do not use the Services. Contact us at [email protected].

Summary of key points

  • We collect the data you provide (e.g., email), precise location while using the app (mobile), microphone input (opt-in), camera/photos you choose, files you select, purchase/diagnostic data, and analytics/usage data.
  • Processors include Clerk (auth), RevenueCat (mobile subscriptions), Mapbox & Google Maps (maps), Hotjar (web analytics, heatmaps & session replay), Tawk.to (web live chat), Sentry (error monitoring), PostHog (+ optional session replay on mobile), and Bugsnag (crash reporting on mobile).
  • We collect device identifiers (Android ID, device fingerprints) via PostHog, Bugsnag, RevenueCat, and Clerk for analytics, crash reporting, purchase validation, and authentication.
  • You control device permissions (mobile) and can disable optional analytics (PostHog) in Settings. However, crash/error reporting (Bugsnag on mobile, Sentry on web/server) is always active to maintain app stability and cannot be disabled. We do not sell personal data.
  • Your data may be processed outside your country with appropriate safeguards (e.g., SCCs for EEA/UK).

Table of contents

  1. What information do we collect?
  2. Platforms (Web vs Mobile)
  3. How do we use your information?
  4. When and with whom do we share data?
  5. Cookies, SDKs, and tracking
  6. International data transfers
  7. Data retention
  8. Your rights and controls
  9. Children
  10. Security
  11. Contact & Data Controller
  12. Updates to this Policy

1. What information do we collect?

Information you provide

  • Account & Contact: email, password or OAuth identity (via Clerk), support messages (incl. via live chat).
  • User content: photos/files you select (e.g., attachments to route stops), route names/notes.

Information collected automatically

  • Usage & analytics: screens, interactions, performance (web via cookies/SDKs; mobile via SDKs).
  • Session replay: on web via Hotjar (heatmaps & replay); on mobile optionally via PostHog Session Replay. Sensitive fields are masked where supported; you can disable PostHog analytics/replay via in-app Settings.
  • Diagnostics & errors: crash reports, stack traces, device/OS, device identifiers, app version (Bugsnag on mobile; Sentry on web/server). These diagnostics are always active and cannot be disabled as they are essential for app stability and security.
  • Technical: app/instance IDs, device/OS info, locale, time zone, network status.
  • Device or other identifiers: Android ID, installation IDs, device fingerprints collected by:
    • • PostHog (analytics) — can be disabled via Settings
    • • Bugsnag (crash reporting) — always active, cannot be disabled
    • • RevenueCat (purchase validation) — always active
    • • Clerk (authentication) — required for account management

Information from device permissions (mobile)

  • Precise location (while using the app): navigation, ETAs, route optimization (expo-location/Mapbox). No background location collection.
  • Microphone: speech-to-text to quickly add stops. Audio is used for transcription and not stored unless you save a transcript.
  • Camera & Photos: capture/select images for your routes. We access only the media you choose.
  • Files: documents you select via Document Picker (e.g., CSV import). We do not scan other files.

1a. Platforms (Web vs Mobile)

Web (browser)

  • Auth: Clerk (sign-in, sessions).
  • Maps: Mapbox GL JS / Google Maps.
  • Analytics & replay: Hotjar (heatmaps, session replay).
  • Support chat: Tawk.to (chat transcripts & metadata you send).
  • Error monitoring: Sentry (client & server errors; scrubbed).
  • Cookies/storage: consent banner, cookies/localStorage for preferences and sessions.
  • Files/Clipboard: uploads/downloads (drag&drop, file-download), copy-to-clipboard.

Mobile (apps)

  • Auth: Clerk.
  • Maps: Mapbox SDK.
  • Purchases: RevenueCat.
  • Analytics: PostHog (+ optional Session Replay).
  • Diagnostics: Bugsnag.
  • Permissions: location (while-in-use), microphone, camera/photos, file picker.

2. How do we use your information?

  • Provide the Services (routing, navigation, subscriptions) — GDPR: Contract (Art. 6(1)(b)).
  • Authenticate & secure accounts — Contract; Legitimate interests (security, fraud prevention).
  • Process purchases/subscriptions (mobile) — Contract; Legal obligation (tax/records).
  • Analytics & product improvement (PostHog, Hotjar) — Legitimate interests; where required, Consent (e.g., Hotjar on web; PostHog session replay on mobile; analytics cookies on web). You can disable PostHog analytics in mobile app Settings.
  • Error/crash monitoring & debugging (Bugsnag, Sentry) — Legitimate interests; Legal obligation (maintaining app security). This is always active and cannot be disabled.
  • Communications (service/support messages) — Contract; Legitimate interests.
  • Compliance — Legal obligations.

3. When and with whom do we share data?

Processors acting on our behalf include:

  • Clerk — authentication & accounts (web & mobile).
  • RevenueCat — in-app purchases & subscription status (mobile).
  • Mapbox / Google Maps — maps/tiles, geocoding, navigation (web & mobile as applicable).
  • Hotjar — web analytics, heatmaps & session replay (web only).
  • Tawk.to — live chat widget & chat transcripts (web only, initiated by you).
  • Sentry — web/server error monitoring; PII is minimized/scrubbed.
  • PostHog (+ Session Replay) — product analytics (mobile).
  • Bugsnag — crash reporting (mobile).
  • Hosting & CDN — cloud infrastructure and content delivery.

We do not sell personal information and do not share it for cross-context behavioral advertising.

4. Cookies, SDKs, and tracking

The web app uses cookies/SDKs; the mobile apps use SDKs. We do not use advertising SDKs.

Mobile SDKs: Required vs Optional

On mobile, we use the following SDKs:

Required (always active):

  • Clerk — Authentication (required for account functionality)
  • RevenueCat — Subscription management (required for purchase features)
  • Bugsnag — Crash reporting and diagnostics (required for app stability; cannot be disabled)
  • Mapbox — Maps and navigation (required for core app functionality)

Optional (can be disabled in Settings):

  • PostHog — Product analytics and optional session replay (you can disable this in Settings → Analytics)

Device identifiers are collected by all of the above to enable their respective functions.

Cookie/SDK categories (web)

  • Strictly necessary — auth/session, security, load balancing.
  • Functional — language, UI preferences.
  • Analytics — Hotjar usage metrics, heatmaps, session replay (loads only with your consent where required).
  • Support — Tawk.to live chat widget (loads only with your consent where required).

Manage cookie preferences anytime via the cookie banner or "Cookie Settings".

5. International data transfers

Your data may be processed in countries outside your own. For EEA/UK/Swiss users, when transferring outside these regions, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and vendor addenda.

6. Data retention

We keep personal data only as long as necessary for the purposes above. Account data persists while your account is active. Crash logs/analytics follow provider default windows. When no longer needed, we delete or anonymize data.

7. Your rights and controls

  • Access, correct, delete, or export your data.
  • Withdraw consent for optional features:
    • • Web: disable Hotjar analytics/session replay via cookie banner/settings
    • • Mobile: disable PostHog analytics/session replay in Settings → Analytics
    • • Mobile: disable microphone, camera, location permissions in device settings
  • Object to/limit certain processing where applicable under GDPR.

Note: Crash/error reporting (Bugsnag, Sentry) and authentication (Clerk) cannot be disabled as they are essential for app functionality and security, processed under legitimate interests and legal obligations.

Use in-app/web controls or contact [email protected]. We may verify your identity.

8. Children

The Services are not directed to children under 18. If we learn we collected data from a minor, we will delete it.

9. Security

We use technical and organizational measures appropriate to the risk (e.g., encryption in transit, access controls). No method is 100% secure.

10. Contact & Data Controller

Routerra Anatolii Trubin

Address: ul. Na Zjeździe 11, lok. 5p, 30-527 Kraków, Poland

NIP: 6793319069 · REGON: 540576549 (REGON-14: 54057654900000)

Email: [email protected]

Terms & ConditionsData Deletion Policy

11. Updates to this Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by the “Last updated” date above. For material changes, we may provide additional notice (e.g., in-app/web notice or email).