Disclaimer: This policy is provided for informational purposes and should be reviewed by a qualified attorney before reliance. It does not constitute legal advice.
DriftRoute, Inc. ("we," "us," or "our") operates the DriftRoute platform ("the Service"). This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.
1. Data We Collect
Account Data
When you create an account, we collect your name, email address, organization name, and chosen subdomain. This information is required to provision your account and deliver the Service.
Payment Data
Subscription billing is processed by Stripe. We do not store credit card numbers or full payment details on our servers. Stripe collects and processes payment information according to their Privacy Policy. We receive and store a limited set of billing metadata (subscription status, billing period, Stripe customer ID) to manage your account.
Content Data
We store the content you create through the Service, including points of interest (POIs), routes, photos, descriptions, and collaborative route data. This content is stored to operate and deliver the Service as you direct.
Usage Data
We collect IP addresses for rate limiting, abuse prevention, and security purposes. We also maintain session cookies for authentication (see Section 5).
Contact Form Data
If you submit the contact form on our website, we collect your name, email address, message, and IP address. This data is used to respond to your inquiry and prevent spam.
Collaborative Route Data
When you share a route with guests for collaborative editing, we collect the participant names and edit activity associated with that route. Guest participants are not required to create an account.
2. How We Use Your Data
We use the data we collect for the following purposes:
- Service delivery — hosting your content, rendering maps, enabling route sharing and collaboration
- Billing — processing subscription payments and managing your account status
- Communication — sending transactional emails (account verification, password resets, billing receipts)
- Support — responding to your inquiries and resolving issues
- Security — rate limiting, abuse prevention, and protecting the integrity of the Service
We do not sell your personal data. We do not use your data for advertising or behavioral profiling.
3. Third-Party Services & Data Sharing
We share data with third-party providers only as necessary to operate the Service:
- Stripe — receives payment information to process subscription billing. See Stripe's Privacy Policy.
- Mapbox — provides map rendering and geocoding. Mapbox processes data client-side in your browser. See Mapbox's Privacy Policy.
- Cloudflare — provides hosting, content delivery, and database infrastructure. See Cloudflare's Privacy Policy.
- Resend — delivers transactional email on our behalf (account verification, password resets). See Resend's Privacy Policy.
We do not share your data with any other third parties except as required by law (e.g., in response to a valid legal process).
4. Data Security
We take reasonable measures to protect your data, including:
- All data is transmitted over HTTPS (TLS encryption in transit)
- Passwords are hashed using industry-standard algorithms — we never store plaintext passwords
- Authentication tokens are stored as secure, HTTP-only cookies
- Access to production infrastructure is restricted and requires authentication
No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.
5. Cookies & Sessions
We use cookies strictly for authentication purposes:
- Session cookie — an authentication token set when you log in, with a 7-day expiry. This cookie is required for the Service to function.
We do not use tracking cookies, analytics cookies, or third-party advertising cookies. We do not use any cookie consent banners because we only use essential cookies required for the Service to operate.
6. Data Retention
We retain your account data and content for as long as your account is active. If you cancel your subscription, your data is retained until the end of the billing period.
After account closure, you may request deletion of all your data by emailing colin@driftroute.io. We will delete your data within 30 days of a valid request, except where retention is required by law.
Contact form submissions are retained for up to 12 months for support reference purposes.
7. Guest & Visitor Data
Guests who access shared routes or collaborative editing links are not required to create an account. For these users, we collect only the data they voluntarily provide (e.g., a display name when editing a route) and standard request data (IP address) for security purposes.
8. Children's Privacy
The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at colin@driftroute.io.
9. Your Rights
You have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — request that we correct inaccurate or incomplete data
- Deletion — request that we delete your personal data
- Export — request your data in a portable format
To exercise any of these rights, email colin@driftroute.io. We will respond within 30 days.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. The "Effective date" at the top of this page reflects the most recent revision.
11. Contact
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:
DriftRoute, Inc.
colin@driftroute.io