Privacy Policy
Effective: 2026-05-11 · Last updated: 2026-05-11
1. Who we are
RouteForge is a multi-tenant SaaS operations platform for recurring service businesses. This Privacy Policy describes what data we collect, how we use it, and the third parties we rely on to deliver the service. RouteForge is operated by RouteForge and is currently available in the United States as an invite-only beta.
2. Data we collect
- Account data: organization name, region, contact email, role assignments — provided by you when an operator onboards.
- Service location data: customer addresses, service plan configuration, container and asset details — entered by dispatcher and office users.
- Operational data: route definitions, stop sequences, service events (including timestamps, driver, vehicle, exception payloads, and optional photos), reconciliation adjustments.
- User identity data: email address, name, IP address, browser user-agent, session metadata — handled by Clerk on our behalf.
- Telemetry: error reports, performance traces — collected via Sentry for debugging purposes.
- Field photos: images captured during service delivery, stored in Cloudflare R2 object storage.
3. How we use the data
- To deliver the contracted SaaS service (dispatcher tooling, driver PWA, reporting, billing reconciliation).
- To investigate operational incidents (Sentry error reports tied to authenticated user and org context).
- To send transactional notifications (route assignment, exception escalation, optimization-run status — via Resend).
- To render maps and calculate turn-by-turn directions for driver routes (via Mapbox).
- To run background jobs such as nightly schedule generation and notification delivery (via Trigger.dev).
- We do not sell personal data.
- We do not use customer data to train AI models.
4. Third-party data processors (subprocessors)
We engage the following subprocessors. Each operates under a written Data Processing Agreement (DPA) or equivalent and processes data only on our instructions.
| Processor | Legal entity | Role | |-----------|-------------|------| | Clerk | Clerk, Inc. | Authentication, user management, organization membership | | Cloudflare | Cloudflare, Inc. | CDN, DDoS protection, DNS, and R2 object storage (field photos) | | Fly.io | Fly.io, Inc. | Application hosting (web, API, worker, and self-hosted Valhalla routing) | | Mapbox | Mapbox, Inc. | Map rendering, geocoding, and turn-by-turn directions | | Sentry | Functional Software, Inc. d/b/a Sentry | Error monitoring, performance traces, and session replay | | Resend | Resend | Transactional email delivery | | Trigger.dev | API Hero Ltd (trading as Trigger.dev) | Background job execution (recurring schedules, notifications) | | Crisp | Crisp IM SARL | In-app support / live chat — receives user name, email, organization name, organization ID, role label, and message contents when an operator opens a support session |
Note on Valhalla: Valhalla is open-source routing software (MIT licensed) that runs as a Docker container on our Fly.io infrastructure. It has no independent data processing agreement — it is covered by the Fly.io entry above.
Note on Cloudflare R2: R2 is Cloudflare's S3-compatible object storage product. Field photos uploaded during service delivery are stored in R2. Both Cloudflare's network services and R2 storage are covered by the single Cloudflare, Inc. entry above.
5. Data storage and retention
- Customer data is stored in PostgreSQL hosted on Fly.io in the US region selected at org provisioning.
- Field photos are stored in Cloudflare R2.
- Database backups are retained for 30 days.
- On account termination, customer data is deleted within 30 days unless a legal retention obligation applies.
- Support chat transcripts captured via Crisp are retained per Crisp's standard processor terms.
6. Access controls
- Multi-tenant data isolation is enforced at the database layer via PostgreSQL Row-Level Security (RLS). No operator can access another operator's data by construction.
- Operator data is isolated by Clerk-managed organization scoping. Every authenticated request carries a verified JWT that identifies the organization; the database enforces isolation regardless of application logic.
- RouteForge personnel access production data only in response to a support incident and only with the operator's knowledge.
7. Your rights
- You can request a copy of your organization's data by emailing the contact address below.
- You can request deletion of your organization's data subject to ongoing contractual obligations and legal retention requirements.
- This Privacy Policy is targeted at US-domestic operators. EU and UK GDPR-specific rights are not addressed in v1. If you operate in those jurisdictions, contact us before signing up.
8. Contact
For privacy questions or data requests, email: support@routeforge.app
9. Disclaimer
This document was drafted by RouteForge with assistance from automated tooling and is provided for transparency. It is not legal advice. Operators with regulatory exposure should retain independent counsel.
Changes
- v1 — 2026-05-11: Initial publication.
- v2 — 2026-05-20: Added Crisp as an in-app support subprocessor; documented support transcript retention.