Effective Date: April 6, 2026

RouteVault Privacy Policy

1. Scope
This Privacy Policy applies to the RouteVault iOS app, the RouteVault website, and RouteVault account services.

2. Our approach
RouteVault is designed to keep core trip tracking and analytics on-device. Cloud processing is used for specific account and feature workflows such as authentication, subscriptions, backups, report delivery, and support.

3. Information we collect
Depending on how you use RouteVault, we may process:
- Account information: email address, user ID, sign-in provider details, and profile data you set (such as display name).
- App content: trip records, route points, expense records, receipt attachments, and settings.
- Subscription data: entitlement status, product/plan identifiers, billing platform metadata, and related event timestamps.
- Device/session security data: device platform, model/name, app and OS version, session timestamps, and push token/session metadata used for device management and account security.
- Support/report data: support message content and metadata; report email recipient, message/subject, and report attachment data when you request delivery.

4. How we use information
We use data to:
- provide and operate RouteVault features;
- authenticate accounts and manage sessions/devices;
- process and maintain subscription access;
- store and restore encrypted backups you choose to create;
- send scheduled or on-demand reports you request;
- respond to support requests;
- maintain service security and prevent abuse.

5. Optional aggregate metrics and product improvement
RouteVault may process aggregate monthly usage totals (for example trip count and distance totals) for service metrics.
If you enable the in-app ML improvement option, RouteVault may include aggregate auto-tracking quality counters. These are aggregate signals, not raw route-level trip exports for public metrics.

6. On-device processing and permissions
RouteVault uses iOS location and motion permissions to support trip detection and tracking. Notification permissions are used for feature and account/security workflows. You can manage permissions in iOS Settings.

7. Backups and retention
If backup features are enabled, encrypted backup snapshots are stored in cloud storage associated with your account. Backup history and transfer-backup availability are managed by product limits and settings shown in-app.

8. Account deletion
RouteVault provides an in-app account deletion workflow. Deletion requests are scheduled and processed according to product policy. Certain billing/compliance records may be retained where required for compliance, fraud prevention, and legal obligations.

9. Third-party service providers
RouteVault uses service providers to deliver core functionality, including:
- Google Firebase (Authentication, Firestore, Cloud Functions, Storage, Messaging, App Check)
- Apple services (App Store subscriptions and APNs)
- Stripe (web subscription and billing workflows where applicable)
- SendGrid (transactional/support/report email delivery)

These providers process data under their own terms and privacy policies.

10. Security
We use technical and organizational safeguards, including encryption in storage/transport workflows and access controls. No system can guarantee absolute security.

11. Your choices
You can:
- manage account/profile information;
- control optional settings such as ML improvement sharing and backup/report preferences;
- manage subscriptions through the applicable billing channel;
- request support at support@routevault.app.

12. Children
RouteVault is not directed to children under 13.

13. Changes to this policy
We may update this Privacy Policy from time to time. Updates are posted on this page with a revised effective date.