Privacy Policy

Effective date: May 19, 2026 · Last updated: May 19, 2026

RouteForge (“RouteForge,” “we,” “us,” or “our”) provides route-management software used by trash bin cleaning and field-service businesses to manage drivers, schedule jobs, and serve their own customers. This Privacy Policy describes what information we collect, how we use it, who we share it with, and the choices you have. By using www.routeforge.org, the RouteForge admin dashboard, the driver app, or any customer-portal widget embedded on a RouteForge customer’s website (collectively the “Services”), you agree to this Policy.

Who this applies to
Information we collect
How we use information
When we share information
Cookies and local storage
How long we keep information
How we protect information
Your rights and choices
California residents (CCPA/CPRA)
Children
Changes to this policy
How to contact us

1. Who this applies to

RouteForge is a B2B platform. There are three distinct types of users, and this Policy covers all three:

Tenants (business operators). Companies that subscribe to RouteForge and run their service business on it.
Drivers. Employees or contractors of a Tenant who use the driver app to clock in, view routes, and complete jobs.
End customers. Households or businesses that subscribe to service from a Tenant (e.g. bin cleaning) via a customer portal that RouteForge powers.

For end customers: the Tenant is the “controller” of your information for most purposes — they decide what services you receive, what records to keep, and how to contact you. RouteForge is the “processor” that stores and serves that information on their behalf. If you have questions about your data and you’re an end customer, contact the Tenant you signed up with first; if they can’t help, contact us at info@routeforge.org.

2. Information we collect

2.1 Information you give us directly

Tenant signup. Company name, owner name, email address, password (stored hashed with bcrypt — we never see the plaintext), chosen subscription plan, and your business’s headquarters address (which we geocode to latitude/longitude).
Driver accounts. First name, last name, login username (chosen by the Tenant’s admin), password (stored hashed), email, phone, vehicle, license plate, trailer, service zone.
End-customer signup. First name, last name, email, phone, service address (geocoded), chosen service plan, number of bins, trash/recycling pickup day, and first cleaning date.
Payment information. Card details and bank information are collected and stored directly by Stripe — RouteForge only receives a token, the last four digits of the card, the card brand, and expiration. We do not store full card numbers.
Waitlist / contact forms. Name, email, company name, plan interest.
Support communications. Anything you write to us, plus your contact info.

2.2 Information generated by your use of the Services

Routes and jobs. Route assignments, stop sequences, job status updates, photos drivers attach to completed jobs, free-text notes.
Time entries. Driver clock-in / clock-out / break events with timestamps, attributed to the driver who took the action.
Service history. Past services performed for end customers, amounts billed, tips, payment status.
Login activity. Last login timestamp on each user account.
Webhooks and platform events. Stripe payment events and similar system events that pass through our backend.

2.3 Information collected automatically

Standard server logs. IP address, user agent, request path, timestamp. Used for debugging and security.
Local browser storage. A JSON Web Token after you log in (so you don’t have to log in on every page) and a small set of UI preferences (dark mode, dashboard layout, last-known route for offline use in the driver app). These do not contain account secrets.

2.4 Information we do not collect

We do not collect biometric data, precise real-time GPS location of drivers (the driver app does not stream location), advertising identifiers, or contacts from your phone. We do not track you across other websites.

3. How we use information

Run the Services. Authenticate you, render the dashboards, route drivers, schedule services, deliver receipts, persist photos and notes.
Process payments. Charge subscriptions, collect from end customers, issue refunds, and reconcile via Stripe.
Communicate with you. Send transactional email (signup confirmations, password resets, receipts, service reminders) and optional SMS reminders if your Tenant enables Twilio.
Geocode addresses. Convert street addresses to latitude/longitude so routes can be optimized.
Improve the product. Aggregate, anonymous usage statistics and error logs.
Security and fraud prevention. Detect abuse, enforce rate limits, investigate incidents.
Comply with the law. Respond to lawful requests, retain records required by tax or accounting rules.

We do not use your information to train any third-party AI model.

We share information only in the following circumstances:

With your Tenant. If you are an end customer, your name, address, contact info, service plan, and service history are visible to the Tenant who operates the business serving you.
With service providers (subprocessors). We use vetted vendors to deliver the Services:
- Stripe — payment processing (stripe.com/privacy).
- Resend — transactional email delivery (resend.com/legal/privacy-policy).
- Twilio — optional SMS notifications if your Tenant enables it (twilio.com/legal/privacy).
- SendGrid — optional email for Tenants who configure their own SendGrid API key (twilio.com/legal/privacy).
- Google Maps Platform — geocoding addresses and (optionally) showing maps in the dashboard (policies.google.com/privacy).
- OpenStreetMap / Nominatim — fallback geocoder when Google is not configured (wiki.osmfoundation.org/wiki/Privacy_Policy).
- Railway — backend hosting (railway.app/legal/privacy).
- Cloudflare — DNS, CDN, email routing, page hosting (cloudflare.com/privacypolicy).
For legal reasons. When required by law, subpoena, or court order, or to protect the rights, property, or safety of RouteForge, our users, or the public.
Business transfers. If RouteForge is involved in a merger, acquisition, financing, or sale of assets, information may be transferred to the successor entity, subject to this Policy.

We do not sell your personal information. We do not share your personal information with advertising networks or data brokers.

5. Cookies and local storage

RouteForge does not currently use third-party cookies or advertising trackers. The Services do rely on browser localStorage for two purposes:

Authentication token. A JSON Web Token issued after login, used to keep you signed in.
UI state. Preferences like dark mode and a cached copy of your most recent driver route so the driver app stays usable offline.

You can clear these at any time through your browser settings; doing so will sign you out.

6. How long we keep information

Active accounts. Information is retained while your account is active.
Closed Tenant accounts. Account records are retained for up to 12 months after closure for billing reconciliation, then deleted or fully anonymized. Tenants may request immediate deletion at any time.
Closed end-customer accounts. The Tenant controls retention; we delete on the Tenant’s instruction. Default behavior is to retain service history for up to 24 months for the Tenant’s tax/accounting records.
Financial records. Invoices, refunds, and payment receipts may be retained for 7 years to meet US tax and accounting requirements, even if you have deleted other information.
Server logs. Standard request logs are retained for up to 90 days.

7. How we protect information

All traffic to routeforge.org and the API is served over HTTPS/TLS.
Passwords are hashed with bcrypt before storage — we never store or have access to plaintext passwords.
Authentication uses signed JSON Web Tokens with a configurable expiration.
Database access is restricted to RouteForge’s backend infrastructure on Railway, behind a private network.
Tenant data is isolated by a tenant_id on every per-tenant row, enforced at the API layer on every request.
Stripe handles all card data using PCI-DSS-compliant infrastructure; we never see full card numbers.

No system is perfectly secure. If we discover a security incident that materially affects your information, we will notify the affected Tenants and, where required by law, end users.

8. Your rights and choices

Regardless of where you live in the United States, you can:

Access a copy of the personal information we hold about you.
Correct inaccurate information.
Delete your personal information (subject to legal and tax retention requirements above).
Port your data to another service in a machine-readable format.
Opt out of optional communications (transactional emails about your account cannot be turned off while the account is active).

To exercise any of these rights, email info@routeforge.org from the address on file. We will respond within 30 days. If you are an end customer of a Tenant, please contact the Tenant first — they often can resolve requests faster than we can.

9. California residents (CCPA/CPRA)

If you reside in California, the California Consumer Privacy Act as amended by the CPRA gives you additional rights:

The right to know the categories and specific pieces of personal information we collect about you.
The right to delete personal information we collect from you.
The right to correct inaccurate personal information.
The right to opt out of the “sale” or “sharing” of personal information.
We do not sell or share personal information as those terms are defined by the CCPA.
The right to limit use and disclosure of sensitive personal information.
The right not to be discriminated against for exercising any of these rights.

To exercise these rights, email info@routeforge.org with the subject line “California Privacy Request.” You may designate an authorized agent to make a request on your behalf; we may require proof of identity and the agent’s authorization.

10. Children

The Services are intended for use by businesses and their adult employees and customers. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please email info@routeforge.org and we will delete it.

11. Changes to this policy

We may update this Policy from time to time. Material changes will be announced via email to Tenant admins and posted at the top of this page with a new “Last updated” date. Continued use of the Services after a change takes effect constitutes acceptance of the revised Policy.

12. How to contact us

Questions, requests, or concerns about this Policy or your information should be sent to:

RouteForge
Email: info@routeforge.org
Web: www.routeforge.org