← Back to Home

Privacy Policy

Last Updated: March 11, 2026

RouteScout ("we," "our," or "us") operates the RouteScout mobile application and web platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

1. Information We Collect

1.1 Account Information

  • Name, email address, and password
  • Organization/company name
  • Job title and role
  • Billing and payment information (processed by Stripe)

1.2 Lead and Contact Data

When you use RouteScout to scan badges or capture leads at events:

  • Attendee name, email, company, phone number, and job title
  • Badge scan metadata (timestamp, event, booth location)
  • Notes and tags added by your team
  • Consent status and consent audit trail

1.3 Consent Logs

For GDPR compliance, we record:

  • Whether consent was given or declined
  • Method of consent (mobile scan, web form, verbal)
  • IP address and user agent at time of consent
  • Timestamp of consent action

1.4 Device and Usage Information

  • Device type, operating system, and version
  • App version and crash reports
  • Feature usage analytics
  • Log data (access times, pages viewed, app interactions)

1.5 Location Information

  • We do not collect precise GPS location
  • General location may be inferred from IP address for analytics

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve RouteScout services
  • Process badge scans and manage lead data
  • Sync lead data to your CRM (Salesforce, HubSpot) at your direction
  • Generate AI-powered outreach messages (using Anthropic Claude)
  • Process subscription payments and manage billing
  • Send service-related communications
  • Monitor usage against subscription tier limits
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

3. Third-Party Services

We share data with the following third-party service providers, solely to operate our services:

ProviderPurposeData Shared
SupabaseDatabase, authenticationAccount data, lead data, consent logs
StripePayment processingBilling info, subscription status
Anthropic (Claude)AI message generationLead context for outreach drafts
ResendEmail deliveryRecipient email, message content
SalesforceCRM sync (at your direction)Lead data, activity logs
HubSpotCRM sync (at your direction)Lead data, activity logs

We do not sell your personal information or lead data to third parties.

4. Data Ownership

You own your data. All lead data, contact information, and content you create within RouteScout belongs to you. We process it on your behalf to provide our services. Upon account termination, you may export your data, and we will delete it from our systems within 30 days upon request.

5. Data Storage and Security

  • Data is stored in Supabase (PostgreSQL) hosted in the United States
  • All data is encrypted in transit (TLS 1.2+) and at rest
  • Row-level security (RLS) ensures organization data isolation
  • We implement access controls, audit logging, and regular security reviews
  • Payment data is handled entirely by Stripe (PCI DSS compliant) and never stored on our servers

6. Data Retention

  • Account data: Retained while your account is active, deleted within 30 days of account closure upon request
  • Lead data: Retained while your account is active; you may delete individual leads at any time
  • Consent logs: Retained for 7 years to comply with GDPR audit requirements
  • Usage analytics: Retained in aggregate for up to 2 years
  • Payment records: Retained as required by tax and financial regulations

7. Your Rights

7.1 All Users

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Opt out of non-essential communications

7.2 European Economic Area (GDPR)

If you are in the EEA, you additionally have the right to:

  • Restrict processing of your data
  • Object to processing based on legitimate interest
  • Data portability
  • Lodge a complaint with your local data protection authority
  • Withdraw consent at any time

7.3 California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information is collected
  • Know whether personal information is sold or disclosed and to whom
  • Opt out of the sale of personal information (we do not sell data)
  • Access your personal information
  • Equal service and price, regardless of exercising privacy rights

8. Children's Privacy

RouteScout is a B2B service designed for business professionals. We do not knowingly collect information from children under 16. If we discover we have collected data from a child under 16, we will delete it immediately.

9. Cookies and Tracking

Our web platform uses:

  • Essential cookies: Required for authentication and core functionality
  • Analytics cookies: To understand usage patterns and improve our service (can be opted out)

Our mobile app does not use cookies but may collect anonymous usage analytics.

10. International Data Transfers

Data is processed and stored in the United States. If you are accessing our services from outside the US, your data will be transferred to the US. We rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards for international transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending an email notification to account holders
  • Updating the "Last Updated" date

Continued use of RouteScout after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights:

We will respond to all privacy-related requests within 30 days.

← Back to Home·Terms of Service