Privacy Policy

1. Introduction

RefRoute ("we," "us," or "our") operates the RefRoute application and website. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service.

2. Information We Collect

We collect the following types of information:

• Account information: Your name and email address, provided through our authentication provider (Clerk) when you sign in with Google or email.
• Home address: Used to calculate driving distances and optimize your game routes.
• Scheduling platform credentials: Your login credentials for third-party scheduling platforms (such as HorizonWebRef and OSSRC) that you voluntarily provide to enable game data import.
• Game data: Game schedules, locations, pay rates, and assignment details imported from your connected scheduling platforms.
• Location data: Geocoded addresses of game venues used for route optimization.
• Payment information: Payment details processed securely through Stripe. We do not store your credit card number on our servers.

3. How We Store Your Credentials

We take the security of your scheduling platform credentials seriously:

• Credentials are encrypted using AES-256-GCM encryption before being stored in our database.
• Credentials are never stored in plaintext.
• Decryption occurs only server-side during sync operations to import your game data.
• Encryption keys are stored separately from the encrypted data and are never exposed to the client.

4. How We Use Your Information

• Scheduling platform credentials are used solely to access your own accounts on your behalf to import your game data. We do not use your credentials for any other purpose.
• Game data and location data are used to calculate optimal routes, rank games by profitability, and provide analytics on your earnings and mileage.
• Account information is used to identify your account and communicate with you about the service.
• Payment information is used to process your one-time payment for the service.

5. Third-Party Services

We use the following third-party services to operate RefRoute:

• Clerk — Authentication and user management. Clerk processes your name, email, and sign-in credentials. Clerk Privacy Policy
• Stripe — Payment processing. Stripe handles all payment card data. Stripe Privacy Policy
• Neon (PostgreSQL) — Database hosting. Your encrypted data is stored in a Neon managed database. Neon Privacy Policy
• Vercel — Application hosting and deployment. Vercel Privacy Policy
• Google Maps Platform — Geocoding of venue addresses for route calculations. Google Privacy Policy

6. Your Rights

You have the right to:

• View your data: Access all personal information we hold about you through your account settings.
• Disconnect platforms: Remove your scheduling platform credentials at any time from your settings. Credentials are deleted immediately upon disconnection.
• Delete your account: Request complete deletion of your account and all associated data at any time by contacting us.

7. Data Retention

• Scheduling platform credentials are deleted immediately when you disconnect a platform.
• Game data associated with a disconnected platform is retained for your analytics history unless you request its deletion.
• All account data is permanently deleted upon request. Contact us at support@refroute.com to request account deletion.

8. Cookies

RefRoute uses essential cookies provided by Clerk for session management and authentication. We do not use advertising cookies, tracking cookies, or any third-party analytics cookies. No data is shared with advertisers.

9. California Privacy Rights (CCPA)

If you are a California resident, you have the right to request disclosure of the personal information we collect about you, to request deletion of your personal information, and to opt out of the sale of your personal information. We do not sell your personal information. To exercise these rights, contact us at support@refroute.com.

10. European Privacy Rights (GDPR)

If you are located in the European Union, you have the right to access, rectify, erase, restrict processing, and port your personal data. You also have the right to object to processing and to withdraw consent where processing is based on consent. To exercise these rights, contact us at support@refroute.com.

11. Children's Privacy

RefRoute is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@refroute.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of RefRoute after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: support@refroute.com