Plain English summary: RouteTrak connects to your GHL account to read appointments and contacts, optimise routes, and send SMS messages to your field techs. We do not sell your data to anyone. You can delete your data at any time by uninstalling the app.
1. Who we are
RouteTrak ("we", "us", "our") is an AI-powered route optimisation application for field service businesses. RouteTrak operates as a third-party integration for Go High Level (GHL) and as a standalone SaaS product.
Our registered address and primary contact: support@routetrak.com
2. Data we collect
Data from GHL (when you connect your GHL account)
- Contact data: Names, phone numbers, addresses, email addresses, and tags from your GHL CRM contacts — used to populate route stops and send SMS dispatch messages.
- Calendar data: Appointment times, assigned users, and linked contacts from your GHL calendar — used to build daily route plans.
- User data: GHL user names, IDs, and phone numbers within your location — used to assign routes to the correct field technicians.
- GHL OAuth tokens: Encrypted access and refresh tokens — stored securely to maintain your connection without requiring you to log in repeatedly.
Data you provide directly
- Account information: Email address when creating a standalone RouteTrak account.
- Team configuration: Service types, team names, truck names, and capacity settings you create inside RouteTrak.
- Depot address: Your business's starting address used as the route origin.
Data collected automatically
- Usage logs: Which features are used, route optimisation requests, and error logs — used to improve the product and diagnose issues. Logs are anonymised after 30 days.
- Session data: An encrypted session cookie to keep you logged in. Contains no personal data — only a session identifier.
3. How we use your data
We use your data solely to provide and improve the RouteTrak service:
- Building and optimising daily route plans for your field technicians
- Geocoding stop addresses using the Google Maps Geocoding API
- Scoring and prioritising jobs using OpenAI (stop addresses and job types only — no personally identifiable contact information is sent to OpenAI)
- Sending SMS dispatch messages to your field technicians via Twilio
- Displaying route maps using the Google Maps JavaScript API
- Writing check-in notes back to GHL contact timelines
- Providing analytics on your team's field performance
We do not use your data for advertising, profiling, or any purpose other than operating RouteTrak.
4. Data sharing
We share data with the following third-party services, solely to operate RouteTrak:
- Google Maps Platform — Stop addresses are sent for geocoding and map display. Google's privacy policy applies: policies.google.com/privacy
- OpenAI — Job addresses and types (not contact names or phone numbers) are sent to score and prioritise route stops. OpenAI's privacy policy applies: openai.com/privacy
- Twilio — Tech phone numbers and dispatch messages are sent to deliver SMS notifications. Twilio's privacy policy applies: twilio.com/legal/privacy
- Supabase — Your data is stored in a Supabase Postgres database hosted on AWS. Supabase's privacy policy applies: supabase.com/privacy
- Vercel — The RouteTrak application runs on Vercel's infrastructure. Vercel's privacy policy applies: vercel.com/legal/privacy-policy
We do not sell, rent, or trade your data to any third party. We do not share your data with advertisers.
5. Data retention
- Active accounts: Data is retained for as long as your account is active and you have RouteTrak connected to your GHL account.
- After disconnection: When you uninstall RouteTrak from GHL or delete your account, we delete your GHL tokens and team configuration immediately. Route history and check-in logs are deleted within 30 days.
- Usage logs: Anonymised after 30 days and deleted after 12 months.
- Backup data: Encrypted database backups are retained for 7 days and then automatically deleted.
6. Security
- All data is transmitted using TLS 1.2 or higher (HTTPS).
- GHL OAuth tokens are stored encrypted at rest in Supabase Postgres.
- Google Maps API keys are served server-side only and never exposed in client-side JavaScript.
- Session cookies are HTTP-only, secure, and scoped with SameSite: Lax to prevent cross-site request forgery.
- The application enforces rate limiting on all API endpoints to prevent abuse.
- Row-level security is enforced at the database layer — your data is isolated from other accounts.
7. Your rights
You have the right to:
- Access: Request a copy of the data we hold about you.
- Correction: Ask us to correct inaccurate data.
- Deletion: Ask us to delete your data. You can also trigger deletion by uninstalling RouteTrak from GHL.
- Portability: Request your data in a machine-readable format.
- Objection: Object to any processing you believe is unlawful.
To exercise any of these rights, email us at privacy@routetrak.com. We will respond within 30 days.
8. Cookies
RouteTrak uses a single session cookie named routetrak.sid. This cookie:
- Contains only an encrypted session identifier — no personal data
- Is set as HTTP-only (not accessible to JavaScript)
- Expires after 24 hours of inactivity
- Is required for the application to function — there is no cookie-free mode
We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.
9. Changes to this policy
We may update this Privacy Policy from time to time. We will notify connected GHL accounts of material changes via the GHL conversations channel at least 14 days before the changes take effect. The "last updated" date at the top of this page reflects the most recent revision.
For privacy-related questions or to exercise your rights: