godmodePrivacy Policy
1. Information We Collect
We collect information you provide directly: account and profile data (via Clerk authentication), workspace settings, chat and commitment content you create, integration tokens you authorize, and billing information processed by Stripe.
We collect technical data necessary to operate the service: device type, browser, IP address, session identifiers, and product usage events (for example feature usage and error logs). We do not sell your personal information.
2. How We Use Your Information
We use collected information to provide, operate, secure, and improve Route5; authenticate users; enforce plan limits; send service and security notices; respond to support requests; detect fraud and abuse; and comply with legal obligations.
AI features process your prompts and attachments to generate responses. We do not use your customer content to train public foundation models.
3. Team and Workspace Data
When you belong to a workspace, administrators and permitted members may access workspace-scoped data: commitments, shared chat threads, member roster, and integration connection status. Private chat threads remain visible to their author unless explicitly shared with the team.
You control what you share. Review teammate access before sharing sensitive information.
4. Data Residency and Subprocessors
Workspace data is stored in tenant-scoped databases (Supabase PostgreSQL). Authentication is provided by Clerk. Email may be sent via Resend. Payments via Stripe. AI inference may use OpenRouter, OpenAI, or other providers you route to — only the minimum content needed for each request is transmitted.
A current subprocessor list is available on request at neville@route5ai.com.
5. Security
We encrypt data in transit (TLS 1.2+). Integration OAuth tokens and Apple credentials are encrypted at rest (AES-256-GCM). Access to production systems is restricted and logged.
No method of transmission or storage is 100% secure. You are responsible for safeguarding your account credentials and app-specific passwords.
6. Security Incidents and Breach Notification
If we become aware of a confirmed breach of personal data in our systems, we will notify affected workspace administrators without undue delay and provide information about what occurred and steps we are taking, consistent with applicable law (including GDPR and state breach-notification statutes where they apply).
Report suspected incidents to neville@route5ai.com immediately.
8. Data Retention and Deletion
We retain workspace data while your account is active. You may export commitments and chat history (on eligible plans). Upon account deletion request, we delete or anonymize personal data within 30 days except where retention is required by law or for legitimate security purposes.
Backups may persist for a limited period before rolling off.
9. International Transfers
Route5 is operated from the United States. If you access the service from other regions, your data may be processed in the U.S. and other countries where our subprocessors operate. We rely on appropriate safeguards where required.
10. Your Rights
Depending on your jurisdiction you may request access, correction, deletion, portability, or restriction of personal data, and object to certain processing. Contact neville@route5ai.com — we respond within 30 days.
California residents may have additional rights under the CCPA/CPRA. EEA/UK users may lodge complaints with their supervisory authority.
11. Children
Route5 is not directed to children under 16. We do not knowingly collect personal information from children. Contact us to request deletion if you believe a child has provided data.
12. Contact
**Route5** — neville@route5ai.com