Privacy Policy
This Privacy Policy explains how RouteIQ ("we", "us", "our") collects, uses, and protects information when you use our service at sprightly-moxie-720f36.netlify.app and our API at routeiq-production.up.railway.app.
1. What we collect
- Account information — your email address when you sign up
- API usage data — when queries pass through RouteIQ we log: the model used, number of tokens, cost, saving percentage, latency, and a short preview of the query content (first 80 characters)
- Your RouteIQ API key — generated at signup and stored securely in our database
We do not collect payment information, IP addresses, or any personally identifiable information beyond your email address.
2. How we use your data
- To provide the RouteIQ routing service
- To display your savings dashboard
- To improve our query classifier over time
- To contact you about your account if needed
We do not sell your data. We do not use your data to train AI models without your explicit consent. We do not share your data with third parties except as described below.
3. Query content
RouteIQ's classifier reads the content of queries in order to score their complexity and route them to the appropriate model. We store only the first 80 characters of each query as a preview for your dashboard. Full query content is not stored or logged beyond what is necessary for routing.
4. Third party services
- Supabase — we use Supabase to store account data and API keys. Supabase is GDPR compliant and stores data in the EU (West Europe). See supabase.com/privacy
- Railway — our API server runs on Railway. See railway.app/legal/privacy
- Anthropic / OpenAI — queries are forwarded to your chosen AI provider using your own API key. We are not responsible for how these providers handle query content
5. Data retention
Query logs are retained for 90 days and then deleted. Account data is retained for as long as your account is active. You can request deletion of your data at any time by emailing us.
6. GDPR and UK data protection
RouteIQ is operated from the United Kingdom and is designed to comply with the UK GDPR and EU GDPR. Our data is stored in West Europe (London). You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Object to processing of your data
- Data portability
To exercise any of these rights, email us at abdul.r.hafez@gmail.com.
7. Data Processing Agreement
If your organisation requires a Data Processing Agreement (DPA) before integrating RouteIQ, please email abdul.r.hafez@gmail.com and we will provide one.
8. Security
We use industry-standard security practices including encrypted connections (HTTPS), hashed API keys, and row-level security on our database. We do not store Anthropic or OpenAI API keys — these are passed through in your requests and never persisted.
9. Cookies
We use minimal cookies required for authentication only (provided by Supabase). We do not use advertising cookies or third-party tracking.
10. Changes to this policy
We may update this policy from time to time. We will notify you by email if we make significant changes. Continued use of RouteIQ after changes constitutes acceptance of the updated policy.
11. Contact
For any privacy questions or requests: abdul.r.hafez@gmail.com
RouteIQ is operated by Abdul Hafez, London, United Kingdom.