RouteSync

Privacy Policy

Last updated: May 16, 2026

1. Our approach to your privacy

RouteSync helps you and the people you travel with keep flights, hotels, rental cars, and receipts in one place. The travel data you put into RouteSync is yours. We collect only what we need to run the service, we don’t sell your personal information, and we don’t share it with advertisers or ad networks.

This policy explains what we collect, why, who we share it with, and the choices and rights you have. If anything is unclear, email [email protected].

2. What this policy covers

This policy applies to everything operated under the RouteSync name: the website at routesync.app (including the waitlist), the community forum at routesync.app/community, the app at app.routesync.app, and the RouteSync browser extension. We call these together the “Service.”

3. Information we collect

Account information. Your name, email address, and password when you create an account. Passwords are never stored in readable form — they are protected with bcrypt hashing. You may optionally add a photo, bio, company, location, home airport, and time zone.

Trip and travel data. The trips, flights, hotels, and rental cars you add — airlines, flight numbers, airports, dates and times, locations, confirmation numbers, notes — and who is travelling with you on a trip.

Receipts and forwarded email. RouteSync can give you a personal forwarding address at routesync.app. If you forward booking confirmations to it, we receive and store those emails — sender, subject, and full message body — and extract booking details such as vendor, dates, and amounts. We keep the original email so we can re-process it if our parsing improves. You can also upload receipt files directly.

Browser extension data. If you install the extension, it can read booking and confirmation details from airline, hotel, and rental-car websites you visit, so it can sync them to your trips. It only reads booking-related details on those specific travel sites — it does not track your general browsing. It stores your sign-in token locally in your browser.

Community forum data. Your email address, a display name, and the posts, comments, votes, and support tickets you create. Posts, comments, and votes are public; support tickets are private between you and the RouteSync team. The forum signs you in with a one-time “magic link” emailed to you.

Waitlist. Your email address and which page you signed up from.

Information we collect automatically. Technical data such as your IP address, browser type and user-agent, and activity logs (sign-ins, errors). We use a privacy-friendly, self-hosted analytics tool (Umami) for aggregate website usage; it does not use cross-site tracking cookies and does not build advertising profiles.

4. How we use your information

We use your information to provide and operate the Service (store trips, sync bookings, show itineraries); send service messages (sign-in links, trip invitations, and notifications you asked for); keep the Service secure and troubleshoot problems; provide support; and understand aggregate usage to improve. We do not use your trip data, receipts, or forwarded emails for advertising, and we do not sell personal information.

5. Sharing and collaboration

With people you choose. When you add someone to a trip, invite a companion, or add a travel “watcher,” they see the trip information you’ve shared with them. You control these invitations and can revoke access at any time.

Public community content. Posts, comments, and votes in the forum are visible to anyone, along with your display name and avatar.

We don’t sell your data. We do not sell or rent your personal information and do not share it with advertisers or ad networks.

Service providers. We share limited information with the providers in Section 6, who process it only on our behalf.

Legal reasons. We may disclose information if required by law or to protect the rights, safety, or property of RouteSync, our users, or the public.

Business transfer. If RouteSync is involved in a merger, acquisition, or sale of assets, your information may transfer; we’ll notify you and this policy continues to apply.

6. Service providers

A few trusted providers act as our processors and may only use your data to provide services to us: Resend (transactional email), Cloudflare (routes inbound email forwarding), and Sentry (error monitoring, when enabled). We host the Service on servers we operate in the United States; our analytics (Umami) are self-hosted on our own infrastructure.

7. Cookies and tracking

RouteSync uses cookies only where they are needed to make the Service work: session cookies keep you signed in, and a CSRF cookie protects community forms. We do not use advertising or cross-site tracking cookies, and our analytics tool is cookieless. You can block cookies, but signed-in features won’t work without session cookies.

8. Data retention

We keep your information for as long as your account is active and as long as we need it to provide the Service. When you delete your RouteSync account, we permanently delete your trips, flights, hotels, rental cars, bookings, receipts, forwarded emails, and uploaded files.

Some records — such as security and error logs, and recent backups — may persist for a limited time for security, audit, and disaster-recovery purposes, after which they’re removed. IP addresses in our logs are no longer associated with an active account once you delete it.

Community forum accounts are managed separately from app accounts. Content you post in the community remains visible unless you delete it; to delete a community account, contact us at [email protected].

9. How we protect your information

All traffic is encrypted in transit with TLS, passwords are hashed with bcrypt, and access to production systems is limited. Sign-in sessions can be revoked, and changing your password signs out other sessions. No method of storage or transmission is completely secure, but we work to protect your information and to respond quickly if something goes wrong.

10. Your rights and choices

You can access and update most of your information directly in RouteSync, and you can delete your account at any time from account settings, which permanently removes your data as described above. To request a copy of your data in a portable format, email [email protected]. Depending on where you live, you may have additional rights:

EU, UK, or EEA (GDPR). Rights to access, correct, delete, restrict, or object to processing, and to data portability. We process your data on these legal bases: performance of our contract with you (providing the Service), our legitimate interests (keeping the Service secure and improving it), your consent (where asked), and legal obligations. You may also lodge a complaint with your local data protection authority.

California (CCPA/CPRA). Rights to know, access, delete, and correct your personal information, and not to be discriminated against for exercising them. We do not sell or share your personal information as those terms are defined under California law.

To exercise any of these rights, email [email protected]. We will verify your request and respond within the time required by law.

11. International users and data transfers

RouteSync is operated from the United States, and your information is stored and processed there. If you use RouteSync from outside the United States, your information will be transferred to and processed in the U.S. Where we transfer personal data from the EU, UK, or EEA, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, or applicable derogations.

12. Children’s privacy

RouteSync is not directed to children, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, contact us at [email protected] and we will delete it.

13. Changes to this policy

We may update this policy as RouteSync evolves. When we make material changes, we’ll update the “Last updated” date above and, where appropriate, notify you. Continuing to use the Service after a change means you accept the updated policy.

14. Contact us

Questions about this policy or your data? Email us at [email protected].