HelloRoute
Book demo

Legal

Privacy policy

How HelloRoute collects, uses, retains, and protects information when you operate our routing, dispatch, and tracking platform—and how recipients interact with lightweight tracking surfaces.

Effective date: May 14, 2026·Last updated: May 14, 2026. This policy describes our practices at a high level. Your organization may supplement it through a Data Processing Agreement or order form where applicable. Questions: support@helloroute.me or Contact us.

Who this policy covers

HelloRoute provides hosted software used by delivery and field-service teams (“customers”) as well as their authorized users (“users”). End recipients may access read-only surfaces such as tracking links (“recipients”) without creating an account where your organization invites them.

Categories of information we process

Depending on configuration and lawful use of the platform, categories may include:

  • Account & organizational data: name, email, employer, authentication signals, preferences, billing contact details you provide during signup or onboarding.
  • Operational & delivery data: stops, routes, statuses, time windows, proof-of-delivery metadata, identifiers you map from your ERP/OMS/WMS imports, planner notes, and similar fields required to optimize and execute work.
  • Location & device signals: where enabled for routing, ETA, or accountability, telemetry such as handset GPS breadcrumbs and timestamps from driver-capable apps.
  • Communications tooling: template-driven messages (for example SMS or chat deep links), delivery of such messages via your carriers, and related logs surfaced in product reports.
  • Support & diagnostics: bug reports you send, voluntarily shared screenshots or exports, aggregated performance metrics needed to troubleshoot incidents or improve reliability.
  • Website & product telemetry: basic technical logs generated by browsers when you browse marketing pages—IP address, referrer, timestamps, coarse device information—often through cookies where required notices apply.

How and why we use information

Processing is anchored in performing the contracted service and keeping it secure:

  • Delivering planners, automated optimization, dispatcher consoles, history, dashboards, integrations, APIs, role-based controls, backups, resilience, upgrades, telemetry to measure latency and errors affecting operations.
  • Authenticating authorized users of your tenant (when you opt into identity features we expose) and resisting abuse or intrusion.
  • Fulfilling professional communication steps you initiate (routing-related notifications recipients expect).
  • Responding to support requests or regulatory inquiries where lawful and proportionate.

Except where narrower instructions exist in agreements, HelloRoute relies on contractual necessity toward subscribers, subscriber instructions toward recipient-facing features, legitimate interests compatible with steady service delivery where applicable law permits, plus consent whenever we operate pure marketing trackers that require it.

Recipients, vendors, transfers

Operational data ordinarily stays inside your logically isolated HelloRoute tenant. Outside sharing is narrow and purpose-bound:

  • Recipients view only tracking assets your team generates.
  • Infrastructure, authentication, telecom, ticketing, observability or payment vendors may operate sub-processors when they provide essential cloud, pipeline, alerting, messaging, merchant or similar services under strict confidentiality and onward clauses.
  • Regulators or courts when legally compelled—and only after scrutinizing warrants and escalating where appropriate.
  • Successor entities in mergers or asset transfers accompanied by safeguards around continuity of privacy commitments.

Standard contractual clauses or equivalent mechanisms accompany international transfers originating from regions with cross-border safeguards.

Retention

Operational records remain available according to archival settings you steer (route history buckets, dashboards, integrations, exports). Deleted records purge from actively replicated stores per technical schedules; latent copies in encrypted backups expire on rolling horizons unless law demands longer holds for audit envelopes.

Marketing leads and dormant trial artifacts age out quicker unless you revive an active negotiation.

Security

We implement administrative, organizational, and technical controls—including encryption for data in transit—aligned with common practice for B2B SaaS and dedicated customer environments. No online service can guarantee perfect security; if we become aware of an incident that materially affects your tenant, we will notify your designated administrators as described in your order or support runbooks, subject to lawful restrictions.

Regional rights

Depending on geography, stakeholders may invoke access, portability, correction, restriction, objection, deletion, grievance escalation, supervisory complaints, automation reviews, consent withdrawal, proxy assistance, appeal rights, breach notifications, mandated representative contacts, pseudonym guidance, minors protections, biometric opt-outs… The legal menu is fragmented. Reach out with specifics and jurisdictions so we analyze each request inside the timelines your laws articulate.

When your organization—not HelloRoute—is the statutory controller toward delivery recipients or employees, inbound rights requests referencing their data ordinarily route via your administrators first unless law requires otherwise.

Age restrictions

HelloRoute is an enterprise coordination product. Marketing sites aren’t engineered for unknowing minors. Recipient links should not systematically target minors without guardian oversight.

Changes to this policy

Meaningful updates appear here by adjusting the Effective / Last updated lines and, when appropriate, notifying active administrators thirty days beforehand unless urgency or compelled silence differs.