Legal
Privacy policy
Last updated: May 2026
This policy describes what data we collect, why, and your rights. RouteMate uses cloud infrastructure (Supabase) for authentication and the database.
1. Data controller
The controller is the RouteMate team (project in development). For privacy requests contact us via the email on the site or your account.
2. Data we collect
Registration data (email, name, hashed password), profile (bio, city, country, languages, photos, host availability), stay requests, messages, reviews, wishlist, and technical data (logs, session cookies).
3. Purpose and legal basis
We process data to provide the service (contract), platform security (legitimate interest), and, where needed, service communications. We do not sell your data for third-party marketing.
4. Location and map
We show other users city, country, and approximate coordinates from your profile — not your full street address. You can update or remove location data in your profile.
5. Processors and transfers
Data is hosted on Supabase (EU/US depending on project setup). We use providers with appropriate contractual safeguards.
6. Retention
We keep data while your account is active and as needed for legal obligations or disputes. You may request account deletion.
7. Your rights (GDPR)
You have rights of access, rectification, erasure, restriction, portability, and objection, plus complaint to your supervisory authority. Contact us with account identification to exercise rights.