Effective date: 1 March 2026
Your privacy matters. This policy explains what information Routebook collects, how it is used, and what rights you have over your data. The short version: we collect only your email address, we share it with no one, and you can delete everything at any time.
The only personal information we collect is your email address, and only because it is required to create and access your account. That is the entirety of the personal data we hold about you.
We do not collect names, location data, device identifiers, browsing behaviour, or any other personal data. Route files you upload are stored solely to provide you with the service and are treated as your content, not our data. Payment information is never collected or stored by us — see the Payments & Stripe section below.
Your email address is used exclusively to authenticate you when you sign in. We do not send marketing emails, newsletters, or notifications unless you explicitly request them.
We do not sell, rent, trade, or share your email address or any other personal data with third parties — ever. There are no advertising partners, data brokers, or analytics services receiving your information.
The only circumstance under which we would disclose any information is if required to do so by a court order under applicable law, in which case we would disclose only the minimum information legally required.
Subscription payments are handled entirely by Stripe, a leading global payment processor. We never see, handle, or store your credit card number, billing address, or any other payment details. That information goes directly to Stripe and never passes through Routebook's systems.
When you subscribe, Stripe assigns your account a secure customer identifier which we store solely to manage your subscription status (active, cancelled, past due). This identifier contains no payment data.
What Stripe collects — Stripe collects your payment card details, billing name, and billing address directly. Stripe is certified to PCI DSS Level 1, the highest standard in the payments industry.
Stripe's privacy policy — Your payment data is governed by Stripe's own privacy policy, available at stripe.com/privacy.
Subscription cancellation — You can cancel your subscription at any time from Account Settings. Cancellation takes effect at the end of the current billing period and no further charges are made.
Account deletion & billing — If you delete your account, your Stripe subscription is cancelled immediately as part of that process. You will not be charged again.
You are in complete control. You can delete your account and all associated data at any time from Account Settings → Delete Account. Deletion is immediate and permanent — your email address and all uploaded route data are removed from our systems the moment you confirm.
There are no waiting periods, no retention windows, and no archives. Once deleted, your data is gone.
Routebook uses a single session cookie required to keep you signed in. We do not use tracking cookies, third-party cookies, advertising pixels, or any form of cross-site tracking.
All data is transmitted over encrypted HTTPS connections. Passwords are never stored — we use secure token-based authentication. We apply industry-standard practices to protect the minimal data we hold.
Routebook is designed with privacy by default. Because we collect only a single piece of personal data (your email address) and share it with no one, our data practices are intentionally minimal and compliant with major international privacy regulations including:
GDPR (EU/EEA) — We process your email address on the lawful basis of contract performance (i.e. to provide the service you signed up for). You have the right to access, correct, export, or erase your personal data at any time.
UK GDPR — The same rights and protections apply to users in the United Kingdom.
CCPA (California) — We do not sell personal information. California residents have the right to know what data is held and to request deletion, both of which are addressed directly in this policy.
NZ Privacy Act 2020 — We comply with New Zealand's Privacy Act and the 13 Information Privacy Principles governing the collection, storage, and use of personal information.
To exercise any of your privacy rights — access, correction, portability, or erasure — you can use the self-service deletion in Account Settings, or contact us directly at info@orbital.co.nz.
If we ever change what data we collect or how we use it, we will notify you by email before those changes take effect. We will never retroactively change how we use data already collected without your explicit consent.
Questions about this policy or your data? Reach us at info@orbital.co.nz. We'll respond promptly.