OnRoute Labs ("OnRoute," "we," "us," or "our") operates the OnRoute mobile application (the "App"). This Privacy Policy explains how we collect, use, share, and protect your information when you use the App. We are committed to transparency and to giving you meaningful control over your data.
This policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023 ("DPDPA"). For users in the European Economic Area (EEA), United Kingdom, and California, additional rights apply as described in the "Your Rights" section below.
If you do not agree with this Privacy Policy, please do not use the App.
1. Who We Are
OnRoute Labs is the operating name used by Aswin Madollathil, an individual operating a mobile application business based in India.
Contact for privacy questions: [email protected]
Mailing address: Aswin Madollathil, 2145, DSR Sunrise Towers, Channasandra Main Road, Whitefield, Bangalore — 560067, Karnataka, India
For the purposes of the DPDPA, OnRoute Labs is the Data Fiduciary. For GDPR purposes, we are the Data Controller.
2. Information We Collect
We collect only the information necessary to provide and improve the App. We do not sell your personal information.
2.1 Information you provide directly
- Account-style preferences: your display name (used inside the App and on shared trips), preferred language, voice and vehicle preferences.
- Trip details: origin, destination, travel dates, traveler names and types (adult/kid), expenses you log, free-text checklist items, and any notes you add to a trip.
- Feedback you send us: the contents of any feedback or bug report you submit through the App's feedback form, along with your email address if you choose to provide it.
2.2 Information collected automatically
- Location data: while you use the App, we access your device's GPS location to plan routes, provide turn-by-turn navigation, surface nearby places (restaurants, fuel, restrooms), and (only when you explicitly enable it) share your current position with other members of your convoy or shared trip. Location data is processed in real time and is not stored on our servers except as needed to support active shared trips you have opted into.
- Voice recordings: when you use the "Hey OnRoute" voice co-pilot, your voice query is recorded for the duration of your speech, transmitted to our backend, and forwarded to Google's Gemini API for transcription and response. We do not retain voice recordings after the response is generated.
- Camera roll photos: the trip recap feature, if you enable it, reads photos from your device's camera roll that were taken within the geographic and time window of a completed trip. These photos are processed on your device and are not uploaded to our servers unless you explicitly choose to share the recap.
- Device and usage information: we collect anonymous information about your device (model, operating system version, language, time zone) and basic usage analytics (which screens you view, which features you tap). This information is not linked to your personal identity.
- Crash and error reports: if the App crashes or encounters an error, we collect a diagnostic report that may include the type of device, operating system, and the state of the App at the moment of the crash. We use these reports to fix bugs.
2.3 Information collected through third parties
The App uses the following third-party services that may collect or process your information on our behalf or for their own purposes:
- Google (Google Maps SDK, Places API, Routes API, Gemini AI): processes location, search queries, voice recordings, and route requests on our behalf to provide map rendering, place search, route planning, and voice co-pilot responses. Google's privacy practices are described at policies.google.com/privacy.
- OpenStreetMap (Overpass API): receives anonymous queries for points of interest along your route. No personal information is sent.
- Apple (RevenueCat, App Store): if you purchase a Pro subscription, Apple processes the payment and Apple-issued subscription identifiers. We do not see your full payment details.
- Resend: when you submit feedback through the App, we use Resend to deliver that feedback to our team email. Resend may temporarily process the contents and your email address.
- Affiliate networks (Amazon Associates, Commission Junction for Booking.com, GetYourGuide): when you tap an outbound shopping or booking link in the App, you are taken to the partner's website and an affiliate tracking parameter accompanies the link. Once you leave the App, the partner's privacy policy applies to your interactions on their site. We may receive aggregated commission reports identifying that a sale occurred via our link, but we do not receive identifying information about you from these partners.
3. How We Use Your Information
We use your information for the following purposes:
- To provide the App's core features: route planning, navigation, meal and stop suggestions, voice co-pilot, trip sharing, convoy coordination, and trip recaps.
- To process and fulfil your Pro subscription, if purchased.
- To respond to your feedback or support requests.
- To improve the App, including by fixing bugs and analysing aggregate usage patterns.
- To comply with applicable law and to enforce our Terms of Service.
We process your information on the following legal bases:
- Performance of a contract: providing the App and its features.
- Consent: location sharing in convoys, voice co-pilot, camera roll access for trip recaps. You can withdraw consent at any time in the App's Settings or in your device's system settings.
- Legitimate interests: anonymous analytics, security, and bug-fixing, balanced against your rights and freedoms.
- Legal obligation: complying with tax, accounting, and law enforcement requests.
4. How We Share Your Information
We share your information only as follows:
- With service providers (Google, RevenueCat, Resend, Apple) that operate parts of the App on our behalf under contractual confidentiality obligations.
- With other users when you choose to share a trip or join a convoy. Recipients of a shared trip code can see the trip's destination, route, expenses, and (if you enable live location sharing) your real-time position. Convoy members can see each other's positions and exchange voice and text messages.
- With affiliate partners in the limited sense that an affiliate tag accompanies outbound links you tap, allowing the partner to credit OnRoute Labs with the referral.
- In response to legal process if compelled by a valid legal request (subpoena, court order) from an authority of competent jurisdiction.
- In connection with a business transfer if OnRoute Labs is sold, merged, or otherwise reorganised, your information may transfer to the successor entity subject to this Privacy Policy.
We do not sell your personal information. We do not share your information with advertising networks for cross-context behavioural advertising.
5. Data Retention
- On-device data (your trips, expenses, checklists, preferences) is stored on your device and remains there until you delete it or uninstall the App.
- Shared trip data (a trip you publish via a share code or convoy code) is stored on our servers for the duration of the share, plus a short window for sync reliability. Shared trips automatically expire after seven (7) days of inactivity unless extended.
- Voice co-pilot recordings are not retained after the response is generated.
- Feedback submissions are retained in our team email for as long as necessary to respond to and resolve the issue raised.
- Aggregate analytics are retained for up to twenty-four (24) months.
You can delete all of your on-device data by uninstalling the App. To request deletion of any server-side data tied to your shared trips, contact us at the email above.
6. Data Security
We use industry-standard security measures including HTTPS encryption for all data in transit, restricted access controls on our servers, and minimal data collection by design. No method of electronic transmission or storage is one-hundred-percent secure; while we strive to protect your information, we cannot guarantee absolute security.
If we become aware of a personal data breach that affects you, we will notify you and the relevant authorities as required by applicable law.
7. Children's Privacy
The App is intended for users aged thirteen (13) and older. We do not knowingly collect personal information from children under thirteen. If you believe a child under thirteen has provided personal information to us, please contact us at [email protected] and we will delete it.
Users aged thirteen to seventeen should obtain parental consent before using the App, in accordance with applicable law in their country of residence.
8. International Data Transfers
OnRoute Labs is based in India. The App's backend services run on Google Cloud Platform in the asia-northeast1 region (Tokyo). Some of our service providers (Google, Resend, Apple) operate globally and may process your information outside your country of residence. Where required by law (for example, for transfers from the EEA), we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.
9. Your Rights
Subject to applicable law, you have the following rights regarding your personal information:
- Access — request a copy of the personal information we hold about you.
- Correction — request that we correct inaccurate or incomplete information.
- Deletion — request that we delete your personal information, subject to legal retention obligations.
- Restriction or objection — request that we restrict or stop processing your information in certain situations.
- Data portability — receive a copy of your information in a structured, machine-readable format.
- Withdraw consent — where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Complaint — lodge a complaint with the Data Protection Board of India (under the DPDPA), your local supervisory authority (under GDPR), or the California Privacy Protection Agency (under CCPA/CPRA).
To exercise any of these rights, email [email protected]. We will respond within the time frame required by applicable law (typically thirty days).
9.1 California residents (CCPA/CPRA)
California residents have the right to know what categories of personal information we collect, the right to delete personal information, the right to correct inaccurate information, and the right to opt out of "sale" or "sharing" for cross-context behavioural advertising. We do not sell or share personal information for cross-context behavioural advertising. To exercise these rights, contact us at the email above.
9.2 EEA / UK residents (GDPR)
In addition to the rights listed above, EEA and UK residents may lodge a complaint with their local data protection authority.
10. Cookies and Similar Technologies
The App does not use cookies. We do not use any tracking technologies that operate across third-party apps or websites.
11. Third-Party Links
The App contains affiliate and informational links to external websites (e.g. Amazon, Booking.com, GetYourGuide). When you tap such a link, you leave the App and the linked party's privacy policy governs your interactions with them. We are not responsible for the practices of third-party sites.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you in the App and update the "Last updated" date at the top of this policy. Your continued use of the App after a change takes effect constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions about this Privacy Policy or our data practices, contact us at:
Email: [email protected]
Mailing address: Aswin Madollathil, 2145, DSR Sunrise Towers, Channasandra Main Road, Whitefield, Bangalore — 560067, Karnataka, India
For Grievance Officer matters under the DPDPA, contact:
Grievance Officer: Aswin Madollathil
Email: [email protected]
We will acknowledge your communication within seventy-two hours and respond substantively within the time frame required by applicable law.