Privacy Policy

1. Overview

Sweetroute ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use the Sweetroute platform. By using Sweetroute, you consent to the practices described in this policy.

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

• Name and email address
• Password (stored as a secure hash — we never store plain text passwords)
• Profile information (bio, avatar) if provided
• Privacy settings preferences

2.2 Geolocation Data

Sweetroute is a geo-narrative platform. When you create routes, waypoints, or participate in quests, we collect geographic coordinates (latitude, longitude). This data is essential for core functionality. Location data is only collected when you actively create or interact with map-based features, and only with your explicit consent.

2.3 Content Data

We store content you create, including:

• Routes, waypoints, and narrative text
• Episodes and story content
• Media uploads (photos, videos, audio)
• Comments and social interactions

2.4 Usage Analytics

We may collect anonymized usage data to improve the Platform, including pages visited, features used, and general usage patterns. This data does not personally identify you.

3. Cookies & Local Storage

Sweetroute uses:

• Session cookies: To maintain your authenticated session (required for platform functionality)
• Local storage: To save UI preferences such as panel positions, theme settings, and map state
• Third-party cookies: Stripe may set cookies for payment processing and fraud prevention

We do not use advertising tracking cookies. You can manage cookie preferences through your browser settings, but disabling essential cookies may affect Platform functionality.

4. Third-Party Services

Sweetroute integrates with the following third-party services:

4.1 Stripe (Payment Processing)

Stripe processes payments for subscriptions. When you subscribe, Stripe collects payment information (card details, billing address) directly. We never store your full card number. Stripe's privacy policy: stripe.com/privacy.

4.2 LiteLLM (AI Processing)

We use AI services for features like quest generation and content moderation. When you use AI-assisted features, relevant data (such as location context or content text) may be sent to AI providers for processing. We do not use your data to train AI models.

4.3 OVH (Hosting & Storage)

Your data is hosted on OVH Cloud infrastructure located in Canada. Media uploads are stored in OVH Object Storage (S3-compatible). OVH's data processing complies with GDPR requirements.

4.4 Cesium (Map Data)

The globe visualization uses Cesium Ion for terrain and imagery data. Cesium may collect anonymized telemetry data related to map usage.

5. How We Use Your Data

We use your data to:

• Provide and maintain the Platform's core functionality
• Authenticate your identity and secure your account
• Display your routes and content to other users (based on your visibility settings)
• Process payments and manage subscriptions
• Send important account notifications (security, billing, terms updates)
• Improve the Platform based on anonymized usage analytics
• Moderate content to ensure compliance with acceptable use policies

6. Data Sharing

We do not sell your personal data. We share data only:

• With your consent: When you publish public routes or share content
• With service providers: Stripe, OVH, and AI providers as described above, under strict data processing agreements
• For legal compliance: When required by law, court order, or to protect the safety of users

7. Your Rights (GDPR / PIPEDA)

Under GDPR (EU) and PIPEDA (Canada), you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate personal data via your profile settings
• Right to Deletion: Delete your account and associated data (available in Account Settings)
• Right to Data Portability: Export your data in a standard format (available via Data Export in Account Settings)
• Right to Withdraw Consent: Withdraw location or data processing consent at any time
• Right to Object: Object to data processing for specific purposes

To exercise these rights, contact us at the information below or use the self-service tools in your Account Settings.

8. Data Retention & Deletion

We retain your data for as long as your account is active. When you delete your account, we permanently remove your personal data, including profile information, routes, waypoints, episodes, and media uploads. Some anonymized aggregate data may be retained for analytics purposes.

Payment records are retained as required by financial regulations (typically 7 years) and are managed by Stripe.

9. Children's Privacy

Sweetroute is not intended for users under the age of 13 (or 16 in the EU under GDPR). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Security

We employ industry-standard security measures including encrypted data transmission (HTTPS/TLS), secure password hashing, encrypted API key storage, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. The "Last Updated" date at the top reflects the most recent revision.

12. Contact

For privacy-related questions or to exercise your data rights: