Privacy Policy

PoolsRoute (“PoolsRoute”, “we”, “our”) operates the PoolsRoute software-as-a-service platform: a web dashboard, an iOS app, and an Android app used by pool service businesses to manage their routes, customers, technicians, and service records.

This Privacy Policy explains what personal information we collect from two distinct groups:

• Business owners and their technicians who use PoolsRoute as their daily ops tool (“Operators”).
• End customers of those businesses — the pool owners whose service records the Operator manages (“End Customers”).

From Operators (people who sign in to PoolsRoute)

• Account info: name, email, business name, phone number, time zone.
• Authentication: hashed passwords, session tokens, magic-link tokens.
• Device info: device push-notification tokens (APNs for iOS, FCM for Android), device model, OS version.
• Approximate device location only while the app is in use, for showing nearby pool stops on the map and computing driving distances. We never track location in the background.
• Photos and notes the technician records during a pool visit.
• Diagnostic logs (crashes, errors) used to keep the app stable.

About End Customers (pool owners managed by an Operator)

• Name, address, optional email and phone — entered by the Operator.
• Service history: visit dates, chemical readings, service notes, photos.
• Property metadata: gate codes, pet warnings, access notes — all entered by the Operator.

PoolsRoute processes End Customer data on behalf of the Operator. The Operator is the data controller; PoolsRoute is the data processor.

• To provide and operate the PoolsRoute platform.
• To send push notifications about scheduled visits, completions, and service alerts.
• To send transactional emails (login magic links, service summaries, password resets) via our email provider, Resend.
• To compute optimized routes using Apple Maps (web + iOS) and Google Maps (Android).
• To detect and prevent fraud, abuse, and security incidents.
• To comply with legal obligations.

We do not sell personal information. We do not use customer data to train AI models or for any purpose beyond providing the service.

We share data only with the providers required to operate the service:

• Cloudflare (USA) — hosting, database, file storage, CDN.
• Apple (USA) — Apple Push Notification service, MapKit JS map rendering, App Store distribution.
• Google (USA) — Firebase Cloud Messaging for Android push, Google Maps for Android, Play Store distribution.
• Resend (USA) — transactional email delivery.

Each sub-processor is contractually bound to use the data only for the purposes we instruct.

Operator and End Customer data is stored in Cloudflare D1 (a SQLite-backed database) and Cloudflare R2 (object storage), both replicated across data centers in the United States. Database backups are retained for 30 days. Photos uploaded by technicians are stored in R2 and retained for the lifetime of the Operator's account.

• Active accounts: data is retained as long as the account is active.
• Account deletion request: we delete personal data within 30 days, except where retention is required by law (e.g., tax records).
• Diagnostic logs: 90 days.
• Audit log of administrator actions: 2 years.

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your data (subject to legal retention exceptions).
• Export your data in a portable format (CSV/JSON).
• Withdraw consent for marketing communications at any time.

To exercise any of these rights, email us at [email protected]. We respond within 30 days.

We protect data in transit with TLS 1.3, store passwords using PBKDF2-SHA256 with 100,000 iterations and per-user salts, and isolate each Operator's data by tenant ID on every database query. Access to production data is limited to authorized personnel and logged in an audit trail.

No system is perfectly secure. If you believe your account has been compromised, contact [email protected] immediately.

PoolsRoute is a B2B platform not directed at children under 16. We do not knowingly collect personal data from minors. If you believe a child has provided us data, contact us and we will delete it.

Our infrastructure is based in the United States. If you access PoolsRoute from outside the United States, you consent to the transfer and processing of your data in the U.S.

We may update this policy. Material changes will be announced via email to Operators at least 14 days before they take effect. The “last updated” date at the top reflects the most recent revision.

PoolsRoute
Email: [email protected]