RouteWatch
  • Features
  • Privacy
  • Terms
  • Contact

Legal

Privacy Policy

This policy explains what personal data Digital Synn Limited collects when you use RouteWatch, why we collect it, who we share it with, how long we keep it, and what rights you have. We've written it in plain English.

Data controller

Digital Synn Limited, United Kingdom. Registered with the UK Information Commissioner's Office (ICO) under reference C1918487. For all privacy enquiries: privacy@myroutewatch.com.

What we collect

Account data

  • Email address.
  • Password (stored as a hashed value — we never store your plaintext password).
  • Optional display name.

Route data

  • Journeys you save: origin, destination, transport modes, and scheduling preferences.

Journey history

  • Trips you record, including start and end postcode districts (the first 3–4 characters of a UK postcode — never the full postcode), times, actual versus planned duration, and transport modes used.

Anonymised contributor data (opt-in only)

  • If you choose to contribute, your recorded journeys are aggregated into k-anonymity cohorts before any statistic is surfaced to other users. Each community cohort requires at least 20 contributors (k≥20); personal accuracy summaries require at least 3 (k≥3). No individual journey is attributable to you in the aggregated views. Raw contributions drop out of cohort windows after 28 days.

Device data

  • A stable device identifier — a UUID generated locally on your device. This is not an advertising ID and is not shared with advertisers.
  • FCM push token, if you enable push notifications.
  • OS version and app version number.

IAP and subscription data

  • Platform transaction IDs (Apple original_transaction_id or Google purchase token), your current subscription tier, and your current period end date. We never see or store card numbers or payment details — those stay with Apple or Google.

Technical logs

  • Server request logs including IP address. Retained for 30 days for abuse investigation and debugging, then deleted automatically.

What we don't collect

  • Full postcodes or precise GPS coordinates (we snap to postcode district).
  • Advertising IDs (IDFA, GAID) — we don't use them.
  • Browsing history outside RouteWatch.
  • Social media profile data.
  • Data from children under 13 — the app is not directed at under-13s.

How we use your data

  • Provide and maintain the service — authenticate your account, store and serve your saved routes, deliver disruption alerts you've requested.
  • Improve route accuracy — only with your explicit opt-in, aggregate your journey history into k-anonymous cohorts to improve accuracy stats shown to all users.
  • Security and abuse prevention — monitor for unusual patterns, investigate suspected abuse, comply with legal obligations.
  • Subscription management — verify and service your Pro subscription via Apple or Google.

Who we share data with

We do not share your personal data with advertisers or data brokers, and we never sell it. We use the following infrastructure sub-processors:

  • OVH SAS (EU) — hosting and server infrastructure.
  • Google Firebase Cloud Messaging — push notification delivery. Your FCM token is transmitted to Google servers to route notifications to your device.
  • Apple / Google — IAP receipt verification. We send transaction IDs to their servers to confirm subscription status.

Each sub-processor is contractually bound to process data only as instructed and in accordance with GDPR.

Retention

  • Account data: held until you delete your account.
  • Journey history: held indefinitely unless you delete it in the app.
  • Anonymised cohort contributions: 28-day rolling window; older data drops out automatically and is no longer included in any view.
  • Server logs: 30 days, then automatically purged.
  • Deleted account data: purged within 30 days of account deletion via our automated data-deletion pipeline.

Your rights under UK GDPR

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data ("right to be forgotten").
  • Portability — receive your data in a machine-readable format.
  • Withdraw consent — if processing is based on consent (e.g. contributor opt-in), withdraw it at any time without affecting the lawfulness of prior processing.
  • Complain — lodge a complaint with the Information Commissioner's Office (ICO).

The in-app Privacy Dashboard lets you export or delete all your personal data without contacting us. For anything else, email privacy@myroutewatch.com. We will respond within 30 days.

Children

RouteWatch is not directed at children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will delete it promptly. Contact privacy@myroutewatch.com if you believe this has occurred.

Cookies

This website uses no tracking cookies and no analytics scripts. The RouteWatch app uses a single functional cookie (rw_eta_seen) on shared ETA pages to prevent automated repeat requests. This cookie is HMAC-signed and contains no personal data. It is not used for advertising or tracking.

Changes to this policy

We will post material changes to this policy with a new "Last updated" date at least 30 days before they take effect, and notify you via the app. Continued use of the service after that date constitutes acceptance of the updated policy.

Last updated: 24 April 2026

© 2026 Digital Synn Limited. All rights reserved.

  • Privacy Policy
  • Terms of Service
  • Licences
  • Delete your data
  • Contact