Privacy Policy

1. About Us

sunroute (“we”, “us”, “our”) is operated by an Australian business. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the sunroute iOS application and website (sunroute.app).

We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information We Collect

2.1 Account Information

When you create a sunroute account, we collect:

• Email address (provided by your sign-in provider)
• Authentication tokens from Apple Sign-In or Google Sign-In
• Username (chosen by you, displayed publicly as your identity)
• Display name (optional)
• Avatar (optional — a vehicle icon and colour you select, stored as a preset)

We do not receive or store your Apple ID password or Google password. Sign-in is handled via secure OAuth 2.0 / OpenID Connect through those providers. Authentication sessions are stored securely in your device’s Keychain.

2.2 Location Data

sunroute uses your device’s location services to show nearby routes, provide turn-by-turn navigation, and display your position on the map. Location data is only accessed while the app is in active use and you have granted location permission.

We do not track your location in the background. We do not store your real-time location on our servers. Your location is processed on-device to calculate distances and provide navigation guidance.

2.3 Push Notifications

If you grant notification permission, we store a device token on our servers so we can deliver push notifications (for example, when a route you submitted is approved or when your route receives a new rating milestone). Your device token is removed from our servers when you sign out or delete your account.

You can manage which categories of notification you receive (such as route updates and discovery reminders) within the app’s notification settings. These preferences are stored on our servers alongside your account.

2.4 User-Generated Content

When you use sunroute, you may choose to create content that is stored on our servers:

• Routes — name, description, GPS coordinates (start/end points, waypoints, road-following polyline), distance, duration, difficulty rating, tags, and vehicle suitability settings
• Ratings and reviews— star rating (1–5), written comment, and optional structured feedback (best time of day, road surface, weather conditions, whether you would drive the route again)
• Route reports — reason for report, optional notes

2.5 Profile Information

You may optionally add the following to your profile:

• Vehicle types you drive (car, sports car, classic car, motorbike, scooter, 4WD)
• Display name
• Avatar (a vehicle icon and colour selected from preset options)

Your username, avatar, public routes, ratings, and earned badges are visible to other users via your public creator profile. Badges are calculated automatically from your activity (for example, number of routes created or driven) and are displayed on your profile. Vehicle types are used to personalise route recommendations.

2.6 Bug Reports

If you submit a bug report through the app, we collect the description you provide along with your device model, iOS version, and app version to help us diagnose the issue. Bug reports are optional and user-initiated.

2.7 Performance and Crash Diagnostics

sunroute uses Apple’s MetricKit framework to receive aggregated performance metrics and crash diagnostic reports delivered by iOS. These reports contain technical data about app performance (such as launch times, memory usage, and battery impact) and crash logs. They do not contain personal information, location data, or user-generated content. We use this data solely to improve app stability and performance.

2.8 Information We Do Not Collect

sunroute does not use any third-party analytics, advertising, or crash reporting SDKs in the iOS app. We do not collect usage events, behavioural data, advertising identifiers, or device fingerprints. Our website uses Vercel Analytics for anonymous, aggregate page view statistics only.

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the sunroute app and services
• Create and manage your user account
• Enable route discovery, navigation, and sharing features
• Display creator attribution on routes (your username and badges)
• Moderate user-generated content (route review, report handling)
• Send you push notifications about your routes and activity (with your permission)
• Calculate and display achievement badges on your profile
• Monitor app performance and diagnose crashes (via Apple MetricKit)
• Respond to bug reports and support requests
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for advertising or profiling.

4. Sharing Your Information

4.1 Service Providers

We use the following third-party services to operate sunroute:

• Supabase — database hosting and authentication infrastructure
• Apple — App Store distribution, Apple Sign-In, Apple Maps/MapKit (route calculations are performed on-device), Apple Push Notification service (APNs) for delivering notifications to your device, and MetricKit for aggregated performance diagnostics
• Google — Google Sign-In
• Vercel — website hosting and anonymous web analytics

These providers process data only as necessary to provide their services. We do not share your data with any other third parties.

4.2 Other Users

Content you choose to make public (routes, ratings, username, badges, and profile information) is visible to other sunroute users. Your email address is never displayed to other users. Your real-time location is never shared with other users.

4.3 Legal Requirements

We may disclose your information if required by Australian law, court order, or to protect the safety of our users or the public.

5. Data Storage and Security

Your data is stored on Supabase infrastructure with encryption in transit (TLS) and at rest. Authentication sessions are stored in your device’s iOS Keychain. We implement row-level security policies on our database to ensure users can only access and modify their own data.

We retain your account data for as long as your account is active. You may request deletion of your data at any time (see Section 6).

6. Your Rights and Account Deletion

Under the Privacy Act 1988 and the APPs, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your account and all associated data
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

Account Deletion

You can delete your account directly within the sunroute iOS app by going to Profile → Delete Account. Upon deletion:

• Your profile, username, avatar, and account credentials are permanently removed
• All routes you created are permanently deleted
• All ratings and reviews you submitted are permanently deleted
• All route reports you submitted are anonymised (your user ID is removed)
• All bug reports you submitted are anonymised
• Your device tokens and notification preferences are permanently deleted

We will process deletion requests within 30 days. Deletion is irreversible.

7. Children’s Privacy

sunroute is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

8. Cookies and Tracking

The sunroute website (sunroute.app) uses Vercel Analytics for anonymous, aggregate page view statistics. No personal data is collected by this service and no cookies are used for tracking or advertising. The iOS app does not use cookies or any tracking technologies.

9. International Data Transfers

Our service providers (Supabase, Vercel) may process data in jurisdictions outside Australia, including the United States. Where this occurs, we ensure appropriate safeguards are in place consistent with the APPs and the service provider’s data protection obligations.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via the app or by email. The “Last updated” date at the top of this page indicates when the policy was last revised. Continued use of sunroute after changes constitutes acceptance of the updated policy.