Privacy Policy

Last updated: February 24, 2026

Overview

RouteKit (“we”, “us”, “our”) operates the RouteKit platform and website at routekit.sh. This privacy policy explains how we collect, use, and protect your information when you use our website, waitlist, and API services.

Information We Collect

We collect the minimum information necessary to operate RouteKit:

  • Account information: When you sign up for our waitlist or create an account, we collect your email address and any profile information you provide.
  • Usage data: We collect metadata about API requests such as timestamps, channel types, delivery status, and error codes. This is used for monitoring, debugging, and billing.
  • Technical data: We may collect IP addresses, browser type, and device information when you visit our website, via standard server logs.

Message Data — Zero Retention

RouteKit is a pass-through messaging router. We do not store, log, or inspect the content of any messages sent or received through our platform. Message payloads are forwarded to their destination in real time and are never written to disk. The only data we retain is delivery metadata (e.g., message ID, timestamp, channel, delivery status) for the purpose of guaranteed delivery tracking and debugging failed deliveries.

How We Use Your Information

  • To operate and maintain the RouteKit platform and deliver messages to your configured channels.
  • To communicate with you about your account, service updates, security alerts, and product announcements.
  • To monitor service health, investigate issues, and improve reliability.
  • To enforce our terms of service and protect against abuse.

We will never sell your personal information or email address to third parties.

Third-Party Services

We use the following third-party services to operate RouteKit:

  • Supabase — Database and authentication. Your account data is encrypted in transit and at rest.
  • Resend — Transactional email delivery for account-related communications.
  • Vercel — Website and API hosting infrastructure.

These providers process data only as necessary to provide their services and are bound by their own privacy policies.

Data Security

We implement industry-standard security measures to protect your data, including TLS encryption for all data in transit, encryption at rest for stored data, scoped API keys with request signing, and regular security reviews of our infrastructure.

Data Retention

Account information is retained for as long as your account is active. Delivery metadata is retained for 30 days for debugging purposes and then automatically deleted. You may request deletion of your account and all associated data at any time.

Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data and account at any time.
  • Opt out of non-essential communications.

To exercise any of these rights, contact us at hello@routekit.sh.

Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you via email or a prominent notice on our website. Continued use of RouteKit after changes constitutes acceptance of the revised policy.

Contact

If you have questions about this privacy policy or how we handle your data, please reach out at hello@routekit.sh.