Privacy Policy

1. Introduction

PayRoute ("PayRoute," "we," "us," or "our") provides field service management software that helps outdoor service businesses plan routes, manage crews, and collect payments. This Privacy Policy explains how we collect, use, store, and protect information when you use our website (payroute.app), mobile applications, and related services (collectively, the "Platform").

By using PayRoute, you agree to the practices described in this policy. If you do not agree, please do not use the Platform.

2. Our Role: Data Processor vs. Data Controller

PayRoute operates as a data processor (also called a "service provider" under certain state laws). The businesses that use PayRoute ("Subscribers") are the data controllers. This means:

• Subscribers decide what personal data to collect from their customers, what communications to send, and how that data is used for their business operations.
• PayRoute provides the tools — we process data on behalf of Subscribers according to their instructions and our Terms of Service.
• We do not sell, rent, share, or monetize Subscriber data or their customers' data in any way. We will never use this data for advertising, profiling, or any purpose other than providing the PayRoute service.

3. Information We Collect

3a. Subscriber Account Information

When you create a PayRoute account, we collect your business name, contact name, email address, phone number, and billing information. This data is used to operate your account, process your subscription payments, and communicate with you about the service.

3b. End-Customer Data (Entered by Subscribers)

Subscribers enter their customers' information into PayRoute, which may include names, addresses, phone numbers, email addresses, service history, property details, and payment information. This data belongs to the Subscriber. We process it solely to provide the PayRoute service and do not use it for any other purpose.

3c. Payment Data

Payment card data collected through PayRoute's on-site payment features (Tap to Pay, chip, swipe, Dejavoo P8) is processed by our PCI-compliant payment processing partners. PayRoute does not store full card numbers on our servers. We only retain transaction records (amount, date, last four digits, status) needed for invoicing and reporting.

3d. Usage and Device Information

We automatically collect technical information when you use the Platform, including device type, operating system, IP address, browser type, and general usage patterns (pages visited, features used). This helps us improve the product, diagnose issues, and ensure security.

3e. Location Data

Our mobile app may collect GPS location data when crews are actively using route navigation. This is used to provide turn-by-turn directions and track route progress. Location tracking can be disabled in device settings, though some navigation features may not function without it.

4. How We Use Information

We use the information we collect to:

• Provide, maintain, and improve the PayRoute Platform
• Process subscription billing and on-site payment transactions
• Send service-related communications (account alerts, updates, security notices)
• Provide customer support
• Analyze aggregated, de-identified usage patterns to improve our product
• Comply with legal obligations

We do not use Subscriber or end-customer data for marketing, advertising, data brokerage, or any purpose beyond operating the PayRoute service.

5. Communications Sent Through PayRoute

PayRoute enables Subscribers to send communications to their customers, including SMS text messages (appointment reminders, payment receipts, invoice links) and emails (invoices, estimates, receipts). It is important to understand the following:

5a. Subscriber Responsibility

The Subscriber (business owner) is the sender of all communications transmitted through PayRoute to their end customers. PayRoute acts as the technology platform that facilitates delivery. Subscribers are solely responsible for:

• Obtaining all required consent from their customers before sending SMS or email communications, including prior express written consent for marketing messages as required by the Telephone Consumer Protection Act (TCPA)
• Complying with the CAN-SPAM Act for email communications, including accurate sender identification, truthful subject lines, and honoring opt-out requests
• Complying with all applicable federal, state, and local laws governing electronic communications in their jurisdiction
• Maintaining records of consent from their customers
• Ensuring that communications are only sent to customers who have consented to receive them

5b. Platform Safeguards

While Subscribers bear responsibility for compliance, PayRoute provides the following safeguards to support compliant use of the Platform:

• Quiet hours: Automated messages are not sent before 8:00 AM or after 9:00 PM in the recipient's local time zone, in accordance with TCPA guidelines
• Opt-out handling: Recipients can reply STOP to any SMS message to unsubscribe, and all emails include an unsubscribe link. Opt-out requests are processed automatically
• Business identification: All messages sent through PayRoute include the Subscriber's business name
• Transactional messaging: PayRoute is designed for transactional communications (receipts, invoices, appointment confirmations), not bulk marketing. Subscribers must not use PayRoute for unsolicited marketing blasts

5c. Prohibited Uses

Subscribers may not use PayRoute to send unsolicited bulk marketing messages, messages to purchased or rented contact lists, messages that misrepresent the sender's identity, or any communication that violates applicable law. Violation of these terms may result in account suspension or termination.

6. When We Share Information

We only share information in the following limited circumstances:

• Payment processors: Transaction data is shared with our PCI-compliant payment processing partners to complete card transactions
• Communication delivery: Phone numbers and email addresses are shared with our SMS and email delivery partners solely to deliver messages initiated by the Subscriber
• Legal compliance: We may disclose information if required by law, court order, or government request
• Business transfers: If PayRoute is acquired or merged, data may be transferred to the successor entity under the same privacy protections described here

We never sell, rent, or trade personal information to third parties for their own use. We do not share data with advertisers, data brokers, or marketing companies.

7. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL) and at rest, access controls and authentication requirements, regular security audits, and PCI DSS compliance for payment processing. While no system is 100% secure, we are committed to protecting the data entrusted to us.

8. Data Retention

We retain Subscriber account data for as long as the account is active. When a Subscriber cancels their account, we delete their data within 90 days, except where retention is required for legal or regulatory purposes (e.g., tax records, payment transaction records). Subscribers may request data export or deletion at any time by contacting us.

9. Your Privacy Rights

Depending on your location, you may have specific rights regarding your personal information under laws such as the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), and similar state laws. These rights may include:

• Right to know: Request what personal information we have collected about you
• Right to delete: Request deletion of your personal information
• Right to opt out of sale: We do not sell personal information, so this right is automatically honored
• Right to non-discrimination: We will not treat you differently for exercising your privacy rights

For end customers of PayRoute Subscribers: If you are the customer of a business that uses PayRoute and wish to exercise your privacy rights, please contact that business directly, as they are the data controller for your information. If they are unable to assist, you may contact us and we will help facilitate the request.

10. Children's Privacy

PayRoute is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Cookies and Tracking

Our website uses essential cookies required for the Platform to function (authentication, session management). We may use analytics cookies to understand how visitors use our website. We do not use third-party advertising cookies or tracking pixels. You can control cookies through your browser settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Subscribers of material changes by email or through the Platform. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at: