Privacy Policy

Privacy Policy


Last Updated: February 2025

"Routo" (hereinafter referred to as "We," "Us," or "Our") provides a mobile application (the "Platform") to offer travel planning services (the "Services"). This Privacy Policy ("Policy") describes our practices and policies regarding the use and processing of personal information while providing the Services. It outlines the types of personal information we collect through our mobile application, available on the Google Play Store or Apple App Store, how we use that information, our legal basis for doing so, with whom we share it, your rights and choices, and how you can contact us about our privacy practices. This Policy does not apply to third-party sites, products, or services, even if they link to our Services or Platform, and you should carefully review the privacy practices of those third parties.

By acknowledging this Policy, you accept the practices described herein (including new versions of this Policy when they go into effect) and our Terms of Use (the "Terms"), which govern this Policy and contain disclaimers of warranties and limitations of liabilities.

DEFINITIONS

Capitalized words not defined in this Privacy Policy are defined in our Terms. It is important to read this Policy alongside the Terms to understand the key concepts provided and explained therein.

The words with the initial letter capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or plural form.


  • Personal Information/Personal Data: Means any information that relates to an identified or identifiable individual. For the purposes of this Policy and Turkish Personal Data Protection Law (Law No. 6698), personal data means any information relating to you, such as a name, an identification number, location data, online identifier, or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural, or social identity.
  • Data Subject: Means a natural person who can be identified or rendered identifiable through the personal data related to them.
  • Device: Means any device that is suitable to access the Service, such as a cellphone or tablet with an internet connection.
  • Personal Data Breach: Means a breach of security, whether accidental or intentional, resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.
  • Personal Data Protection Legislation: Means any applicable personal data protection legislation at the time and place of data processing activity, including but not limited to the Turkish Personal Data Protection Law (Law No. 6698).
  • Service Provider: Any natural or legal person who processes the data on behalf of Routo. It refers to third-party companies or individuals employed by Routo to facilitate the Service, to provide the Service on behalf of Routo, to perform services related to the Service, or to assist Routo in analyzing how the Service is used.
  • Third Party: Means any other natural or legal person that is not part of Routo.
  • Third-Party Services: Means any product that third-party service providers submit to users for the proper performance of the Platform.
  • Third-Party Service Provider: Means any tool, website, or application which a user can benefit from.
  • Usage Data: Means data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Platform: Means the "Routo" mobile application, including all of its features and content, accessible from the Google Play Store or Apple App Store.
  • User: Refers to the individual accessing or using the Platform and Services, or the legal entity on behalf of which such individual is accessing or using the Platform and Services, as applicable.
  • For the purpose of Turkish Personal Data Protection Law, you can be referred to as the Data Subject.

HOW WE COLLECT DATA

We collect personal information concerning you from various sources to provide the Services and manage the Platform. We also obtain information from you and from third parties as detailed below.

Please note that if you decline to provide any required information requested by Routo, you may not be able to take full advantage of the Services and their features.

a) Platform Users and the Services

We collect information from and about you and your interactions with us. This includes, but is not limited to, when you:

  • Use the Services.
  • Provide travel-related information, such as your starting and destination locations, budget, travel dates, travel preferences, interests, and companions for travel planning.
  • Reach out to us through customer support.

b) Third-Party Integrations (Service Providers)

We utilize third-party service providers to offer certain Services on our behalf when personal data is necessary for them to perform their duties. These include Google Sign-In and Apple Sign-In for social login (collecting only your name, surname, and email address) and Vercel for hosting and storing data. We also integrate Smartlook for analytics purposes, but this data is not linked or associated with individual users—it is used only in an anonymized, aggregated form to analyze app usage and improve functionality. These service providers are prohibited from using personal information for any other purpose and are contractually obligated to comply with all applicable laws and requirements, including Turkish Personal Data Protection Law.

Third-party service providers are bound by their own use and privacy policies, and Routo cannot be held responsible for their actions that violate any rights arising from personal data protection legislation. We strongly advise you to read the terms and conditions and privacy policies of any third-party service providers or websites you interact with.

c) Cookies and Automatic Collection Methods

We may collect information about your online activities on the Platform and your devices over time. This collection includes automatically collected information and generally does not include personal information unless you provide it through our Platform or choose to share it with us by other means. Methods we use include:

  • Device Information: IP address, device type, internet browser type, operating system, and other device details.
  • Usage Data: Time spent on the Platform, pages visited, interactions with in-app features, and other usage patterns.

To learn more about how we use cookies and similar technologies, please refer to our Cookie Policy section (if applicable, or this can be integrated into this Policy).

TYPES OF DATA COLLECTED

a) Personal Data We Collect from Users

While using our Services, we may ask you to provide certain personally identifiable information, which can be used to enable your transactions, manage registrations, contact you, or identify you. This information may include, but is not limited to:

  • Identifiers and Contact Information: Name, surname, and email address (collected via Google Sign-In and Apple Sign-In).
  • Travel-Related Information: Starting and destination locations, budget, travel dates, travel preferences, interests (e.g., adventure, culture, food, nature, etc.), and companions for travel planning.
  • Communications and Interactions: Email messages or other communications exchanged with you through customer support or feedback channels.

You may also opt-in to submitting additional information through other methods, such as participating in surveys or promotions within the App.

b) Information We Collect Automatically on Our Platform and Services

Our Platform uses cookies, device data, and other technologies to function effectively. These technologies record information about your usage of our Platform, including:

  • Device Information: IP address, device type, internet browser type, operating system, and other technical specifications.
  • Usage Data: Time spent on the Platform, pages visited, interactions with in-app features (e.g., navigation, plan creation), and other usage patterns.

While using our Services, we do not collect photos, files, or other media from your device unless explicitly required for a specific feature (e.g., uploading travel documents with your consent). We may request permission to access certain device features (e.g., location for travel planning), but you can enable or disable access at any time through your device settings.

Please note that the Google Play Store and Apple App Store have their own privacy policies and practices, which we encourage you to read before downloading our mobile application.

USE OF PERSONAL DATA

a) Our Services

We use the information we collect to conduct our business and provide you with the best possible travel planning Services and online experiences. We rely on several legal grounds under Turkish Personal Data Protection Law (Law No. 6698) to ensure that our use of your personal data is compliant with applicable law. We use personal data to facilitate business relationships with our users, comply with legal obligations, pursue our legitimate business interests, and, if necessary, based on your prior explicit consent.

  • Pre-contractual, Contractual, and Post-contractual Business Relationships
  • We use personal information to enter business relationships with prospective users and to perform contractual obligations under contracts we have with our users. Examples include:
  • Providing Services: Deliver personalized travel plans, process transactions you have requested, and enable you to participate in various Service features (e.g., creating travel itineraries).
  • Processing Account Registration: Verify your information (e.g., name, email) is active and valid via Google or Apple Sign-In.
  • Verifying, Responding, or Communicating with You: When you register with the Platform, make a request or inquiry through support channels, or share feedback about the Services.
  • Fulfilling Customer Requests: We may use third-party service providers (e.g., Vercel, Smartlook) to handle customer support or analytics, ensuring personal data is used only as necessary.
  • Legal and Regulatory Compliance
  • We use personal data to verify the identity of our users and comply with applicable laws, including Turkish Personal Data Protection Law. These obligations may require us to report compliance to third parties or submit to audits.
  • Legitimate Business Interests
  • We rely on our legitimate business interests to process certain personal data concerning users. We have identified the following business purposes as legitimate, balancing our interests against the rights of individuals:
  • Ensuring security and integrity of our Platform and business, protecting against fraud, unauthorized transactions, and managing risk exposure.
  • Responding to inquiries, sending service notices, and providing customer support.
  • Promoting, analyzing, modifying, and improving our products, systems, tools, and Services, and developing new features to increase functionality and user-friendliness.
  • Managing, operating, and improving the performance of our Platform by understanding its effectiveness and optimizing our digital assets.
  • Conducting aggregate analysis and developing business intelligence to operate, protect, make informed decisions, and report on business performance.
  • Sharing personal data with third-party service providers (e.g., Vercel, Smartlook) who help us operate and improve our business, ensuring data is anonymized or aggregated where applicable.

If we need to use your personal data in any other way, we will notify you at the time of collection and, if required by relevant legislation, obtain your consent.

b) Marketing and Events-related Communications

We may send you email marketing communications about Routo and its Services, invite you to participate in our surveys, or otherwise communicate with you for marketing purposes, provided we do so in accordance with applicable consent requirements under Turkish law. When we collect your contact details, we may use the information to follow up with you, send information you have requested, and, with your permission, include you in our marketing campaigns.

HOW WE SHARE PERSONAL DATA

Routo may share your personal data to:


  • Satisfy any applicable law, regulation, legal process, or governmental request under Turkish law.
  • Enforce this Policy and our Terms of Use, including investigating potential violations.
  • Detect, prevent, or address fraud, security, or technical issues.
  • Respond to your requests.
  • Protect our rights, property, or safety, users, and the public.
  • Fulfill our obligations arising from contracts with our users.

We share personal data with a limited number of our service providers, including:


  • Vercel: For hosting and storing data on their servers.
  • Google Sign-In and Apple Sign-In: For social login authentication (collecting only name, surname, and email address).
  • Smartlook: For analytics purposes, but this data is anonymized and not linked to individual users—it is used only to analyze app usage and improve functionality.

These providers offer services on our behalf and may need access to personal data to perform their services. We authorize them to use or disclose personal data only as necessary to perform services on our behalf or comply with legal requirements. They are contractually obligated to protect the security and confidentiality of personal data they process on our behalf, in compliance with Turkish Personal Data Protection Law.

We may disclose information in aggregate form to third parties relating to user behavior in connection with actual or prospective business relationships, such as advertisers and content distributors, but we do not share identifiable personal data with third parties for marketing or advertising purposes unless you have provided explicit consent.

Third parties are prohibited from using personal information for any other purpose and are contractually obligated to comply with all applicable laws, including Turkish Personal Data Protection Law. We encourage our service providers to adopt and post transparent privacy policies. However, their use of your personal information is governed by their privacy policies and is not subject to our control. You acknowledge that we are not responsible for violations caused by our service providers.

Business Transfers

In the event I enter into or intend to enter into a transaction that alters the business structure—such as a reorganization, merger, acquisition, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of the business, assets, or stock related to Routo—we may share personal data with third parties to facilitate and complete the transaction. This may include the sale or transfer of the Routo mobile application or other assets to another party. In such cases, I will ensure that the recipient agrees to protect the privacy of your personal data in a manner consistent with this Privacy Policy.

TURKISH PRIVACY INFORMATION

Your Rights and Choices Under Turkish Personal Data Protection Law (Law No. 6698)

Routo respects the confidentiality of your personal data and ensures you can exercise your rights under Turkish law.

Under this Policy, and by law if you are in Turkey, you have the right to:


  • Right of Access: Obtain confirmation from us as to whether or not personal data concerning you is processed and, where that is the case, access such personal data.
  • Right to Rectification: Request correction of inaccurate personal data and completion of incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): In certain cases, request the erasure of your personal data, unless retention is required by law.
  • Right to Restriction of Processing: Request restriction of processing for a certain period and/or in certain situations (e.g., if you contest the accuracy of the data).
  • Right to Data Portability: Receive your personal data from us in a structured, commonly used, and machine-readable format and transmit such data to another controller.
  • Right to Object: Object to the processing of your personal data in certain cases, including for direct marketing purposes.
  • Right to File a Complaint: File complaints with the Turkish Personal Data Protection Authority (KVKK) regarding our processing of your personal data.

Exercising Your Turkish Data Protection Rights

You have the right to complain to the Turkish Personal Data Protection Authority (KVKK) about our collection and use of your personal data. However, I would appreciate the opportunity to address your concerns before you approach the KVKK.

You may exercise your rights of access, rectification, erasure, restriction, data portability, and objection by contacting us at routoapp@gmail.com. Please note that I may ask you to verify your identity before responding to such requests. I will endeavor to respond as soon as possible, and within the timelines required by Turkish law (typically 30 days, with a possible extension of 15 days if necessary).

SECURITY AND RETENTION

We make reasonable efforts to provide you with an appropriate level of security relative to the risk associated with the processing of your personal data. We take organizational, technical, and administrative measures designed to protect your personal data against unauthorized access, destruction, loss, alteration, or misuse. Your personal data may only be accessed by a limited number of personnel who need access to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you believe your interaction with us is no longer secure (e.g., you think your account is compromised), please contact us immediately at routoapp@gmail.com.

We retain your personal data as long as we are providing Services to you or as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by Turkish law. We retain personal data after we cease providing Services to comply with legal and regulatory obligations, including those under Turkish Personal Data Protection Law, and to handle potential disputes or claims. When determining the retention period, we consider criteria such as the nature and length of our relationship with you, the type of Services requested or provided, possible re-engagement with our Services, mandatory retention periods provided by law, and the statute of limitations.

We also take measures to delete your personal information or keep it in a form that does not permit identifying you when it is no longer necessary for processing purposes, unless required by law to keep it longer.

INTERNATIONAL DATA TRANSFERS

Routo is hosted and stores personal data on Vercel servers, which may be located outside Turkey, including in the United States or other countries. We may transfer personal data we maintain about you to recipients in countries other than the country in which the personal data was originally collected. Those countries may have different data protection rules than Turkey. However, I will take measures to ensure that any such transfers comply with applicable data protection laws, including Turkish Personal Data Protection Law, and that your personal data remains protected as described in this Policy. This may include implementing appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other mechanisms approved under Turkish law or international standards, to ensure the security of your data during transfer.

In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those countries may be entitled to access your personal data, subject to applicable laws.

USE BY MINORS

The Services are not directed to individuals under the age of 18, and they should not provide personal data through the Services. If you believe a minor has provided us with personal information, please contact us at routoapp@gmail.com.

UPDATES TO THIS POLICY AND NOTIFICATIONS

I may change this Policy from time to time to reflect new services, changes in our personal data practices, or relevant laws. The “Last Updated” date at the bottom of this Policy indicates when it was last revised. Any changes are effective when I post the revised Policy on the Platform. I may provide disclosures and alerts regarding the Policy or personal data collected by posting them on the Routo Platform and, if you are a user, by contacting you through the email address you provided (e.g., via Google or Apple Sign-In).

LINKS TO OTHER WEBSITES

The Services may provide the ability to connect to other sites. These sites may operate independently from us and may have their own privacy notices or policies, which I strongly suggest you review. If any linked website is not owned or controlled by Routo, I am not responsible for its content, use, or the privacy practices of its operator.

JURISDICTION

Routo prioritizes compliance with Turkish Personal Data Protection Law (Law No. 6698) to ensure privacy is a priority. You have the right to request further information on our personal data processing activities based on Turkish law.

CONTACT US

If you have any questions, concerns, or complaints about this Policy, please contact us at:

Email: routoapp@gmail.com



Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org