Privacy Policy

1. Information We Collect

Account information. Name, email address, password (stored as a one-way hash by our authentication provider), role (owner / admin / manager / rep), team association, and subscription status.

Customer records (CRM data). Accounts, contacts, notes, follow-ups, meetings, and other sales records that you or your organization enter into the Service. You and your organization are the owners of this data; we process it on your behalf to provide the Service.

Route & location data. Stops, planned routes, optimized stop sequences, driving distance and time estimates, and GPS-verified visit records (timestamp, dwell time, and approximate coordinates of the visit). We request foreground and (where you opt in) background location permission on mobile only for the following operational purposes:

• Route planning — building the day’s route around your current position.
• Mileage optimization — computing optimized stop sequences and accurate mileage for reimbursement.
• Visit verification — confirming you were physically at a stop when you mark it visited.
• Routing — turn-by-turn handoff to your native maps app.

Location data is not used for advertising and is not sold to third parties. You can revoke location permission at any time from your device settings; some routing and visit-verification features will be limited or unavailable without it.

Payment information. Subscription plan, billing interval, seat count, and Stripe customer/subscription identifiers. We do not store full credit card numbers; payment cards are handled by Stripe, Inc. We may retain billing history, invoices, payment status, and related identifiers for accounting, fraud prevention, dispute handling, and legal compliance.

Device & usage data. Standard log information such as IP address, device type, browser/OS, app version, push-notification tokens, error reports, and event timestamps used for diagnostics and security.

Biometric authentication preference. If you enable Face ID or Touch ID unlock, the biometric check runs entirely on your device using the operating system’s secure enclave. SalesRoad does not receive, transmit, or store any biometric data (such as facial scans or fingerprints). We store only a boolean preference indicating whether you have enabled the feature.

2. How We Use Information

• Provide and operate the Service (auth, routing, CRM, notifications).
• Process payments and manage subscriptions through Stripe.
• Send transactional notifications (follow-up reminders, billing emails).
• Detect, prevent, and respond to abuse, security incidents, and bugs.
• Improve features and aggregate, de-identified product analytics.
• Comply with legal obligations.

3. Service Providers (Sub-Processors)

We use a small set of vetted providers to operate the Service. They process information only on our instructions and for limited purposes:

• Google Firebase — authentication, database (Firestore), Cloud Functions, hosting, and push messaging.
• Stripe, Inc. — payment processing, card tokenization, subscription management, and tax calculation.
• Map & geocoding providers (e.g., Google Maps / Directions) — route optimization and address geocoding requests.
• Resend — transactional email delivery (invite emails, account notifications).
• Expo / Apple / Google push services — delivery of push notifications.

Google Maps Platform. Route optimization, driving-distance estimates, address geocoding, and business-search features use Google Maps Platform APIs (Maps, Places, Routes, Directions). When you use these features, certain data (such as stop addresses, route waypoints, and search queries) is sent to Google for processing. Google’s use of this data is governed by the Google Privacy Policy. We do not permit Google to use your route or CRM data for advertising purposes.

Diagnostic logs are retained for a limited window for security, debugging, and abuse prevention.

4. Cookies, Analytics & Logging

Cookies and local storage. Our website and app use a small number of strictly-necessary cookies and local-storage entries to keep you signed in, remember your last-used team and plan, persist UI preferences (e.g., theme, route view), and protect against fraud. We do notset third-party advertising cookies, build cross-site profiles of you, or share cookie data with ad networks.

Analytics and diagnostics. We collect limited product analytics (e.g., page or screen views, feature usage counts, anonymized performance metrics) and server/error logs via Firebase and our hosting provider. This data is used to operate, debug, and improve the Service and is retained for a limited window. It is not sold and is not used for ad targeting.

Do Not Track. Our site does not respond differently to browser Do Not Track signals because we do not perform cross-site tracking in the first place.

5. We Do Not Sell or Share Personal Information

We do not sell your personal information or your Customer Data and we do not share it for cross-context behavioral advertising, in each case as those terms are defined under the California Consumer Privacy Act / California Privacy Rights Act and analogous U.S. state privacy laws. We have not sold or shared personal information for these purposes in the last 12 months and we have no intention of doing so. We do not knowingly sell the personal information of minors under 16.

6. Data Sharing Within Your Organization

If you join a team or enterprise account, your account, route, visit, and performance data may be visible to administrators, owners, and managers within your organization consistent with their role. We enforce role-based access controls server-side to limit access to authorized personnel only.

7. Security

We use industry-standard security controls including encrypted transport (HTTPS/TLS), authentication tokens, and server-side database rules that enforce role and organization scoping. No system is perfectly secure; you should use a strong password and notify us immediately of any suspected account compromise.

8. Data Retention & Account Deletion

Active accounts. We retain account and Customer Data for as long as your subscription remains active.

Canceled or inactive accounts. After cancellation or expiry we retain data for a wind-down window (currently up to 30 days) so you can resume service or export records, after which Customer Data is scheduled for deletion.

Self-service deletion. You can initiate account deletion from Settings → Account in the web app or in the mobile app. Deletion permanently revokes your access and starts the irreversible removal of your personal information and Customer Data subject to the retention exceptions below. Confirmation is required and processing may take several days to fully propagate across backups and sub-processors.

Retention exceptions. We may retain limited records as required by law or for legitimate business purposes, including billing and tax records, fraud/abuse signals, and aggregated, de-identified analytics. If your account belongs to an organization, the organization owner retains rights over Customer Data created in that workspace.

Team and workspace data. If you are invited into a team or enterprise workspace, records created in that workspace may remain with the workspace if you are removed or if you delete your own account. Route history, account records, follow-ups, meetings, and related business records may remain available to authorized managers, admins, or owners for continuity, auditing, and reporting.

If you cannot access the in-product deletion control, email support@salesroadapp.com and we will process the request manually.

9. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete the personal information we hold about you, and to object to or restrict certain processing. To exercise these rights, email support@salesroadapp.com. We will respond within a reasonable timeframe and may need to verify your identity before fulfilling the request.

10. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights regarding your personal information, subject to legal limits and verification:

• Right to know what categories and specific pieces of personal information we have collected about you and how we use, disclose, and retain it.
• Right to access / portability — receive a copy of your personal information in a usable, portable format.
• Right to correct inaccurate personal information.
• Right to delete personal information we have collected from you, subject to the retention exceptions in Section 8.
• Right to limit use of sensitive personal information — we do not use sensitive personal information beyond purposes permitted by law.
• Right to opt out of sale or sharing — as stated in Section 5, we do not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of.
• Right to non-discrimination for exercising any of the above.

To exercise these rights, or to have an authorized agent submit a request on your behalf, email support@salesroadapp.com with the subject line “California Privacy Request”. We will verify your identity before responding.

11. Background Location Data

On mobile devices, SalesRoad may request permission to access your location in the background (when the app is not in the foreground) for the purpose of recording mileage and route progress during active routes. Background location data is used only for mileage calculation, visit verification, and route tracking while a route is in progress. We do not track your location when you are not on an active route. You can disable background location permission at any time from your device settings; route mileage tracking and certain visit-verification features will be limited or unavailable without it.

12. AI-Assisted Features & Future Processing

The Service may incorporate artificial-intelligence or machine-learning features (such as route optimization algorithms, suggested actions, or predictive analytics) now or in the future. If we introduce AI features that materially change how personal data is processed, we will update this Policy and provide notice. We may use aggregated, de-identified data to train and improve product features; we will not use identifiable personal data or Customer Data for model training without your explicit consent.

13. Children

The Service is intended for use by adults in a professional context and is not directed to children under 16. We do not knowingly collect personal information from children.

14. International Transfers

We are based in the United States and use service providers located in the United States and other jurisdictions. By using the Service, you understand that your information may be processed in countries other than your country of residence.

15. Changes to This Policy

We may update this Policy from time to time. We will update the effective date above and, for material changes, provide reasonable notice through the Service or by email.

16. Contact

Questions about this Privacy Policy or your data? Email support@salesroadapp.com.