Privacy Policy

This Privacy Policy outlines how One Route X processes your personal data when you use our mobile application and website (collectively, the “Services”). It also explains your rights and how we protect your privacy in line with data protection laws including GDPR, CCPA, and others.

Categories of Personal Data Processed

Data You Provide:

  • Identifiers (e.g., name, email, age, gender)
  • Account photo and credentials
  • Communication content
  • Health and wellness data (e.g., body metrics, workout info, menstrual data)
  • Body scan photos and AI analysis (subject to consent)
  • In-app purchase records

Automatically Collected Data:

  • Log and device data (e.g., IP, device model, OS)
  • Usage metrics and feature interactions
  • Workout motion dots (processed locally; stored temporarily for system testing)
  • Cookies and tracking technologies

From Other Sources:

  • Data from analytics, marketing, and security partners

Categories of Personal Data Processed

Purpose

Service provision and personalization (e.g., AI Assistant, workouts)

Product improvement, research, analytics

Age verification

Customer support

Service-related communications (e.g., confirmations, alerts)

Marketing and promotions

Onboarding, website-app integration

Lookalike audience creation

Security, misuse prevention

Legal compliance and protection

Data anonymization for research, improvemen

Legal Basis

Contract performance; Consent (for health data)
Product improvement, research, analytics

Legitimate interests; Consent (e.g., Body Scan use)

Contract performance

Legitimate interests

Legal obligation or contractual duty

Consent (opt-out available)

Legitimate interests

Consent

Legal obligation; Legitimate interests

International Data Transfers

Where required, we apply appropriate safeguards (e.g., Standard Contractual Clauses) for data transfers outside the EU, EEA, UK, or Switzerland.

Data Retention

We retain personal data only as long as necessary for the purposes stated or to comply with legal obligations. Some data (e.g., purchase records, consent logs) may be retained for compliance or dispute resolution. Anonymized data may be retained indefinitely.

Your Privacy Rights

You may, subject to your jurisdiction:

  • Access, correct, or delete your data
  • Restrict or object to processing
  • Withdraw consent at any time
  • Request data portability
  • File complaints with data protection authorities

To exercise your rights, email _____ Verification may be required.

Security

We implement encryption, access controls, and organizational safeguards to protect your data. Despite these measures, no system is immune from risk. In the event of a breach, you will be notified as required by law.

Sharing with Third Parties

We engage processors and service providers under strict confidentiality and data protection agreements. Categories include:

  • Hosting and infrastructure (e.g., AWS, Firebase)
  • Analytics and AI services (e.g., Amplitude, OpenAI)
  • Payment providers (e.g., Stripe, Apple, Adyen)
  • Marketing tools (e.g., AppsFlyer)
  • Customer support (e.g., Zendesk)

We do not sell or rent personal data. Use of Apple HealthKit/Google Health Connect data is not permitted for marketing.

Communication Preferences

We may send necessary service-related messages. Promotional communications require your consent and can be disabled via the unsubscribe link or device settings.

Changes to this Policy

We may update this policy to reflect changes in our processing or legal obligations. Where changes materially affect your rights, we will request your renewed consent beforehand.