Privacy Policy

We collect information you provide directly to us when you request a demo, contact us, or use our platform. This includes:

- **Contact information**: Name, email address, job title, company name, and phone number. - **Account information**: Login credentials and profile details when you create an account. - **Usage data**: Information about how you interact with our platform, including log data, IP addresses, browser type, pages visited, and timestamps. - **Technical data**: Legacy system metadata you upload or connect to our platform for analysis purposes.

We do not collect or store the contents of your production databases, source code, or sensitive business data beyond what is necessary to provide the Route5 service.

We use the information we collect to:

- Provide, operate, and improve the Route5 platform and services. - Send you technical notices, security alerts, and support communications. - Respond to your comments and questions and provide customer service. - Send marketing communications about products, services, and events (you may opt out at any time). - Monitor and analyze usage trends to improve user experience. - Detect, investigate, and prevent fraudulent transactions and other illegal activities. - Comply with legal obligations and enforce our terms.

Route5 is designed with enterprise data sovereignty as a core principle.

**On-Premise Deployments**: All tracing agents, AI analysis, and data processing run entirely within your infrastructure. No source code, execution traces, database queries, or business logic data leaves your environment.

**Hybrid Deployments**: Where the AI analysis engine runs in Route5 cloud infrastructure, all data in transit is encrypted using TLS 1.3. Sensitive fields identified as PII, PCI, or PHI are masked before transmission and are never stored in Route5 systems.

**Bring your own model**: You may configure Route5 to use your own Azure OpenAI, AWS Bedrock, or self-hosted language model endpoint. In this configuration, no AI inference requests are sent to Route5 or third-party AI providers.

We do not sell, trade, or rent your personal information to third parties. We may share information in the following limited circumstances:

- **Service Providers**: We engage trusted third-party vendors (e.g., cloud hosting, analytics) who process data on our behalf under strict data processing agreements. - **Legal Requirements**: We may disclose information if required by law, subpoena, court order, or other governmental request. - **Business Transfers**: In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction, subject to equivalent privacy protections. - **With Your Consent**: We may share information with third parties when you have given explicit consent.

We retain personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law.

- **Account data** is retained for the duration of your account and deleted within 90 days of account termination upon request. - **Usage logs** are retained for up to 12 months for security and debugging purposes. - **Trace data and capability artifacts** generated during a Route5 session are retained according to your configured workspace retention policy, with a default maximum of 90 days.

Route5 implements industry-standard security practices to protect your information:

- All data in transit is encrypted using TLS 1.3 (modern asymmetric key exchange, e.g. elliptic-curve Diffie–Hellman, plus symmetric encryption such as AES-256-GCM for the session). - Data at rest is encrypted using AES-256 (where supported by our hosting and database providers). - Access to production systems is restricted to authorized personnel via multi-factor authentication. - We conduct periodic security assessments and penetration tests. - We apply controls appropriate to our current deployment stage and iterate as we scale.

Despite these measures, no system is completely secure. We encourage you to use strong passwords and to notify us immediately at neville@rayze.xyz if you suspect any unauthorized access.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

- **Access**: Request a copy of the personal data we hold about you. - **Correction**: Request that we correct inaccurate or incomplete data. - **Deletion**: Request deletion of your personal data, subject to legal retention requirements. - **Portability**: Request your data in a machine-readable format. - **Objection**: Object to processing based on legitimate interests or for direct marketing. - **Restriction**: Request that we limit how we use your data pending a dispute.

To exercise these rights, contact us at neville@rayze.xyz. We will respond within 30 days.

We use cookies and similar tracking technologies to operate our website and understand usage patterns. These include:

- **Essential cookies**: Required for the website to function correctly. - **Analytics cookies**: Help us understand how visitors use our site (e.g., Google Analytics with IP anonymization enabled). - **Preference cookies**: Remember your settings and preferences.

You can control cookie settings through your browser. Note that disabling certain cookies may affect the functionality of our website.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice on our website prior to the change becoming effective. We encourage you to review this policy periodically.

The date at the top of this page indicates when this policy was last updated.

If you have questions about this Privacy Policy or our data practices, please contact us:

**Route5** neville@rayze.xyz