Privacy Policy — Routifyy

1. Controller

The controller responsible for the processing of personal data on this website within the meaning of the Swiss Federal Act on Data Protection (nDSG) and, where applicable, the EU General Data Protection Regulation (GDPR) is:

KOMUNIQUE by Philipp Roth
Blumenrainstrasse 29
9050 Appenzell
Switzerland
Email: support@routifyy.com
Website: www.komunique.com

2. What Data We Collect

We collect and process the following personal data when you use Routifyy:

Account data: email address, provided during registration. Authentication uses passwordless email magic links.
Project data: URLs, redirect mappings, and project settings you create within the app.
OAuth tokens: access tokens for Webflow and Google Search Console, stored server-side and used solely to retrieve data on your behalf.
Usage and log data: standard server logs including IP addresses, browser type, operating system, referring URL, and request metadata. These are retained for up to 30 days for security and operational purposes.
Payment data: payment transactions are processed by Stripe, Inc. We do not store full payment card data. Stripe transmits to us only a transaction confirmation and a customer identifier.
Analytics data: anonymised usage behaviour and page views, collected via Google Tag Manager and Google Analytics (see Section 6).
Transactional email data: email address used for the delivery of transactional emails (e.g. account notifications) via Resend (see Section 5.7).

3. Legal Basis for Processing

We process your personal data in accordance with the Swiss Federal Act on Data Protection (nDSG) and, where applicable, the EU General Data Protection Regulation (GDPR). The applicable legal bases include:

Contract performance: processing necessary to provide the Routifyy service, including account management, project storage, and CSV export.
Legitimate interests: security logging, fraud prevention, service improvement, and analytics.
Consent: for analytics cookies (Google Tag Manager / Google Analytics) and where you have explicitly granted access to third-party services (Webflow, Google Search Console). You may withdraw consent at any time.
Legal obligation: where processing is required to comply with applicable law.

4. Hosting and Infrastructure

4.1 Application Hosting — Google Cloud Platform (GCP, EU)

Routifyy is hosted on Google Cloud Platform (GCP) with servers located in the European Union. Google LLC is certified under the EU–U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss–U.S. Data Privacy Framework (Swiss-U.S. DPF), which can be verified at dataprivacyframework.gov.

4.2 Database

All project data, redirect mappings, and user account information are stored in a PostgreSQL database hosted on Google Cloud Platform (GCP) infrastructure in the European Union.

5. Third-Party Services

Routifyy integrates the following third-party services. Where these involve a transfer of personal data outside Switzerland or the EEA, we have ensured appropriate safeguards are in place (Standard Contractual Clauses or equivalent).

5.1 Authentication — Email Magic Links

User authentication is handled in-house using passwordless email magic links and httpOnly session cookies. We store only your email address and a server-side session record. Magic-link delivery uses Resend (see Section 5.7). No third-party identity provider has access to your account credentials.

5.2 Stripe — Payment Processing

Credit purchases are processed by Stripe, Inc. (USA). Stripe processes payment card data, billing address, and transaction information. Stripe is certified under the EU–US DPF and operates under SCCs. We receive only a transaction confirmation and a customer reference ID — we do not store card numbers or full payment details. Stripe Privacy Policy

5.3 Webflow — Site Data (Read-Only)

With your consent, Routifyy connects to the Webflow, Inc. (USA) API to read your site's page structure. Access is strictly read-only. The OAuth access token you grant is stored server-side and used exclusively for this purpose. Webflow Privacy Policy

5.4 Google Search Console — URL Data (Read-Only)

With your consent, Routifyy connects to the Google Search Console API to retrieve URL performance data for your property. Access is strictly read-only. Google LLC is based in the USA but certified under the EU–US DPF. Google Privacy Policy

5.5 Google Tag Manager

This website uses Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Google Tag Manager is a tool that allows us to manage and deploy measurement code and related code snippets on our website. Google Tag Manager itself does not use cookies and does not collect personal data — it only triggers other tags which may collect data. Data processed through Google Tag Manager may be transferred to Google LLC (USA) under SCCs and the EU–US DPF. Google Privacy Policy

5.6 Google Analytics

This website uses Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to analyse usage behaviour. Google Analytics uses cookies to collect information such as pages visited, time spent on the site, and approximate geographic location (country/region level). IP addresses are anonymised before transmission. The data processing server for European visitors is located in Ireland (EU).

Data collected by Google Analytics may additionally be processed by Google LLC (USA) under SCCs and the EU–US DPF. You may opt out of Google Analytics tracking at any time by installing the Google Analytics Opt-out Browser Add-on.

The legal basis for this processing is your consent, which you may withdraw at any time via your browser settings or the Google Analytics Opt-out Add-on linked above.

5.7 Resend — Transactional Email

Transactional emails (such as account notifications and system alerts) are sent via Resend (Resend, Inc.). Email data is processed on servers located in Ireland (EU). Your email address is transmitted to Resend solely for the purpose of delivering these emails. Resend Privacy Policy

We do not sell your personal data to any third party and do not use it for advertising purposes beyond the analytics described above.

6. Cookies and Local Storage

Routifyy uses the following types of cookies and browser storage:

Strictly necessary cookies: a single httpOnly session cookie (routifyy_session) is set by Routifyy for authentication and session management. It is required for the Service to function and cannot be disabled.
Analytics cookies: set by Google Analytics via Google Tag Manager to collect anonymised usage statistics. These are only placed with your consent.
Local storage: Routifyy uses browser localStorage to persist session-related identifiers (e.g. Google Search Console tokens) across page reloads. No personal data is stored in localStorage beyond what is strictly necessary for service functionality.

You may manage your cookie preferences at any time via your browser settings. Disabling analytics cookies does not affect the core functionality of the Service.

7. International Data Transfers

Our hosting infrastructure is located exclusively within the European Union (see Section 4). However, certain third-party services integrated into Routifyy are based in the United States or process data there (see Section 5 — in particular Stripe, Webflow, and Google Search Console / Google Analytics). Switzerland does not grant the USA a blanket adequacy determination. We have therefore ensured that appropriate safeguards are in place for all such transfers, specifically:

Standard Contractual Clauses (SCCs) as approved by the European Commission and recognised under Swiss law by the Federal Data Protection and Information Commissioner (FDPIC)
EU–U.S. Data Privacy Framework (EU-U.S. DPF) certification, where applicable (e.g. Stripe, Inc., Google LLC)
Swiss–U.S. Data Privacy Framework (Swiss-U.S. DPF) certification, where applicable (e.g. Stripe, Inc., Google LLC)

The EU-U.S. DPF and Swiss-U.S. DPF are frameworks established by the U.S. Department of Commerce that provide EU and Swiss individuals with enforceable rights and effective redress mechanisms regarding the collection, use, and retention of their personal data transferred to the United States. Certified organisations can be verified at dataprivacyframework.gov.

You may request a copy of the applicable transfer safeguards by contacting us at support@routifyy.com.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Privacy Policy or as required by law:

Account data: retained for the duration of your account's existence. Deleted within 30 days of account closure upon request.
Project data: retained until you delete a project or request account deletion.
Server logs: retained for up to 30 days for security and diagnostic purposes.
Payment records: retained for 10 years to comply with Swiss accounting and tax law.
Analytics data: retained as configured in Google Analytics (default: 14 months for user-level data).

You may delete individual projects at any time within the app. To request full account deletion and erasure of all associated data, contact us at support@routifyy.com.

9. Your Rights

Under the Swiss nDSG (and, where applicable, the GDPR), you have the following rights regarding your personal data:

Right of access: you may request information about the personal data we hold about you.
Right to rectification: you may request correction of inaccurate data.
Right to erasure: you may request deletion of your personal data, subject to legal retention obligations.
Right to restriction of processing: you may request that we restrict processing under certain circumstances.
Right to data portability: you may request your data in a structured, machine-readable format.
Right to object: you may object to processing based on legitimate interests.
Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint: you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC, www.edoeb.admin.ch) or, if you are located in the EU/EEA, with your national supervisory authority.

To exercise any of these rights, please contact us at support@routifyy.com. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include encrypted data transmission (TLS/HTTPS), access controls, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for individuals within the meaning of applicable data protection law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users by email. The date of the most recent revision is indicated at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised Policy.

13. Contact and Data Protection Enquiries

For any questions, requests, or complaints regarding this Privacy Policy or the processing of your personal data, please contact:

KOMUNIQUE by Philipp Roth
Blumenrainstrasse 29
9050 Appenzell
Switzerland
support@routifyy.com