1Route

This Privacy Policy explains how 1Route ("we," "our," or "us"), developed by AshCore Labs, handles information when you use our mobile application (the "App") on iOS or Android.

1Route is a smart delivery routing app that helps dispatchers build optimised multi-stop routes and helps drivers navigate them stop-by-stop with live progress tracking. To do this effectively, the App uses your device location, stores route and delivery data in the cloud, and sends push notifications. We collect only what is strictly necessary to provide these features.

By using the App you agree to the practices described in this policy.

Account Information

When you create an account, we collect your email address and a securely hashed version of your password. Your email is used to identify your account and enable password reset functionality. Your password is never stored in plain text — it is hashed using industry-standard encryption (SCRYPT algorithm) via Firebase Authentication.

Google Sign-In: You may also sign in using your Google account. We receive your name, email address, and profile photo from Google, stored in Firebase Authentication. We do not access your Google Drive, Gmail, or any other Google services.

Sign in with Apple: You may also sign in using your Apple ID. Apple shares your name and email address (or Apple's private relay email) with us, stored in Firebase Authentication. Apple does not share your Apple ID password with us.

Precise Location (GPS)

The App requests access to your device's precise location to:

• Set your current position as the route start point
• Display your real-time position on the in-app delivery map while on duty
• Enable turn-by-turn handoff to your preferred navigation app (Google Maps, Apple Maps, Waze)

Location is collected only while the App is in use (foreground). We do not collect background location when the App is closed or in the background.

Delivery & Route Data

Delivery stops (addresses, customer names, phone numbers, delivery amounts) and route progress (current stop index, completed/failed stop IDs) are stored in Firebase Firestore and locally on your device via AsyncStorage. This data is linked to your account so your progress is preserved across devices and app restarts.

Route History

Completed route runs — including stop addresses, outcomes (delivered / failed), distance, and duration — are saved both locally and in Firebase Firestore, linked to your account. You can delete individual history entries or clear all history from within the App.

Favorite Addresses

You can save frequently-used delivery addresses as favorites. These addresses (including custom labels, categories like Home/Work/Delivery, and coordinates) are stored in Firebase Firestore linked to your account and synced across all your devices.

Push Notification Tokens

Firebase Cloud Messaging (FCM) assigns your device a token used to send you push notifications (e.g., new delivery assignments). This token is stored in Firestore linked to your account and refreshed automatically by the FCM SDK.

Diagnostic Data

Google Firebase and the platform app stores (Apple App Store / Google Play) may provide anonymised crash reports and usage statistics. This data cannot identify you individually.

Subscription & Purchase Data

If you purchase a 1Route Pro subscription or lifetime plan, your purchase is processed by Apple App Store. We do not receive or store your payment card details. We use RevenueCat to verify your subscription status and entitlements across devices. RevenueCat may receive your app user ID and purchase receipt for this purpose.

Advertising Data (Free Tier Only)

Free-tier users of 1Route may see banner advertisements served by Google AdMob. To serve ads, Google AdMob may collect:

• Your device's advertising identifier (IDFA on iOS) — only if you grant App Tracking Transparency (ATT) permission
• General device information (model, OS version) for ad compatibility
• Approximate location (country/region) for regional ad targeting
• Ad interaction events (impressions, clicks)

On iOS 14.5+, you will be shown Apple's ATT prompt before any personalised ad tracking begins. If you decline, only non-personalised ads are shown. Pro subscribers never see ads and AdMob is not initialised for their sessions.

What We Do Not Collect

• No background location when the App is not in use
• No contacts or microphone access
• No advertising identifiers (IDFA) unless ATT permission is granted
• No cross-app or cross-website tracking without explicit ATT consent
• No payment card or banking information

• Account information — to authenticate you, enable password reset, and associate your routes, deliveries, and favorites with your account.
• Location — to set the route origin, show your position on the map, and hand off navigation to your preferred map app. Never used for advertising or tracking.
• Delivery & route data — to display your stops, track progress, persist an in-progress route across app restarts, and build your delivery history.
• Favorite addresses — to provide quick access to frequently-used addresses and sync them across your devices.
• FCM token — to deliver push notifications (delivery assignments, status updates).
• Subscription data — to verify your Pro entitlement and unlock premium features across devices.
• Advertising data (free tier) — Google AdMob uses device and, if consented, advertising identifiers to serve relevant banner ads to free-tier users. Pro users are never shown ads.
• Diagnostic data — to identify and fix crashes and technical issues.

We do not use any data for advertising, profiling, or any purpose beyond operating the App.

Each permission can be revoked at any time in your device Settings.

No third-party analytics SDKs or data broker integrations are used. Google AdMob is the only advertising SDK and is only active for free-tier users.

We do not sell, rent, or share your personal information with third parties for their own purposes.

Limited disclosure may occur only in these circumstances:

• Compliance with applicable law or a valid legal process (court order, subpoena)
• Protecting the rights, property, or safety of users, AshCore Labs, or others
• As required by the third-party services listed in Section 5 to operate their features (e.g., sending an address to Google Maps to compute a route)
• Anonymised, aggregated data that cannot identify any individual

There are no advertising partners. Your data is never used for ad targeting.

• Cloud data: Firebase Firestore data is encrypted at rest and in transit using TLS.
• Local data: Data cached locally via AsyncStorage is protected by your device's own encryption (iOS Data Protection / Android Keystore).
• Authentication: Passwords are hashed using SCRYPT. Account access is managed by Firebase Authentication with secure token-based sessions.
• API keys: Google Maps API keys are restricted by platform and bundle ID to prevent unauthorised use.

No security system is impenetrable. If you believe your account has been compromised, contact us immediately at hello@ashcorelabs.com.

• Account data: Retained while your account is active. Deleted within 30 days of account deletion upon request.
• Delivery & route data: Retained while your account is active. You can delete individual deliveries or history entries within the App.
• Favorite addresses: Retained while your account is active. You can edit or delete favorites at any time within the App.
• Local cached data: Automatically deleted when you uninstall the App.
• FCM tokens: Retained while your account is active; invalidated when you sign out.
• Location data: Not stored. Location is read from the device sensor in real time and is not persisted on our servers.

Depending on your region, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update your email address or reset your password through the App's account settings.
• Deletion: Request deletion of your account and all associated data. Cloud data is deleted within 30 days of your request.
• Revoke permissions: Revoke location, notification, or camera access at any time in your device Settings.
• Portability: Request your delivery history and favorites in a machine-readable format.

To exercise any of these rights, contact us at hello@ashcorelabs.com. We will respond within 30 days.

1Route is designed for professional delivery drivers and dispatchers and is not directed at children under 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at hello@ashcorelabs.com and we will delete it promptly.

We may update this Privacy Policy to reflect new features or legal requirements. The "Last Updated" date at the top of this page will always reflect the most recent revision. For material changes, we will notify you via a push notification or an in-app banner. Continued use of the App after changes are posted constitutes acceptance of the updated policy.

Questions, requests, or concerns about this Privacy Policy?

Email: hello@ashcorelabs.com

AshCore Labs

We aim to respond to all privacy enquiries within 30 days.