Privacy Policy
Last updated: January 2026
This Privacy Policy explains how Routecore (“Routecore”, “we”, “our”, “us”) collects, uses, stores and discloses personal information in connection with the Routecore website and platform (the “Services”). Routecore provides a secure platform for creating, sending, verifying and approving proposals and schedules of rates, including OTP verification and audit-trail evidence.
- We collect information needed to run secure approvals (including OTP verification and audit logs).
- We use security, access controls and retention practices designed for compliance and dispute-resilient records.
- We share information only with authorised users and vetted service providers required to operate the Services.
1. Scope
This Policy applies to:
- Account holders (business users, administrators, staff).
- Clients/signers who receive links, verify by OTP, view and approve documents.
- Website visitors who browse routecore.au.
2. Definitions
Personal information means information about an identified individual or an individual who is reasonably identifiable.
Organisation means the business account/workspace that uses Routecore to create and send documents for approval.
Audit trail means system-generated logs and evidence associated with document lifecycle events (e.g., created, sent, viewed, OTP verified, approved).
3. Information we collect
The information we collect depends on how you use the Services. We may collect:
| Category | Examples | Why we collect it |
|---|---|---|
| Account & workspace data | Name, email, phone (optional), organisation name, roles/permissions, settings | Provision accounts, manage access, apply organisation settings |
| Client/signer data | Name, email/phone (for OTP), approval status, signature metadata | Deliver approval links, verify identity, record acceptance |
| Document content | Proposals, schedules of rates, attachments, template fields you upload/create | Provide the Services, generate PDFs/exports, enable approvals |
| Audit & security logs | Timestamps, event history, IP address, device/browser info, access attempts | Security, fraud prevention, compliance evidence, troubleshooting |
| Usage & technical data | Pages viewed, feature usage, error logs, performance metrics | Improve performance, reliability, user experience |
| Billing data (if enabled) | Plan, invoices/receipts, transaction IDs (payment details handled by processor) | Administer subscriptions, payments, fraud controls |
Note: We do not intentionally collect sensitive information (e.g., health data) as part of the Services. Please do not upload sensitive information unless necessary and authorised.
4. How we collect information
- Directly from you when you create an account, configure settings, create documents or contact us.
- From your organisation if an administrator invites you or adds your details.
- From signers/clients when they open approval links, verify via OTP and approve or decline.
- Automatically through logs, cookies and similar technologies when you use the Services.
5. How we use information
We use personal information to:
- Provide, operate, maintain and improve the Services.
- Deliver approval links, send notifications and service messages (including OTP messages where applicable).
- Verify identity, prevent misuse, detect fraud and enforce security controls (including rate limiting and lockouts).
- Generate and preserve audit trails and evidence for approvals and document events.
- Provide support, respond to enquiries and manage incidents.
- Administer billing, subscriptions and entitlements (if enabled for your account).
- Comply with legal obligations and protect the rights, safety and integrity of Routecore and users.
6. Legal basis and compliance
Where applicable, we process personal information because it is necessary to provide the Services (contract), for our legitimate interests (security, platform integrity, product improvement), to comply with legal obligations, and/or with your consent (for example, optional marketing communications).
Routecore is designed for business use. Organisations using Routecore are typically responsible for ensuring they have a lawful basis to provide signer/client details to Routecore and to request approvals through the Services.
7. OTP verification and audit trail data
OTP verification is used to confirm a signer before approval. For security, we may retain records of OTP delivery, verification attempts, lockouts, and associated metadata (e.g., timestamps, IP address, device/browser signals).
Audit trails are designed to be tamper-resistant records of document events. Audit data may be retained even if a document is deleted where required for integrity, dispute handling, compliance, or legal obligations (subject to retention rules below).
8. Cookies and similar technologies
We may use cookies and similar technologies to keep you signed in, remember preferences, and understand usage. You can manage cookies through your browser settings. Disabling cookies may affect platform functionality.
9. Disclosure of personal information
We may disclose personal information:
- To your organisation (e.g., admins viewing approvals, audit trails, and document status for their workspace).
- To service providers who help us operate the Services (e.g., hosting, databases, email delivery, SMS/OTP delivery, analytics, error monitoring, payment processing).
- For legal and safety reasons (e.g., to comply with law, respond to lawful requests, enforce terms, prevent fraud, or protect rights and safety).
- Business transfers (e.g., merger, acquisition, or asset sale), subject to appropriate confidentiality and transition safeguards.
We do not sell personal information. We do not disclose personal information to third parties for their direct marketing unless permitted by law or you consent.
10. Overseas disclosure
Routecore may use service providers that store or process data outside Australia. Where this occurs, we take reasonable steps to ensure appropriate safeguards are in place (such as contractual protections and security controls) consistent with this Policy.
11. Data retention
We retain personal information for as long as necessary to provide the Services, maintain audit integrity, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary by data type (e.g., billing records vs. access logs).
Organisations may be able to delete certain content within the platform. Some data (especially audit logs and security records) may be retained for platform integrity and legal/compliance reasons.
12. Security
We implement administrative, technical and physical safeguards designed to protect personal information against unauthorised access, disclosure, alteration and destruction. Measures may include encryption in transit, access controls, role-based permissions, logging and monitoring.
No system is 100% secure. You are responsible for keeping your credentials confidential and for notifying us promptly if you believe your account has been compromised.
13. Your rights and choices
Depending on your location and applicable law, you may have rights to request access to, correction of, or deletion of personal information. To make a request, contact us using the details below. We may need to verify your identity before responding.
- Access & correction: You can request access to personal information we hold about you and request corrections.
- Deletion: You can request deletion where permitted. Some records may be retained for security, audit integrity, or legal reasons.
- Marketing choices: You can opt out of marketing communications (service messages like OTP and critical notices may still be sent).
14. Children
The Services are not directed to children under 16 and must not be used by them. We do not knowingly collect personal information from children under 16.
15. Changes to this Policy
We may update this Policy from time to time. The “Last updated” date at the top indicates the latest version. If changes are material, we may provide additional notice through the Services.
16. Contact and complaints
If you have questions, requests, or complaints about privacy, contact us:
- Email: privacy@routecore.au
If you are not satisfied with our response, you may have the right to lodge a complaint with your local privacy regulator. In Australia, this may include the Office of the Australian Information Commissioner (OAIC).