Routive
Open navigation menu
FeaturesHow it worksPricingFAQLog inGet started

Legal

Privacy Policy

Last updated: 2026-06-28 · This document is provided in English, which is the governing version.

This Privacy Policy explains how Majmoon OÜ (“Routive”, “we”, “us”), a private limited company registered in Estonia (registry code 17184381 (VAT EE102839962), registered address Sepapaja tn 6, 15551 Tallinn, Estonia), collects, uses, and protects personal data when you use the Routive application and website (the “Service”). For data-protection purposes, Majmoon OÜ is the data controller for your account data. Questions: privacy@majmoon.co.

1. Data we collect

  • Account data — name, email, password (managed via Amazon Cognito), company name, country, and account type.
  • Billing data — handled by Stripe. We do not store full card numbers; we store your Stripe customer/subscription IDs, plan, billing name, billing address, and tax ID.
  • Usage data — searches you run, credit usage, and technical logs needed to operate and secure the Service.
  • Gmail connection (optional) — if you connect Gmail, we store only a KMS-encrypted Google refresh token. We never store your email content or attachments on our servers, and the refresh token is never returned to the browser or logged. See section 3.
  • Lead data you generate — business information compiled from publicly available sources (e.g. public map listings), which may include personal data such as the names, phone numbers, or email addresses of business contacts. See section 4.
  • Cookies — see our Cookie Policy.

2. How we use data

To provide and operate the Service; to process payments and manage subscriptions; to provide support; to secure the Service and prevent abuse; and to comply with legal obligations. Our legal bases under the GDPR are performance of a contract, our legitimate interests (operating and securing the Service), your consent (where applicable, e.g. non-essential cookies), and compliance with legal obligations.

3. Google user data (Gmail) — Limited Use

If you connect your Google account, Routive requests only the Gmail scopes needed for the features you use (sending and reading email from your own account inside Routive). Routive’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we do not:

  • use Google user data for advertising;
  • transfer or sell Google user data, except as necessary to provide or improve the feature you requested, to comply with law, or as part of a merger/acquisition;
  • allow humans to read your email data unless you give explicit consent for specific messages, it is necessary for security or to comply with law, or the data is aggregated and anonymized;
  • use Google user data to train generalized AI/ML models.

You can disconnect Gmail at any time in Settings; this revokes our stored refresh token. You can also revoke access at myaccount.google.com/permissions.

4. Lead data and third-party personal data

The Service helps you compile business contact information from publicly available sources. This data may include personal data relating to third parties (e.g. business owners or staff). When you collect, store, and use this data, you act as the data controller and are responsible for having a lawful basis and for complying with applicable laws (including the GDPR and e-privacy / anti-spam rules) when contacting those individuals. Routive processes this data on your behalf to provide the Service. If you are an individual whose data appears in Routive and wish to exercise your rights, contact privacy@majmoon.co and we will assist or route your request to the relevant controller.

5. Sharing and sub-processors

We share data only with service providers that help us run Routive:

  • Amazon Web Services (AWS) — cloud hosting, database, and encryption (EU region).
  • Cloudflare — application hosting / content delivery.
  • Stripe — payment processing and subscription management.
  • Google — only when you connect Gmail, to send/read your email at your request.

We do not sell your personal data. Where data is transferred outside the EEA, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

6. Retention

We keep account and billing data for as long as your account is active and as required to comply with legal, tax, and accounting obligations. You can delete your account, after which we delete or anonymize personal data that we are not required to retain. Complaint and support records may be retained as part of our records.

7. Your rights

Subject to applicable law, you have the right to access, rectify, or erase your personal data; to restrict or object to processing; to data portability; and to withdraw consent at any time. You may also lodge a complaint with your supervisory authority — in Estonia, the Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee). To exercise your rights, contact privacy@majmoon.co.

8. Security

We use encryption in transit (TLS) and at rest, key management (AWS KMS) for sensitive secrets such as the Gmail refresh token, access controls, and least-privilege practices. No method of transmission or storage is completely secure, but we work to protect your data.

9. Children

The Service is intended for business use by adults and is not directed to children. We do not knowingly collect personal data from children.

10. Changes and contact

We may update this Policy from time to time; material changes will be posted here with a new “last updated” date. Contact us at privacy@majmoon.co or by post at Majmoon OÜ, Sepapaja tn 6, 15551 Tallinn, Estonia.