Privacy Policy
This Privacy Policy describes how the Routeoneig mobile application (the "App") and its supporting services (collectively, the "Service") handle information about you. It is written to comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), and the People's Republic of China Personal Information Protection Law (PIPL), among other applicable privacy frameworks.
The Service is a market-data viewer for publicly available cryptocurrency information. It does not provide trading, brokerage, custody, or any form of financial advice.
1. Who We Are
For the purposes of GDPR Article 4(7), the data controller is the operator of the Service, contactable at the address in Section 13.
2. What Information We Process
2.1 Information You Provide Directly
None. The App does not require an account. There is no sign-up, sign-in, profile, or contact form. We do not ask for your name, email, phone number, payment details, or any government identifier.
2.2 Information Collected Automatically When You Use the Service
When the App makes network requests to our backend (REST and WebSocket), our servers, reverse proxy, and CDN observe certain technical metadata as part of normal HTTP routing. This includes:
- IP address of the device making the request;
- User-Agent string identifying the App, OS family, and version;
- Request URL, timestamp, and HTTP status code;
- Cloudflare-assigned ray identifier for routing diagnostics (Cloudflare is our edge network provider).
We do not collect device identifiers (IDFA / GAID), advertising tokens, GPS location, contacts, photos, microphone, camera, calendar, or biometric data. The App does not request these permissions.
2.3 Crash and Error Telemetry
The App is built with Sentry crash-reporting libraries embedded. In the current release the Sentry endpoint is not configured, meaning no crash data leaves your device. Should we enable crash reporting in a future release we will update this Policy and disclose the data scope (typically: stack trace, app version, OS version, device model — never personal content).
2.4 Information Stored Locally on Your Device Only
Some data is created on your device and never leaves it:
- Your watchlist selections (stored in a local Hive box);
- App preferences such as price-color scheme and tab choices (stored via the operating system's standard settings store);
- The WebView cache for any embedded web content (managed by the operating system).
Uninstalling the App removes all of the above.
2.5 Information from Third Parties
None about you. Our backend retrieves market data (prices, order book signals, liquidations) from the publicly accessible Binance Exchange API. This retrieval is server-to-server and unauthenticated; Binance does not receive any information that identifies you.
3. How We Use the Information
The technical metadata described in Section 2.2 is used solely to:
- Deliver the requested market data (route the response back to your device);
- Detect and mitigate abuse — denial-of-service, scraping at abnormal rates, malformed requests;
- Operate and improve the Service — measure latency, error rates, geographic distribution at the country level (never the individual level).
We do not build advertising profiles, run inference models on your behavior, or sell any data.
4. Legal Bases (GDPR)
Where GDPR applies, we rely on the following legal bases under Article 6:
- Contract (Art. 6(1)(b)): processing necessary to deliver the market-data response you requested by opening the App.
- Legitimate interests (Art. 6(1)(f)): our interest in keeping the Service available, secure, and reliable. We have weighed this against your rights and concluded the limited technical metadata involved is unlikely to override them.
- Legal obligation (Art. 6(1)(c)): where we must retain logs to comply with applicable law.
5. Sharing and Sub-Processors
We do not sell, rent, trade, or otherwise transfer your information to third parties for their own purposes. The only entities that process technical metadata on our behalf are infrastructure providers strictly necessary to operate the Service:
| Processor | Role | Region | Data Visible |
|---|---|---|---|
| Cloudflare, Inc. | CDN, edge TLS termination, DDoS protection | Global | IP, UA, URL, timestamp |
| Cloud server hosting provider (Tokyo, Japan) | Backend compute and storage | Japan | Same as above, plus PostgreSQL persistence layer |
| Apple Inc. / Google LLC | App distribution and platform privacy frameworks | USA | Standard App Store / Play Store metrics; not provided by us |
Each processor has its own privacy policy. We have evaluated their security postures and where applicable rely on their published Standard Contractual Clauses for international data transfers (see Section 7).
6. Data Retention
- Server access logs (Nginx, Fastify): rotated and retained for up to 30 days, then deleted.
- Cloudflare edge logs: per Cloudflare's retention policy (typically a few days for free-tier customers).
- Anomaly events stored in our database: retained for 7 days on a rolling window. These records do not contain any personal information; they describe market events (e.g. "BTCUSDT 5m close +2.3%").
- Local-only data on your device: persists until you delete it or uninstall the App.
7. International Data Transfers
Our backend is located in Tokyo, Japan. If you access the Service from the EEA, the UK, or another jurisdiction with data-export rules, your IP and request metadata will be transferred to Japan as a necessary consequence of routing your HTTP request to our servers. Japan is recognised by the European Commission as providing an adequate level of data protection (adequacy decision of 23 January 2019), so no additional safeguards are required for EEA-to-Japan transfers.
Cloudflare may route traffic through edge nodes outside your country. Cloudflare publishes Standard Contractual Clauses and a Data Processing Addendum that govern such transfers.
8. Your Rights
Subject to the law of your jurisdiction, you have the following rights:
8.1 Under GDPR
- Access — request a copy of any personal data we hold about you;
- Rectification — ask us to correct inaccurate data;
- Erasure ("right to be forgotten") — ask us to delete data;
- Restriction — ask us to pause processing while a dispute is resolved;
- Portability — receive your data in a machine-readable format;
- Objection — object to processing based on legitimate interests;
- Lodge a complaint with a supervisory authority in the EEA.
8.2 Under CCPA / CPRA
- Right to know what personal information has been collected;
- Right to delete personal information;
- Right to correct inaccurate personal information;
- Right to opt out of the "sale" or "sharing" of personal information — we do not sell or share your information for cross-context behavioral advertising;
- Right to limit use of sensitive personal information — we do not collect such information.
8.3 Under PIPL (China)
- Right to know, decide, restrict and refuse processing;
- Right to access and copy personal information;
- Right to correct, supplement and delete;
- Right to withdraw consent and request explanation of automated decisions.
Because our processing is limited to transient routing metadata (we do not retain a long-term identifiable profile of you), in practice the easiest way to exercise most of these rights is to stop using the App, after which we have no ongoing data about you. You may also contact us at the address in Section 13.
9. Cookies and Local Storage
The App itself does not place cookies. The web hosting layer at our domain (iosil.drjd.cc) may set a single Cloudflare cookie (__cf_bm) for bot detection; this cookie does not track you across sites and expires within 30 minutes of the last request. The App's optional WebView surface (only used as a fallback display mode) renders external content governed by the privacy policy of the page being shown.
10. Children's Privacy
The Service is not directed at children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from such children. If you become aware that a child has provided personal information to us, please contact us and we will take steps to remove it.
11. Security
We protect the Service with the following measures:
- HTTPS / TLS 1.3 for all client–server communication;
- Cloudflare DDoS mitigation and Web Application Firewall;
- Bound private network for our PostgreSQL and Redis layers — only the application server can reach them;
- Routine security patching of the operating system and runtime;
- No long-term storage of user-identifying data, which inherently limits the impact of any incident.
No system is perfectly secure. If we become aware of a personal-data breach we will notify affected users and supervisory authorities as required by applicable law.
12. Changes to This Policy
We may update this Policy from time to time. The "Effective" date at the top of this document indicates the latest revision. For material changes we will publish a notice in the App and, where appropriate, request renewed consent.
13. Contact
For privacy questions, requests, or complaints, please contact us at [email protected].
If you are in the EEA or UK and believe your data-protection rights have been violated, you may also lodge a complaint with your local supervisory authority.