Legal
Privacy Policy
1. Who we are
Detour ("we", "us", "our") is a UK-based service operated by William Renwick. We are the data controller for personal data processed through detourmaps.co and the Detour mobile application.
If you have any questions about this policy or how we handle your data, contact us at hello@detourmaps.co.
2. Data we collect
Account data
When you create an account we collect your email address. We use magic-link sign-in, so we do not store passwords.
Profile data
You may optionally provide a display name, username, and profile photo. You control the visibility of your saved and driven routes in your privacy settings.
Usage data
We collect information about routes you view, save, drive, or review, and interactions with features such as the speed-limit map. This allows us to provide and improve the service.
Location data (mobile app only)
The Detour mobile app requests location permission to show routes near you. We do not store your device location on our servers; it is used in-app only.
Payment data
If you subscribe to Detour Plus, your payment is processed by Stripe. We do not store your full card number. We retain the Stripe customer ID and subscription status in our database.
Technical data
We collect standard server logs including IP addresses, browser/device type, and referring URLs for security and performance monitoring.
Cookies and local storage
We use cookies for authentication session management (strictly necessary). We also use browser local storage to track your monthly speed-map view allowance on the free tier. We do not use third-party advertising cookies.
3. How we use your data
| Purpose | Legal basis |
|---|---|
| Providing the Detour service and your account | Contract performance (Article 6(1)(b) UK GDPR) |
| Processing Detour Plus subscriptions and payments | Contract performance (Article 6(1)(b) UK GDPR) |
| Sending magic-link sign-in emails | Contract performance (Article 6(1)(b) UK GDPR) |
| Improving the service and route recommendations | Legitimate interests (Article 6(1)(f) UK GDPR) |
| Security monitoring and fraud prevention | Legitimate interests (Article 6(1)(f) UK GDPR) |
| Complying with legal obligations | Legal obligation (Article 6(1)(c) UK GDPR) |
4. Who we share data with
We do not sell your personal data. We share data only with the service providers listed below, who process it on our behalf:
- Supabase Inc. (database, authentication, and edge functions) — data is stored in AWS infrastructure in the EU (eu-west-1). Supabase acts as a data processor under a Data Processing Agreement.
- Stripe Inc. — payment processing for Detour Plus subscriptions. Stripe is PCI-DSS certified. See Stripe's Privacy Policy.
- Mapbox Inc. — map rendering and geocoding. Map tile requests may include your approximate location. See Mapbox's Privacy Policy.
- Amazon Associates — route pages may include affiliate links to Amazon products. Clicking these links may allow Amazon to set cookies. See Amazon's Privacy Notice. Detour earns a commission on qualifying purchases at no extra cost to you. Detour Plus subscribers do not see affiliate links.
- Google Analytics — we may use Google Analytics to understand aggregate usage patterns. This data is anonymised and aggregated.
5. International transfers
Some of our service providers (Supabase, Stripe, Mapbox) transfer data outside the UK. Where this occurs, transfers are covered by the UK's International Data Transfer Agreement (IDTA) or adequacy decisions, or the providers hold UK GDPR-compliant safeguards.
6. How long we keep data
- Account data — retained for as long as your account is active. If you delete your account, your data is permanently deleted within 30 days.
- Subscription / billing records — retained for 7 years to comply with UK financial record-keeping requirements.
- Server logs — retained for up to 90 days.
7. Your rights
Under UK GDPR you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your data (subject to legal retention obligations). You can also delete your account directly in Settings → Delete account.
- Restriction — ask us to pause processing your data in certain circumstances.
- Portability — receive a copy of your data in a machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, email hello@detourmaps.co. We will respond within one month.
8. Right to complain
If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
9. Changes to this policy
We may update this Privacy Policy from time to time. We will indicate the date of the last update at the top of this page. For material changes, we will notify you by email if you have an account.