Privacy Policy
Effective Date: January 1, 2025
Last Updated: May 26, 2026 — added Section 1.4 covering MCP / AI assistant integrations
EVRoutes ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electric vehicle route planning service.
Educational Purpose Notice: EVRoutes is provided for educational and informational purposes only. Route calculations and charging station information are estimates and should not be solely relied upon for actual travel planning. Users should independently verify all information and use appropriate navigation tools for their journeys.
1. Information We Collect
1.1 Personal Information You Provide
- Account Information: Name, email address, password (encrypted)
- Profile Data: Vehicle details (make, model, year, battery capacity, charging specifications)
- Preferences: Display units, currency, language, charging preferences
- Contact Information: When you contact us for support
1.2 Information Collected Automatically
- Usage Data: Routes planned, charging stations selected, feature usage
- Device Information: Browser type, operating system, device identifiers
- Location Data: Start/end points, waypoints (only when actively using route planning)
- Log Data: IP address, access times, pages viewed, app crashes
- Cookies and Similar Technologies: Session cookies, preference cookies, analytics cookies
1.3 Information from Third Parties
- Charging station data from public databases and APIs
- Map and navigation data from mapping service providers
- Weather and traffic data for route optimization
1.4 Information from AI Assistant Integrations (MCP)
EVRoutes provides a Model Context Protocol (MCP) app that lets you plan EV trips directly inside AI assistants such as ChatGPT and Claude. When you use these integrations:
- Trip parameters you mention in the chat (origin, destination, vehicle make/model, battery percentage, weather conditions) are sent to our servers as tool inputs so we can compute your route and charging stops.
- We do not receive your chat history, your account identity on the AI platform, or any other conversation you have with the assistant. Tool inputs arrive without a user identifier.
- The AI host (OpenAI for ChatGPT, Anthropic for Claude, or the operator of any other MCP client) processes the conversation on its own infrastructure under its own privacy policy. We have no visibility into your other chats, stored memory, or files on those platforms.
- Geocoding queries for place names (e.g. "Riga to Berlin") are forwarded to Mapbox under their privacy policy.
- Error telemetry from MCP tool calls may be sent to Sentry for debugging. We strip free-form text fields (such as vehicle nickname) before sending and never log full conversation context.
2. Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
- Contract Performance: To provide our route planning services
- Legitimate Interests: To improve our services, ensure security, and prevent fraud
- Consent: For marketing communications and optional features
- Legal Obligations: To comply with applicable laws and regulations
3. How We Use Your Information
- Provide, maintain, and improve our route planning services
- Calculate optimal routes and identify charging stations
- Personalize your experience based on your vehicle and preferences
- Send service-related notifications and updates
- Respond to customer support requests
- Analyze usage patterns to improve our algorithms
- Detect, prevent, and address technical issues
- Comply with legal obligations and enforce our terms
- With your consent, send promotional communications
4. Information Sharing and Disclosure
We do not sell or rent your personal information. We may share your information only in these circumstances:
- Service Providers: With trusted third parties who assist us (hosting, analytics, customer support)
- Legal Requirements: When required by law, court order, or government request
- Vital Interests: To protect the health or safety of individuals
- Business Transfers: In connection with merger, acquisition, or sale of assets
- Aggregated Data: Non-identifiable aggregated data for research or analysis
- With Your Consent: When you explicitly agree to sharing
5. Data Security
We implement industry-standard security measures including:
- Encryption of data in transit (TLS/SSL) and at rest
- Regular security audits and vulnerability assessments
- Access controls and authentication mechanisms
- Employee training on data protection
- Incident response procedures
However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
6. Your Rights and Choices
6.1 GDPR Rights (European Users)
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit processing of your data
- Portability: Receive your data in a machine-readable format
- Objection: Object to certain processing activities
- Automated Decision-Making: Not be subject to solely automated decisions
6.2 CCPA Rights (California Residents)
- Know: Information about data collection and sharing practices
- Access: Specific pieces of personal information collected
- Delete: Request deletion of personal information
- Opt-Out: Opt-out of sale of personal information (we do not sell data)
- Non-Discrimination: Equal service regardless of privacy choices
To exercise these rights, contact us at [email protected]. We will respond within the legally required timeframe (typically 30 days).
7. Data Retention
We retain personal information for different periods depending on the purpose:
- Account Data: As long as your account is active
- Route History: 90 days (unless saved by you)
- Analytics Data: 24 months
- Legal Records: As required by applicable law
- Marketing: Until you unsubscribe
After deletion, some information may remain in backups for up to 90 days.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions where applicable
- Your explicit consent for specific transfers
9. Cookies and Tracking Technologies
We use the following types of cookies:
- Essential Cookies: Required for basic functionality
- Performance Cookies: Help us understand usage patterns
- Functionality Cookies: Remember your preferences
- Analytics Cookies: Track anonymous usage statistics
You can control cookies through your browser settings. Disabling certain cookies may limit functionality.
10. Children's Privacy
Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware of collection from a child, we will promptly delete such information.
11. Third-Party Links
Our service may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review their privacy policies.
12. Do Not Track Signals
We do not currently respond to Do Not Track (DNT) browser signals. However, you can use our cookie preferences to control tracking.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Posting the new policy with an updated date
- Sending an email notification (for material changes)
- Displaying a prominent notice in our application
Continued use after changes constitutes acceptance of the revised policy.
14. Contact Information
Data Controller: EVRoutes
Email: [email protected]
Data Protection Officer: [email protected]
Response Time: We aim to respond to all inquiries within 30 days
15. Supervisory Authority
EU residents have the right to lodge a complaint with their local data protection authority if they believe we have not adequately addressed their concerns.