Privacy Policy

Mileweave ("we," "us," or "our") is operated by Centricle LLC. This Privacy Policy explains how we collect, use, and protect your personal information when you use mileweave.us (the "Service").

1. Information We Collect

Account Information

When you create an account, we collect your email address, display name, and password. Authentication is handled by Supabase.

Trip Data

When you use the Service, we store the trip data you create, including: trip titles, descriptions, and status; location data (addresses, geographic coordinates, Google Place IDs); waypoints and stop information; day segment breakdowns (distances, durations); and trip sharing tokens.

Guest Mode Data

If you use Mileweave without an account, a single trip is stored in your browser's localStorage. This data stays on your device and is not sent to our servers unless you create an account and choose to migrate it.

Trip Sharing

When you share a trip via a share link, recipients can view your trip title, description, status, all waypoint locations (addresses, coordinates), waypoint notes, and day segment breakdowns. Recipients cannot see your email address, display name, or other account information. Share links do not expire unless you delete them.

Automatically Collected Information

With your consent, we collect anonymized usage data through Google Analytics, including pages visited, time spent, device type, browser, and general geographic region. This data is not linked to your account.

2. How We Use Your Information

Provide and maintain the Service (account management, trip planning features)
Calculate routes and display maps via Google Maps
Enable trip sharing with people you choose
Understand how the Service is used so we can improve it (analytics)
Protect against abuse and maintain security

3. Third-Party Services

We use the following third-party services to operate Mileweave:

Service	Purpose	Data Shared
Supabase	Database & authentication	Account info, trip data
Google Maps Platform	Maps, routing, place search	Addresses, geographic coordinates, and Google Place IDs for all trip waypoints; real-time search queries when using location autocomplete; full trip itinerary (all waypoints) when calculating routes
Google Analytics	Usage analytics (consent-gated)	Anonymized browsing data
Stripe	Payment processing	Email address, subscription status. Payment card details are collected directly by Stripe and never touch our servers.
Netlify	Hosting & serverless functions	HTTP request data

Each service operates under its own privacy policy. We encourage you to review them.

4. Cookies & Local Storage

We use minimal cookies and browser storage:

Item	Type	Purpose	Required
Supabase auth token	localStorage	Keeps you signed in	Essential
mileweave_analytics_consent	localStorage	Remembers your analytics choice	Essential
mileweave_guest_trip	localStorage	Stores trip data in guest mode	Essential
Google Analytics cookies	Cookies	Usage analytics	Optional (consent-gated)

We do not use advertising or retargeting cookies. Google Analytics cookies are only set after you accept analytics via the consent banner. You can change your choice at any time by clearing your browser's local storage for this site.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 90 days. Anonymized analytics data may be retained indefinitely.

6. Data Security

We use reasonable measures to protect your information, including encryption in transit (HTTPS), secure authentication, and row-level security on our database. No method of transmission over the Internet is 100% secure, so we cannot guarantee absolute security.

7. Children's Privacy

Mileweave is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.

8. Your Rights

You have the right to:

Access the personal information we hold about you
Request correction of inaccurate information
Request deletion of your account and associated data
Control analytics cookies via the consent banner or your browser settings
Export your trip data

To exercise any of these rights, contact us.

9. US State Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, or another US state with consumer privacy laws, you may have additional rights including:

Right to know what personal information we collect and how it is used
Right to delete your personal information
Right to opt out of the sale of personal information (we do not sell your data)
Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us.

10. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours via email (for account holders) or through a notice on the Service. We will also notify relevant authorities as required by applicable law.

11. International Users

Centricle LLC is based in the United States. If you access the Service from outside the US, your data is transferred to and processed in the United States.

Our legal bases for processing personal data under the GDPR include:

Consent — analytics and non-essential cookies
Contract performance — providing account and trip planning features
Legitimate interests — security, abuse prevention, and service improvement

International users have the right to:

Access your personal data
Rectification of inaccurate data
Erasure of your data
Data portability
Restriction of processing
Object to processing