Privacy Policy
Last updated: February 12, 2026
Itinera ("we," "us," or "our") operates the Itinera route optimization and fleet management platform. This Privacy Policy explains how we collect, use, and protect information when you use our platform.
1. Information We Collect
Account Information. When you register, we collect your name, email address, and a password (stored as a bcrypt hash — we never store plaintext passwords). If your administrator enables two-factor authentication, we store a TOTP secret associated with your account.
Route and Operations Data. We store route information you create, including origin and destination addresses, waypoints, fuel stop selections, driver and vehicle assignments, and route status history. This data is entered by authorized users within your organization.
Fleet Tracking Data. If your organization connects Itinera to a telematics provider (such as Samsara), we receive vehicle locations, driver assignments, and fuel level data through that provider's API. This data is used solely for route monitoring and deviation detection.
Fuel Price Data. Fuel pricing information is uploaded by your organization via spreadsheet. We store station names, locations, and prices to optimize fuel stop recommendations.
Activity Logs. We log user actions within the platform (such as creating or updating routes) for audit and accountability purposes.
2. Cookies and Session Data
We use a single, strictly necessary session cookie (next-auth.session-token) to keep you logged in. This is a functional cookie required for the platform to operate. We do not use analytics cookies, advertising cookies, or third-party tracking cookies.
3. How We Use Your Information
We use the information we collect to:
- Authenticate users and manage account access
- Generate optimized routes and fuel stop recommendations
- Monitor fleet positions and detect route deviations
- Generate reports and export data as requested by your organization
- Maintain audit logs of platform activity
- Send system notifications (low fuel alerts, deviation alerts, route updates)
4. Data Sharing
We do not sell, rent, or share your data with third parties for marketing or advertising purposes. Data may be shared only in the following circumstances:
- Service providers. We use infrastructure providers (such as DigitalOcean for hosting and Google Maps for routing) that process data on our behalf to deliver the platform. These providers are bound by their own privacy policies.
- Telematics integrations. If you connect a telematics provider, data flows between that provider and Itinera as configured by your administrator.
- Legal requirements. We may disclose data if required by law, regulation, or valid legal process.
5. Data Security
We implement appropriate technical measures to protect your data, including encrypted connections (HTTPS/TLS), hashed passwords, rate-limited authentication endpoints, CSRF protection, input validation on all API endpoints, and role-based access controls. Access to the platform is restricted to users invited by your organization's administrator.
6. Data Retention
We retain your data for as long as your organization's account is active. Route data, activity logs, and fleet records are kept to support operational reporting and compliance needs. Account deletion requests can be made by contacting your organization's administrator or by reaching out to us directly.
7. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data, or to request a copy of the data we hold about you. To exercise these rights, contact your organization's administrator or reach out to us at the address below.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page with a revised "Last updated" date.
9. Contact
If you have questions about this Privacy Policy, contact us at: support@getitinera.com