Route Entry

Protected redirect links

Legal

Privacy Policy

Last updated: April 29, 2026

Overview

Route Entry is a free redirect link service. When you create a redirect, you configure a pipeline of gates that visitors pass through before reaching your destination URL. This policy explains what data is collected during that process, how it is stored, and what happens to it over time.

The short version: visitor data stays within Route Entry's infrastructure. We don't sell it, share it with advertisers, or use it to build profiles. Retention is automatic and enforced - data doesn't linger indefinitely.

What we collect

Route configuration

When you create a redirect, we store the route configuration: the destination URL, the gate pipeline settings, the route name, and any custom text or CSS you've provided for each step. This data is tied to a management token - not to any user account, because there are no user accounts.

Visitor sessions

Every visit to a redirect URL generates a session record. The session record captures:

  • A unique session identifier
  • Timestamps for each event in the session
  • Gate outcomes (passed, failed, blocked, consent granted/denied)
  • The visitor's IP address, if an IP capture step is active in the pipeline
  • Browser, OS, device type, preferred language, and viewport width, if a device capture step is active
  • GPS coordinates (latitude, longitude, accuracy), if a geolocation step is active and the visitor grants location permission
  • Number of password attempts, if a password gate is active
  • Bot challenge outcome, if a bot challenge step is active

The IP address, device details, and GPS coordinates are only collected when you've explicitly added the corresponding capture step to your route's pipeline. If those steps aren't active, that data is never collected. Collection of information is optionally conditional based on consent.

What we don't collect

We don't collect email addresses, names, or any personal information from route creators. We don't set persistent tracking cookies on visitor-facing pages. We don't build cross-route visitor profiles. We don't collect payment information (there's nothing to pay for).

How we use collected data

Visitor session data is used exclusively to power the analytics dashboard for the route it was collected on. Aggregate metrics (total visits, consent rates, bot rates), the per-session event timeline, and the geolocation heatmap all draw from this data. It is not used for advertising, product analytics, or any purpose beyond operating the redirect and analytics features.

Route configuration data is used to serve the redirect: to display the correct gate pages, validate passphrases, apply geolocation rules, and forward visitors to the destination URL.

Data retention

Retention is automatic and enforced by the system - it is not a manual process and does not require any action from you:

  • Visitor sessions are deleted after 30 days from the time they were created.
  • If a route accumulates more than 10,000 sessions, the oldest sessions are trimmed first to stay under the cap.
  • Route entries with no visitor activity for 90 consecutive days are deleted entirely, along with all associated session data.

Route configuration data persists until you delete the route from your dashboard, the 90-day inactivity window triggers automatic removal, or you request deletion by contacting us.

Third-party processors

All network traffic passes through Cloudflare's edge network, which means Cloudflare processes request metadata as part of normal network operation. Cloudflare's privacy policy governs their handling of this data.

If you've enabled the bot challenge gate on a route, Cloudflare Turnstile is loaded on that gate page. Turnstile may collect behavioral signals from the visitor's browser to distinguish human visitors from automated scripts. This is subject to Cloudflare's Turnstile privacy documentation.

The geolocation heatmap feature loads map tiles from OpenStreetMap tile providers via Leaflet. Viewing the heatmap sends a request to the tile server for the tiles covering the visible map area. No visitor data is sent to the tile provider - only the coordinates of the map view are used to request the correct tiles.

No other third-party services receive visitor data. No analytics platforms, no advertising networks, no data brokers.

Your rights and data requests

If you need visitor session data deleted before the automatic retention period ends, or if you want an entire route and its data removed immediately, contact us at hi@routeentry.com with your route ID. We'll handle deletion promptly.

Because Route Entry doesn't maintain user accounts, we can't identify "your data" without the route ID tied to your management token. Route IDs are included in your management token link.

Changes to this policy

If this policy changes materially - particularly around data collection, retention, or third-party sharing - we'll update the "Last updated" date at the top and note the change. We won't reduce your privacy protections without clear notice.

Contact

Questions about this policy or data handling: hi@routeentry.com. See also: Abuse Policy and Terms of Service.