Privacy Policy

Effective Date: November 29, 2025
Operated by: Cornerstone Strategy LLC

Part I. Route X Global Privacy Policy

1. Who We Are

Route X is a coaching and client-management, and professional development platform operated by Cornerstone Strategy LLC ("Route X", "we", "us" or "our"), a company based in the State of New Jersey, United States.

We are committed to protecting the privacy, confidentiality, and security of all personal information and coaching-related content processed through our services. Route X does not sell or rent user data, and Route X does not use your content to train artificial intelligence ("AI") models unless you provide explicit, voluntary, and revocable Opt-in consent.

2. Scope of This Policy

This Policy applies to personal information collected when you:

  • Use Route X web application
  • Visit our website
  • Communicate with our support team
  • Participate in events, webinars, or training sessions
  • Connect third-party integrations (e.g., Google Calendar, Microsoft Outlook, Zoom, Google Meet)

This Policy does not apply where Route X acts as a data processor under separate agreements with enterprise customers.

3. Information We Collect

A. Account Information

We collect:

  • Name, email address, username
  • Password (hashed)
  • Optional profile attributes (e.g., time zone, phone number, organization, role/title, profile picture etc.)
  • Authentication metadata (IP address, browser/device type, login timestamps)

B. Usage Data

Includes:

  • Access logs, session duration
  • Pages visited, clicks, form submissions
  • Device information, browser settings

Used exclusively for security, diagnostics, performance improvement, and analytics.

C. Coaching Content (Highly Sensitive Data)

May include:

  • Session notes, goals, action items, worksheets, journals
  • Session logs and metadata
  • Uploaded files, documents, voice or video recordings
  • Coaching program materials
  • Data synced from integrations (calendar events, meeting metadata)

We do not access or use Coaching Content except to provide the core functionality of the platform, transmit or display it to authorized users, troubleshoot issues with your explicit permission, or where required by law.

4. How We Use Information

We use personal information to:

  • Provide and maintain the Route X platform
  • Authenticate accounts and secure access
  • Deliver features, integrations, reminders, and notifications
  • Analyze usage patterns for performance optimization
  • Respond to support requests
  • Comply with legal requirements

We do not use Coaching content for:

  • Advertising
  • Behavioral profiling
  • AI training (unless explicitly Opted-in)
  • Sale or targeted sharing

5. AI Model Training and Opt-In Consent

Route X does not use Coaching Content for AI model training without your explicit consent.

A. Anonymous Data Used Without Opt-in

To improve security, reliability, and platform intelligence, we may use:

  • Aggregate, de-identified usage analytics
  • Non-personal metadata (feature usage, performance metrics)

This data cannot identify individuals and does not include Coaching Content.

B. Opt-in for AI Model Training (User-Controlled)

You may voluntarily choose to opt-in to allow Route X to use strictly anonymized and de-identified Coaching Content signals for improving machine learning models.

Before use:

  • Personal identifiers are irreversibly removed
  • Organization names, people names, and contextual identifies are removed
  • Text is transformed into abstracted coaching signals (topics, categories, session dynamics)

Opt-in is not required to use Route X and can be withdrawn at any time.

C. No Raw Session Notes or Identifiable Text Used

Even with opt-in, Route X does not use raw text, logs, or identifiable session data for training models.

6. Cookies & Tracking Technologies

We use cookies classified as:

A. Anonymous Data Used Without Opt-in

To improve security, reliability, and platform intelligence, we may use:

  • Aggregate, de-identified usage analytics
  • Non-personal metadata (feature usage, performance metrics)

This data cannot identify individuals and does not include Coaching Content.

B. Opt-in for AI Model Training (User-Controlled)

You may voluntarily choose to opt-in to allow Route X to use strictly anonymized and de-identified Coaching Content signals for improving machine learning models.

Before use:

  • Personal identifiers are irreversibly removed
  • Organization names, people names, and contextual identifies are removed
  • Text is transformed into abstracted coaching signals (topics, categories, session dynamics)

Opt-in is not required to use Route X and can be withdrawn at any time.

C. No Raw Session Notes or Identifiable Text Used

Even with opt-in, Route X does not use raw text, logs, or identifiable session data for training models.

6. Cookies & Tracking Technologies

We use cookies classified as:

  • Essential Cookies: Authentication, security, session management
  • Functional Cookies: Preferences, time zone, language
  • Analytics Cookies: Aggregated performance and usage metrics

Users may manage cookie settings through browser controls or available platform options.

7. Data Security

We implement industry-standard technical and organizational safeguards, including:

  • TLS encryption in transit
  • Encryption at rest
  • Password hashing
  • Network segmentation
  • Privileged access controls
  • Continuous monitoring and vulnerability assessment

8. Staff Access Controls & Audit Logging

  • Access is based on least-privilege principles
  • Coaching Content access requires elevated authorization and is tightly restricted
  • All access events are recorded in immutable audit logs
  • Logs are monitored to prevent unauthorized access
  • Subprocessors must meet equivalent security and confidentiality standards

9. Data Retention & Backup Retention (30 Days)

  • Account data is retained during the period of active use
  • Coaching Content is retained until you delete it or terminate your account
  • Backups are for disaster recovery only and maintained for up to 30 days
  • Deleted data may remain in encrypted backup archives for a maximum of 30 days, after which it is automatically purged

10. Data Transfers (Including Japan → U.S.)

Data is stored and processed in the United States.

For users in Japan, transfers occur in compliance with the Act on the Protection of Personal Information ("APPI"), including ensuring:

  • Adequate protective measures
  • Contractual safeguards
  • Transparency regarding overseas transfer

Part II. Japan Supplement (APPI Compliance)

Applies to users residing in Japan.

1. Purpose Specification

Personal data is used strictly within the scope defined in Part I, Section 4.

2. Third-Party Provision

We do not provide personal data to third parties except:

  • With your consent
  • As required by law
  • As part of entrusting processing to service providers (not considered "third-party provision" under APPI)

3. Entrusted Processing

We supervise processors appropriately and require:

  • Security measures
  • Confidentiality contracts
  • Approval for further subcontracting

4. Overseas Transfer to the U.S.

Transfer include:

  • Notice of overseas destination
  • Assessment of protection measures
  • Contractual commitments ensuring appropriate safeguards

5. Requests for Disclosure, Correction, Suspension

You may request:

  • Disclosure of Retained Personal Data
  • Correction, addition, deletion
  • Suspension of use or provision

All requests: support@route-x.app

6. Cookies Under APPI Guidelines

Cookies use complies with relevant guidance from the PPC of Japan.

7. Sensitive Information

Coaching-related information is not automatically classified as "Special Care-Required Information," but Route X treats it with heightened safeguards.

1. Purpose Specification

Personal data is used strictly within the scope defined in Part I, Section 4.

Part III. California Supplement (CCPA/CPRA)

Applies to California residents.

1. Notice at Collection

We collect categories listed in Part I.

2. Consumer Rights

  • Access
  • Deletion
  • Correction
  • Information on disclosures

3. Sensitive Personal Information

Not used for purposes requiring an opt-out.

4. Do Not Sell or Share

Route X does not sell or share personal information.

Part IV. EU/UK GDPR Supplement (Framework)

(To be fully expanded upon EU launch.)

  • Lawful bases for processing
  • Rights of access, rectification, erasure, portability
  • Special category data rules
  • International transfer mechanisms (SCCs)
  • EU/UK representative (to be designated)

Part V. Definitions

"Coaching Content":
User-submitted content such as notes, logs, goals, documents, worksheets, or recordings.
"Personal Information":
Information relating to an identified or identifiable individual.
"Aggregated Data":
Data that cannot reasonably identify an individual.
"Retained Personal Data" (APPI):
Personal data over which we have authority to disclose, correct, or delete.
"Sell / Share" (CCPA):
Disclosure for monetary or targeted advertising gain (not performed by Route X).
"Subprocessor":
A vendor engaged to process data on Route X's behalf.

Contact Us

For questions regarding this privacy policy:

support@route-x.app
Cornerstone Strategy LLC
New Jersey, United States
cornerstone-strategy.com