PathRoam

Privacy Policy

How we handle your data

Last updated: 26 March 2026

Introduction

PathRoam is a road trip planning platform built for explorers across Southern Africa, operated from South Africa by PathRoam. We are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have in relation to your information.

By using PathRoam, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of the platform.

Information We Collect

We collect only the information necessary to provide the PathRoam service. This includes:

  • Account data — your email address and display name, provided either through Google OAuth or direct email registration.
  • Trip data — destinations, stops, accommodation details, packing and shopping lists, cost estimates, and any notes or content you add to your trips.
  • Collaborator data — email addresses of people you invite to collaborate on a trip.
  • Usage data — pages visited and feature interactions. We do not currently use any third-party analytics services. Usage signals are limited to what is captured in application logs on our own infrastructure.
  • Payment data — subscription and billing information is handled entirely by Paystack. We never store, transmit, or have access to your card numbers, banking details, or other sensitive payment credentials.
  • Support correspondence — messages and metadata you submit through our contact form or via email.

How We Use Your Information

We use the information we collect solely to operate and improve PathRoam. Specifically, we use your data to:

  • Create and manage your account and authenticate your identity.
  • Store and display the trip content you create, including sharing it with any collaborators you invite.
  • Send transactional emails, including account verification, password resets, trip invitations, and subscription confirmations.
  • Process and manage your subscription payments through our payment provider, Paystack.
  • Respond to support requests and contact form submissions.
  • Identify and fix bugs, monitor service availability, and improve the reliability and performance of the platform.

We do not sell, rent, or trade your personal information to any third party. We do not use your data for advertising purposes.

Third-Party Services

PathRoam relies on a small number of carefully selected third-party services to function. Each service receives only the data necessary for its specific role:

  • Supabase — provides authentication, database hosting, and real-time functionality. Supabase receives and stores your email address, account data, and all trip data you create. Data is hosted on infrastructure within the European Union.
  • Paystack — handles all payment processing. Paystack receives your email address and subscription details when you initiate a payment. Paystack operates under its own privacy policy and PCI DSS compliance standards.
  • Geoapify — provides map tiles, routing calculations, and geocoding (address search). Geoapify receives location search queries and map tile requests. No personally identifiable information is sent to Geoapify.
  • Google Places API — used to discover and synchronise accommodation data. Google receives location coordinates when we query for nearby places. No personal data from your account is sent to Google through this integration.
  • Resend — handles transactional email delivery. Resend receives email addresses and the content of outgoing emails, such as invitation messages and password reset links.

We encourage you to review the privacy policies of these services for further information on how they handle data.

Cookies & Local Storage

PathRoam uses a minimal set of browser storage mechanisms required for the platform to function correctly:

  • Authentication session cookies — managed by Supabase to keep you logged in across browser sessions. These are strictly necessary and cannot be disabled without preventing login.
  • Theme preference — your chosen colour theme (light or dark) is stored in localStorage under the key pathroam-theme. This data never leaves your device.
  • Offline edit queue — when you use PathRoam as a Progressive Web App (PWA), pending changes made while offline are temporarily stored in your browser's IndexedDB. This data is local to your device and is synced to our servers once your connection is restored.

We do not use any advertising, tracking, or analytics cookies.

Data Retention & Deletion

We retain your personal data for as long as your account remains active on PathRoam. Trip data and account information are preserved so that your plans are available whenever you return.

You may request deletion of your account and all associated data — including trips, stops, packing lists, and account details — at any time by emailing us at support@pathroam.co.za. We will process your deletion request within 30 days of receipt and confirm once your data has been permanently removed.

Note that certain records, such as payment transaction logs, may be retained by Paystack in accordance with their own legal and regulatory obligations.

Data Security

We take reasonable and appropriate technical measures to protect your data:

  • All data transmitted between your browser and our servers is encrypted over HTTPS using TLS.
  • Database access is controlled by row-level security (RLS) policies, ensuring that users can only read and modify their own data.
  • Data stored in our database is encrypted at rest by our infrastructure provider, Supabase.
  • No sensitive credentials or secrets are stored in client-side code or exposed in the browser.
  • Our production server enforces strict process isolation, with application processes running under a dedicated unprivileged system user.

While we implement these safeguards, no method of electronic transmission or storage is completely secure. We encourage you to use a strong, unique password and to keep your login credentials confidential.

Children's Privacy

PathRoam is not intended for use by children under the age of 13. We do not knowingly collect personal information from anyone under 13 years of age. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at support@pathroam.co.za and we will take steps to remove that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time as the platform evolves or as legal requirements change. When we make material changes, we will update the “Last updated” date at the top of this page. We may also notify you by email if the changes are significant.

Your continued use of PathRoam after any changes to this policy are posted constitutes your acceptance of the updated terms. We encourage you to review this page periodically to stay informed about how we protect your data.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please contact us:

We aim to respond to all privacy-related enquiries within 5 business days.