Privacy Policy

1. Who we are

Tint Route is software operated by Geovane Garcia Azevedo (sole trader t/as Tint Route), ABN 43 904 734 945, located at 202/37 Barrack St, Perth WA 6000, Australia(referred to in this policy as “Tint Route”, “we”, “us”, or “our”). This policy explains how we handle personal information in connection with the Tint Route platform, including the customer-facing chat agent that replies to messages sent to a connected Facebook Page or Instagram account.

2. Scope

This policy applies to:

• Customers who interact with the Tint Route AI agent via the web chat widget, Facebook Messenger, Instagram Direct Messages, email, or SMS;
• Operators (window tinting businesses) who sign in to the Tint Route dashboard at app.tintroute.com; and
• Anyone whose data is shared with us by an operator (for example, an existing customer record imported into the platform).

3. Information we collect

We only collect what we need to operate the service. The categories below are exhaustive — we do not collect special categories of personal information (health, biometrics, financial account numbers) unless an operator chooses to add it to a quote or note, and we do not collect data from children under 16.

• Contact details — name, phone, email, and address (provided by the customer during the quote flow or by the operator when creating a record).
• Vehicle / property details — make, model, year, and any photos uploaded as part of a quote or job.
• Messages and conversation history — the content of messages sent to and from the AI agent across web chat, Messenger, and Instagram DMs, plus timestamps and read receipts.
• Facebook / Instagram identifiers— a page-scoped user ID (Messenger PSID) or Instagram-scoped user ID returned by Meta when a customer messages a connected Page. We do not receive the customer's Facebook email address or friend list.
• Operator account data — name, business name, email, and the Meta Page Access Token issued when the operator connects their Facebook Page.
• Usage and security logs — truncated IP addresses (/24 for IPv4, /48 for IPv6) and timestamps, used for rate limiting and abuse detection. We do not track full IP addresses or build cross-site profiles.

4. Why we collect it

We collect this information only to:

• Answer customer enquiries through the AI agent and route handovers to the operator;
• Build quotes, schedule appointments, and produce invoices on the operator's behalf;
• Send transactional notifications (booking confirmations, reschedules, follow-ups) to the customer;
• Operate the platform securely (authentication, rate limiting, abuse prevention); and
• Comply with our legal obligations under Australian law.

We do not sell personal information, we do not use it to serve third-party advertising, and we do not use the content of customer messages to train machine learning models.

5. Facebook Messenger and Instagram integration

When an operator connects their Facebook Page to Tint Route, Meta issues us a Page Access Token that lets us receive incoming messages and reply on the operator's behalf. We use the token only for that purpose. Our use and transfer of information received from Meta APIs adheres to the Meta Platform Terms and Developer Policies, including the limited use requirements.

To request the deletion of data we hold about you that originated from Facebook or Instagram, you can either:

• Email us at info@tintroute.com; or
• Remove Tint Route from your Facebook account (Settings → Apps and Websites), which triggers an automatic deletion request to our system. You will receive a confirmation code and can verify the status at app.tintroute.com/data-deletion/<code>.

6. Who we share information with

We share personal information only with the service providers we need to run the platform, and only the minimum required:

• Supabase (database, authentication, file storage) — hosted in the AP-South region.
• Vercel (application hosting and edge functions).
• Anthropic(AI inference for the customer chat agent) — message content is sent for the sole purpose of generating a reply and is not retained for training per Anthropic's API terms.
• Resend (transactional email delivery).
• Meta (when sending replies through Messenger or Instagram).

We may also disclose information where required by law, regulation, or court order, or to protect the rights and safety of customers, operators, or the public.

7. Where information is stored

Personal information is stored in our Supabase database hosted in the AP-South region (Mumbai, India). Backups are encrypted at rest. All data in transit is encrypted using TLS 1.2 or higher.

8. How long we keep it

We retain personal information for as long as we need to provide the service to the operator who introduced the record, plus a reasonable period after the relationship ends for legal, accounting, and audit purposes (typically 7 years for invoicing records under Australian Tax Office requirements). Conversation history is retained while the operator's Tint Route account is active and deleted within 30 days of account closure.

9. Your rights

Under the Australian Privacy Principles you have the right to:

• Access the personal information we hold about you;
• Correct inaccurate or outdated information;
• Request that we delete information we hold; and
• Complain to the Office of the Australian Information Commissioner if you believe we have mishandled your information.

To exercise any of these rights, email us at info@tintroute.com. We will respond within 30 days.

10. How to delete your data

There are three ways to delete the personal information we hold about you:

• Email request — write to info@tintroute.com from the address linked to your account. We will confirm and delete within 30 days.
• Remove the app from Facebook / Instagram — go to Facebook Settings → Apps and Websites, select Tint Route, and click Remove. Meta will notify us, we will delete your data, and you will receive a confirmation URL with a verification code.
• Operator-initiated deletion — ask the operator who introduced you to delete your record from their Tint Route dashboard.

11. Security

We protect personal information using industry-standard measures: TLS in transit, encryption at rest in the database, row-level security policies isolating tenant data, multi-factor authentication on operator accounts, and continuous security review. No method of transmission or storage is perfectly secure, but we maintain a posture appropriate to the sensitivity of the data we hold.

12. Children's privacy

Tint Route is not intended for use by children under 16. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us at info@tintroute.com and we will delete it promptly.

13. Changes to this policy

We may update this policy from time to time. The effective date at the top of the page reflects the most recent update. Material changes will be announced via email to operators and on the dashboard before they take effect.

14. Contact us

Questions, requests, or complaints about this policy can be sent to:

Geovane Garcia Azevedo (sole trader t/as Tint Route)
202/37 Barrack St, Perth WA 6000, Australia
Email: info@tintroute.com