Legal & Privacy

RoutePost is a form-submission backend operated by SimpleFunctions, LLC. It is available at routepost.dev.

For all legal and privacy inquiries, contact us at legal@routepost.dev.

RoutePost exists to route form submissions, which means we do receive and store the data your forms send us. We are transparent about this rather than claiming otherwise:

• Submission contents. We persist each submission in our database so we can (a) deliver it to your configured destinations (email, Slack, webhook), (b) display recent submissions in your dashboard inbox (capped per plan), and (c) retry delivery on transient destination failures. Stored encrypted at rest by our infrastructure provider. We do not read, mine, or sell submission content, and we do not use it to train any model.
• File uploads. When you enable file uploads on a form, the uploaded files are stored in our object storage subject to the per-file and per-submission size caps shown in your dashboard. We do not scan file contents. You are responsible for not collecting files you are not permitted to hold.
• Account data. The email address you use to sign in (for magic-link authentication), your selected plan, and the billing identifiers returned by Stripe if you subscribe.
• Operational data. Request logs, error traces, and aggregate metrics retained for service operation and security. These may incidentally contain IP addresses or user agents but are not indexed by submission content.

SimpleFunctions, LLC operates RoutePost as a commercial service and reserves the right to discontinue it at our discretion. In the event we retire the service or any plan tier, we will:

• Notify all active customers at least 30 days in advance via the email address on file.
• Keep CSV export available throughout that 30-day window so you can retrieve your submission data.
• After termination, retained submission data will be deleted in accordance with the per-plan retention windows below.

Each plan has a monthly submission cap. Submissions made after the cap is reached within a billing period are rejected with HTTP 429. The counter resets on the first of each calendar month.

• Free: 500 submissions / month
• Starter: 3,000 submissions / month
• Pro: 15,000 submissions / month

If you need a higher cap than the published Pro tier, contact us at legal@routepost.dev to discuss a custom arrangement. We do not offer an uncapped tier off the shelf.

Submission data is retained on a per-plan basis. Retention is strictly enforced by a daily purge — there is no grace period and no recovery once a submission is past its retention window.

• Free: 30 days
• Starter: 180 days
• Pro: 365 days (1 year — hard ceiling)

After the retention window expires, submission rows are permanently deleted. File-upload attachments referenced by deleted submissions are deleted as part of the same sweep. There is no grace period and no recovery. Use CSV export from your dashboard to retain submission data beyond these windows if you need it.

Deleting a form removes its submissions immediately. Closing your account removes your data within 30 days, except for records we are legally required to keep (e.g. billing records, security logs relevant to a known incident).

RoutePost delivers form submissions through three destination types, each with a different latency contract:

• Slack and webhook destinations fire in real time on every submission, on every plan.
• Email destinations are always digest-mode. Submissions accumulate and are sent in a bundled email when either the per-submission or per-time cadence floor for the plan is reached, whichever happens first. The per-plan minimum cadences are:
  • Free: every 50 submissions or daily
  • Starter: every 25 submissions or hourly
  • Pro: every 10 submissions or every 10 minutes

For real-time email-style notifications, use a Slack or webhook destination. We do not offer real-time email on any plan.

Form-submission services involve two parties with distinct responsibilities. Both need to be clear:

• You (the form operator) are the data controller for everything your forms collect. You are responsible for the lawfulness of what you collect, for obtaining any consents your jurisdiction requires from your form-fillers, for the truthfulness of the privacy notices you display to them, and for the content of the submissions themselves.
• SimpleFunctions, LLC acts as a data processor for submissions sent through RoutePost, performing only the processing necessary to deliver them to your configured destinations and to provide the dashboard and APIs described in our documentation.
• SimpleFunctions, LLC is not responsible for the content of form submissions, for how you use delivered data downstream, or for the lawfulness of the collection arrangement between you and your form-fillers.

We rely on these vendors to deliver the service:

• Supabase — primary database, authentication, and object storage
• Resend — transactional and autoresponder email
• Stripe — billing and subscription management
• DigitalOcean — application hosting
• Grafana Cloud — operational metrics, logs, and traces

This list reflects our current vendors and may change as the service evolves.

If you are a resident of the EU, UK, or Switzerland, you may have rights under the GDPR (access, rectification, erasure, restriction, portability, objection). California residents have rights under the CCPA, including the right to know what personal information is collected and to request its deletion. SimpleFunctions, LLC does not sell personal information.

To exercise any of these rights, contact legal@routepost.dev.

We follow common security practices: TLS in transit, encryption at rest at the storage layer, principle-of-least-privilege access to production systems, and audit logging on production access. We do not currently hold a third-party security certification (e.g. SOC 2). If you need one before signing on, tell us.

We may update this page as the service evolves. Material changes will be announced via in-app notice and reflected in the "Last updated" date at the top of this page.

SimpleFunctions, LLC
legal@routepost.dev