CommuteGraph.com/

Privacy Policy

Last Updated: October 16, 2025

At CommuteGraph, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Information We Collect

Account Information

When you sign up for CommuteGraph using Google Sign-In (or Apple Sign-In where available), we collect:

  • Your email address
  • Your name (if provided by the OAuth provider)
  • Profile picture (if provided by the OAuth provider)
  • Unique identifier from the OAuth provider

Usage Data

When you use our service, we collect and store on our servers:

  • Usage logs (timestamps, success/failure status) for billing and analytics
  • Credit balance and transaction history
  • API request counts and metadata
  • Rate limiting data (stored in Upstash Redis)

Data stored locally in your browser:

  • Your most recent search (origin, destination, date ranges, time window)
  • Search results and commute time data
  • Form preferences (time presets, settings)

Note: Local browser data is not transmitted to our servers and will be lost if you clear your browser data or cookies.

Payment Information

Payment processing is handled by Stripe. We do not store your full credit card information. We collect:

  • Stripe customer ID
  • Payment transaction records (amount, timestamp, status)
  • Billing email address

Cookies and Tracking

We use cookies to maintain your authentication session. These cookies are essential for the service to function. We use NextAuth.js session cookies to keep you logged in.

How We Use Your Information

We use the information we collect to:

  • Provide and maintain the CommuteGraph service
  • Process your commute time search requests via Google Routes API
  • Manage your account and authenticate you
  • Process payments and manage your credit balance
  • Enforce rate limits and prevent abuse
  • Send transaction confirmations and service updates
  • Improve our service and develop new features
  • Comply with legal obligations

Data Storage

Your data is stored in MongoDB Atlas with the following security measures:

  • Encrypted data transmission (TLS/SSL)
  • Encrypted data at rest
  • Regular security updates and monitoring
  • Access controls and authentication

Third-Party Services

We share data with the following third-party services to provide our functionality:

Google Services

We use Google OAuth (for authentication), Google Routes API (for traffic-aware commute times), and Google Geocoding API (for address processing). Your addresses are sent to Google to compute routes. Subject to Google's Privacy Policy.

Apple Sign-In

Used for authentication (where available). Subject to Apple's Privacy Policy.

Stripe

Used for payment processing. Subject to Stripe's Privacy Policy.

MongoDB Atlas

Used for database hosting. Subject to MongoDB's Privacy Policy.

Upstash Redis

Used for rate limiting to ensure fair service access. Subject to Upstash's Privacy Policy.

MapTiler

Used for map tile rendering and visualization. Subject to MapTiler's Privacy Policy.

Your Rights

Under GDPR (EU), CCPA (California), and other privacy laws, you have the right to:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and data
  • Portability: Request your data in a machine-readable format
  • Opt-out: Opt out of non-essential data processing
  • Withdraw Consent: Withdraw consent for data processing

To exercise these rights, please contact us at walshf@oregonstate.edu

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. If you request account deletion, we will delete or anonymize your data within 30 days, except where we are required to retain it for legal, tax, or regulatory purposes.

Children's Privacy

CommuteGraph is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, please contact us: