Last updated: April 20, 2026
Guardian Route collects information necessary to provide school bus fleet management services, including: district and school configuration data, student transportation assignments, vehicle GPS positions, driver and parent account details, driver phone numbers for operational messaging, and usage analytics.
We use collected data to operate and improve our fleet management platform, including route optimization, real-time tracking, parent notifications, and reporting. We do not sell personal data to third parties.
All data is encrypted in transit (TLS 1.3) and at rest. We use row-level security to ensure strict multi-tenant isolation — each district can only access its own data. Credentials and API tokens are encrypted with AES-256-GCM.
Guardian Route complies with the Family Educational Rights and Privacy Act (FERPA). Student transportation data is classified as an educational record and is only accessible to authorized district personnel. We act as a school official with legitimate educational interest under 34 CFR § 99.31(a)(1).
GPS position data is retained for 12 months and automatically partitioned by month. Other operational data is retained for the duration of the service agreement. Districts may request data export or deletion at any time.
We integrate with third-party services for specific functionality: Google Maps (routing and geocoding), Supabase (database hosting), Vercel (application hosting), Twilio (SMS, RCS, and WhatsApp messaging), and optionally Samsara (vehicle telematics). Each third-party service is bound by its own privacy policy and our data processing agreements.
When FleetMessenger is enabled, we collect and process driver mobile phone numbers for the sole purpose of sending operational text messages (SMS, RCS, and/or WhatsApp). Phone numbers are stored in our database with row-level security ensuring district isolation.
Message content, delivery status, and driver responses (YES/STOP confirmations and campaign yes/no replies) are stored to provide campaign tracking and the SMS double opt-in audit trail. Message content is limited to operational fleet communications and does not contain student personally identifiable information.
No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Mobile phone numbers and SMS opt-in data are not sold or shared with third parties for any purpose other than delivering the messages a user has consented to receive.
Phone numbers are shared with Twilio, our messaging service provider, solely for the purpose of message delivery. Twilio's privacy policy governs their handling of this data. We do not share driver phone numbers with any other third parties for any purpose.
WhatsApp opt-in status is tracked per driver. Drivers control their WhatsApp participation and can opt out at any time through their fleet administrator. WhatsApp is a separate channel governed by Meta's WhatsApp Business Platform policies and is not part of the US carrier 10DLC SMS channel.
For privacy-related inquiries, contact us at support@guardianroute.app.