SendaOne v0.17.153

Privacy Policy

SendaOne is a web service operated by Sergio Marroquin Cabrera (Bogota, Colombia) that converts public Google Maps URLs into GPX files for recreational GPS use. This policy describes what data we collect, on what legal basis, how long we keep it, with whom we share it, and how to exercise your rights.

It applies to the domain sendaone.com and all its subdomains. We comply with GDPR (EU), LGPD (Brazil) and Colombia's Law 1581 of 2012 (habeas data). In addition, we voluntarily apply the principles of the CCPA/CPRA (California) to the extent applicable.

1. What data we collect

We do NOT collect name, phone, physical address, age, gender, device identifier or biometric data. We do NOT sell data to third parties under any circumstance.

Under GDPR Article 6 and Colombia's Law 1581 Article 6, processing is based on:

3. Retention

4. International transfers

SendaOne runs on infrastructure in the United States (Fly.io region Ashburn IAD) behind Cloudflare (global edge network). Due to the distributed nature of Cloudflare, requests may be processed by nodes in any region of the world. Geocoding and routing queries go to Google's servers (US/EU/AP). If you reside in the European Union this constitutes an international transfer under GDPR Chapter V; we rely on the Standard Contractual Clauses approved by the European Commission (modules signed by Cloudflare and Google).

Embedded maps in the preview. While previewing routes, your browser directly downloads map images and tiles from two providers: static map images from Google Maps (server maps.googleapis.com), whose request address includes the geometry of the previewed route (encoded polyline) and its start and end markers, and OpenStreetMap tiles (servers of the OpenStreetMap Foundation, United Kingdom), whose address indicates the map area being displayed. In both cases the provider receives your IP address and, in Google's case, the sendaone.com origin as referrer (a technical requirement of the API key). These requests happen automatically when the preview is shown, are governed by the privacy policies of Google and the OpenStreetMap Foundation, and SendaOne receives no copy of them nor stores their result. If your browser blocks them, the preview falls back to a locally drawn sketch and the service keeps working.

Outbound links to map apps. While previewing routes or after a successful conversion, the interface may show "Open in Google Maps", "Open in Apple Maps" and "Open in Waze" links whose address contains the origin and/or destination of your route (the text or coordinates that came in the URL you pasted). Apart from the embedded maps described above, SendaOne sends nothing to those services on its own: the request only happens if you tap the link, it is made by your browser or device, and it is subject to the third party's privacy policy (see Apple Maps & Privacy). The links are generated with attributes that suppress the referrer: those services will not learn you came from sendaone.com.

5. Your rights

Under GDPR, CCPA, LGPD and Law 1581 you have the right to:

Since we do NOT maintain accounts or profiles tied to IP addresses, in most cases there is no personal data to access, rectify or erase. To exercise any of these rights, write to [email protected].

California residents (CCPA/CPRA): SendaOne does NOT sell or share ("sell"/"share" as defined by the CCPA) your personal information, and has not sold or shared it in the past twelve months. You have the right to know which categories we collect (here: network identifiers such as a truncated in-memory IP and aggregate country; no sensitive categories), to request their deletion, and not to be discriminated against for exercising these rights. To exercise them, write to [email protected].

6. Cookies

SendaOne does NOT use tracking cookies, does NOT use advertising cookies and does NOT use fingerprinting. It may only use a temporary session cookie for optional OAuth flows (Strava, Garmin Connect) when the user explicitly activates them.

7. Minors

The service is not directed to children under 13 —or the minimum age of digital consent that applies in your jurisdiction, e.g. 14 to 16 in the European Union—. We do not knowingly collect data from minors. If a parent or guardian believes a minor submitted data, write to [email protected] and we will delete it.

8. Data controller contact

Data controller: Sergio Marroquin Cabrera, Bogota, Colombia. Email: [email protected]. SendaOne does not appoint a formal Data Protection Officer as it does not exceed GDPR Article 37 thresholds, but the controller handles all requests directly at the same email. For the purposes of Brazil's LGPD (Article 41), the data processing officer (encarregado) is the operator, reachable at the same email.

9. Changes to this policy

Any substantial change will be announced in the site footer at least 30 days in advance. The last update date appears at the bottom.

Last updated: 2026-06-15 · Terms · Security · Contact · Versión en español