Privacy Policy

Last updated: May 12, 2026

This policy explains what RidgeLink ("we," "us," or "RidgeLink") collects when you use our service, how we use it, who we share it with, and the rights you have over your data. Plain language only — if anything here is unclear, email support@ridgelink.io.

1. Who this policy applies to

This policy applies to:

• Customers — roofing companies that subscribe to RidgeLink.
• Authorized users — owners, admins, project managers, and door-knockers who log into a customer's RidgeLink workspace.
• Visitors — anyone browsing ridgelink.io who hasn't created an account.

It does not apply to homeowners or lead contacts whose information is entered into RidgeLink by our customers. The customer is the data controller for that information; RidgeLink is the data processor. If you're a homeowner and want to access or delete information held about you, contact the roofing company that collected it.

2. Information we collect

Account information

• Name, work email address, and password (stored as a one-way hash — we never see the plaintext)
• Company name, role within the company, team size
• Phone number (optional)

Payment information

When billing goes live, payments are processed by Stripe. We don't store full card numbers on our servers — Stripe holds them. We receive only the last four digits and card brand for display purposes, plus the customer ID Stripe generates.

Lead and operational data you enter

• Property addresses, GPS coordinates of inspection visits, lead notes
• Homeowner names and contact info you record
• Photos of roofs, damage, and job sites that you upload
• Inspection schedules, claim values, status changes, comments, commission records
• Tags, audit-log entries, and any custom fields

Automatically collected

• IP address, approximate location derived from IP
• Browser type and version, device type, operating system
• Pages viewed, actions taken in the app, timestamps
• OneSignal subscription identifier when you opt in to push notifications
• Push notification delivery records

We do not use Google Analytics, Facebook Pixel, or any third-party advertising or analytics tracker on this site. We don't sell your data and we don't run behavioral ads.

3. Cookies and similar technologies

We use a small number of necessary cookies and storage items, all related to making the product work:

• Authentication session — set by Supabase so you stay logged in. Cleared when you sign out.
• Cloudflare Turnstile — sets a temporary token during login, signup, and contact-form submission to verify you're not a bot. Expires within minutes.
• OneSignal — local storage entries that remember your push-notification subscription. Only present if you've opted in to notifications.

No advertising cookies. No third-party trackers. No cross-site tracking. Because we don't use tracking cookies, no cookie banner is required for visitors in California, the EU, or elsewhere — but if we ever add one, we'll add the banner first.

4. How we use your information

• Provide, operate, and maintain the RidgeLink service
• Authenticate you and protect your account
• Process subscription payments and prevent fraud
• Send transactional email (password resets, account notifications, billing receipts)
• Send push notifications you've subscribed to (new lead, lead assigned, access requests)
• Improve the product based on aggregate usage patterns
• Respond to support requests
• Comply with legal obligations

We do not use your data to train AI models, and we don't share it with third parties for their own marketing.

5. Service providers we share data with (subprocessors)

To run the service we use the following vendors. Each has its own privacy policy and security controls.

• Supabase (Supabase, Inc., USA) — database, authentication, file storage, real-time sync. Hosts your account and lead data.
• Cloudflare (Cloudflare, Inc., USA) — DNS, content delivery, web application firewall, bot protection (Turnstile), email routing.
• SendGrid (Twilio, Inc., USA) — outbound transactional email delivery.
• OneSignal (OneSignal, Inc., USA) — push notification delivery.
• Stripe (Stripe, Inc., USA) — payment processing and subscription billing (active once billing launches).
• Iowa Environmental Mesonet / National Weather Service — public hail-report and radar data displayed on the Hail Map. We send no user data to these services; we only fetch their public data.

We do not sell, rent, or trade your personal information to anyone for any purpose.

6. Where your data is stored

RidgeLink's servers and the subprocessors above are located in the United States. If you access the service from outside the United States, your information will be transferred to and processed in the U.S.

7. How long we keep your data

• Active subscriptions: for the duration of your subscription, plus any retention required by law.
• After cancellation: we hold your account and lead data for 30 days in case you change your mind or need to export. After 30 days, your account and all associated lead data are permanently deleted.
• Backups: may persist in encrypted backups for up to 30 additional days after deletion before being overwritten.
• Billing and tax records: retained for as long as required by U.S. tax law (typically 7 years).
• Marketing inquiries: contact form submissions are kept until they're no longer relevant, then deleted.

8. Your rights

Regardless of where you live, you have the right to:

• Access — request a copy of the personal data we hold about you
• Correct — ask us to fix inaccurate information
• Delete — request that we delete your account and associated data
• Export — receive a copy of your lead data in CSV format from inside the app at any time
• Opt out of notifications — turn off push and email notifications from your account settings

To exercise any of these rights, email support@ridgelink.io. We respond within 30 days.

If you're in California (CCPA / CPRA)

You have the additional rights to (i) know what categories of personal information we collect and share, (ii) opt out of "sale" or "sharing" of your personal information — though as stated above, we don't sell or share for cross-context advertising, (iii) limit use of sensitive personal information, and (iv) be free from discrimination for exercising any of these rights.

If you're in Virginia, Colorado, Connecticut, Utah, or another state with a privacy law

You have rights similar to those above (access, correction, deletion, portability, and opt-out of certain processing). Email us at the same address and we'll handle your request the same way.

9. Security

We protect your data with:

• Encryption in transit (HTTPS / TLS) and at rest
• Row-level security in the database — every workspace is isolated; one customer cannot read another customer's leads
• Password hashing (bcrypt) — we never see plaintext passwords
• Cloudflare Turnstile bot protection on login, signup, and password reset
• Database webhook signature verification for push notifications
• Audit logs on lead activity, with author identities enforced server-side

No system is perfectly secure. If you discover a vulnerability, please email support@ridgelink.io or see our security.txt.

10. Children's privacy

RidgeLink is a business tool not intended for anyone under 18. We don't knowingly collect personal information from children. If you believe we have, contact us and we'll delete it.

11. Changes to this policy

If we make material changes, we'll update the "Last updated" date above and, for current customers, post a notice inside the app or send an email at least 14 days before the changes take effect. Continuing to use RidgeLink after that date means you accept the updated policy.

12. Contact

Questions, requests, or complaints about this policy or your data:

Email: support@ridgelink.io
Operating from: Northwest Arkansas, United States