Privacy Policy

1. Information we collect

We collect the following categories of information:

• Account information. Name, email, phone number, role (owner, manager, worker, client), and the company you are linked to.
• Business operations data. Jobs, schedules, time entries, client records, equipment, chemical logs, invoices, estimates, proposals, payments, photos, and notes that you or your team enter.
• Location data. If you opt in to GPS clock-in, we record approximate device location at the moment of clock-in and clock-out for time-verification purposes. Location is not tracked between clock events.
• Payment information. Billing details for your subscription are processed by Stripe. We do not store full card numbers on our servers; we retain only Stripe customer and subscription identifiers.
• SMS and phone numbers. If your company uses SMS, we store client and worker phone numbers, opt-in status, message content, delivery metadata, and inbound replies routed through Twilio.
• Device and usage information. IP address, browser type, OS, device identifiers, push notification tokens, and basic interaction logs used for security and reliability.
• AI-feature inputs. When you use AI tools (invoice draft, proposal, employee insight, forecast, etc.), the prompts and relevant business data you submit are sent to OpenAI to generate the response.

2. How we use information

• Operate, maintain, and improve the Service.
• Authenticate users and enforce company-level access controls.
• Process subscription payments and generate invoices through Stripe.
• Sync invoices and customers with QuickBooks Online when you connect that integration.
• Generate AI drafts (estimates, invoices, proposals, contracts, insights) at your request.
• Send push notifications, email digests, SMS (when enabled by your company), and other communications recipients have opted in to.
• Detect, prevent, and respond to fraud, abuse, security incidents, or violations of our Terms.
• Comply with legal obligations.

3. How we share information

We share information only as described below. We do not sell personal information.

• Within your company. Data you enter is shared with other users of your company account according to their assigned role. Owners and managers can see all company data; workers and clients see only what is relevant to them.
• Service providers. We use Google Firebase (authentication, Firestore, Cloud Functions, Storage, hosting), Stripe (payments and Stripe Connect), Intuit / QuickBooks Online (accounting sync, when you connect it), Twilio (SMS when your company enables it), OpenAI (AI feature responses), and Expo (push notifications).
• Legal. When required by law, subpoena, or to protect rights, safety, and property.
• Business transfers. If we are involved in a merger, acquisition, or asset sale, data may transfer subject to the receiving party honoring this Policy.

4. SMS messaging

When a company enables SMS in Ridgemark, we process phone numbers and message content to deliver notifications (such as payment reminders or “on my way” alerts) and optional two-way texting with clients. Twilio is our SMS delivery provider.

• Consent. Companies must obtain appropriate consent before texting clients or workers. Clients can manage SMS opt-in from their profile; STOP replies are honored where configured.
• Retention. SMS threads and delivery logs are retained while your company account is active, consistent with our general retention policy below.
• No sale of SMS data. We do not sell phone numbers or message content. Twilio processes messages solely to deliver the Service.

5. Data retention

We retain account and business data for as long as your company maintains an active account. After cancellation we keep data for up to 90 days to allow reactivation, then delete or anonymize it unless we are required to retain it longer for legal, tax, or accounting reasons.

6. Security

We use industry-standard safeguards including encryption in transit (HTTPS), encryption at rest (Google Cloud), role-based access controls, and Firebase Security Rules that isolate data between companies. No system is perfectly secure; you are responsible for keeping your login credentials confidential.

7. Your choices and rights

• Access & correction. Most personal information can be viewed and edited from within the app. Contact us if you need help.
• Deletion. You may request deletion of your account by emailing support@ridgemarkhq.com. Company owners are responsible for deleting their company workspace.
• Location. You can disable GPS clock-in at any time from your device settings or from the company settings inside the app.
• SMS. Clients can update SMS opt-in from their Ridgemark profile. Company owners control whether SMS automations are enabled. Reply STOP to opt out of texts from a company when supported.
• Notifications. Push and email preferences are configurable in Settings > Notification preferences.
• State & regional rights. If you are in California, the EU/UK, or another jurisdiction with applicable privacy laws, you may have additional rights to access, correct, port, or delete your data. Contact us to exercise them.

8. Children

The Service is intended for business use and is not directed to children under 16. We do not knowingly collect personal information from children.

9. International users

The Service is operated from the United States. By using the Service you consent to processing of your information in the United States, which may have different data-protection laws than your country.

10. Changes to this policy

We may update this Policy. Material changes will be announced via in-app notice or email. The “Effective” date above indicates the latest revision.

11. Contact us

Questions or requests about this Policy: support@ridgemarkhq.com.