RidgeCRM · operated by Niche.dev

Privacy Policy

How Niche.dev collects, uses, and protects information when you use the RidgeCRM service.

Last updated: May 2026
Effective: May 9, 2026

In plain English

When you use the RidgeCRM hosted service at ridgecrm.com, we collect and process your account information and the Customer Data you upload (contacts, leads, accounts, opportunities, emails, and similar records) so we can run the service for you. We do not sell personal information, we do not share it with advertisers, and we do not use it to train general-purpose AI models. The full details are below.

1. Who we are

The RidgeCRM hosted service is operated by Niche.dev (a brand of Huber Dev LLC; collectively "Niche.dev", "we", "us", "our"). For purposes of the GDPR (and analogous laws), Niche.dev is the data controller of personal data we collect about you as an account holder, and a data processor of Customer Data you upload about your contacts and leads.

For privacy questions or to exercise your rights, contact: nick@niche.dev.

2. Information we collect

2.1 Account & identity information

  • Name, email address, profile photo, and other information your identity provider (e.g. Google) shares with us when you sign in
  • Organization name and role within the organization
  • Acknowledgment of our beta terms (timestamp, version, IP address, and user agent — for legal record-keeping)

2.2 Customer Data you upload

When you use the hosted Service, we store and process the data you choose to put into RidgeCRM, which may include:

  • Contact, lead, account, and opportunity records
  • Email content, call logs, tasks, events, notes, and attachments
  • Custom fields, dashboards, reports, and other configuration

You are responsible for ensuring you have the rights and consents needed to upload personal data about third parties (e.g. your contacts) to the Service. See our Terms § 6.

2.3 Usage & technical data

  • Log data: IP address, device and browser information, pages viewed, request timing, error reports
  • Authentication and session data (e.g. cookies for sign-in)
  • Aggregated, de-identified product analytics

2.4 Communications you send us

Support emails, contact-form submissions, and any feedback you send us — including the contents of those messages and any attachments. We may also receive newsletter signups and survey responses.

3. How we use information & legal basis (GDPR)

PurposeExamplesLegal basis (GDPR)
Provide the ServiceAuthentication, hosting your data, displaying recordsContract (Art. 6(1)(b))
Security & abuse preventionLogging, rate-limiting, blocking attacks, investigating AUP violationsLegitimate interest (Art. 6(1)(f))
Service-related communicationsOutage notices, security alerts, billing emails, terms updatesContract (Art. 6(1)(b))
Marketing communicationsProduct announcements, newslettersConsent (Art. 6(1)(a)) — you can unsubscribe at any time
Legal compliance & defenseResponding to subpoenas, beta acknowledgment records, fraud preventionLegal obligation (Art. 6(1)(c)) & legitimate interest (Art. 6(1)(f))
Product improvementAggregated analytics, error monitoringLegitimate interest (Art. 6(1)(f))

We do not:

  • sell or rent personal information to third parties;
  • share Customer Data with advertisers or data brokers;
  • use Customer Data to train general-purpose machine-learning models without your separate written consent.

4. Sub-processors & service providers

To operate the hosted Service, we use vetted third-party providers ("sub-processors") that may process personal data on our behalf. We require contractual data-protection commitments from each. Categories include:

  • Cloud hosting & database — hosting and storage of the application and database
  • Identity providers — authentication via Google (and any future providers we add)
  • Email delivery — transactional and notification email
  • Error and performance monitoring — if and when configured
  • Customer communication tools — help desk, in-app chat, ticketing (if and when configured)
  • Payment processing — once paid plans are launched

A current, named sub-processor list is available on request from nick@niche.dev. We will provide reasonable advance notice of new sub-processors via our website or email so paid customers may object.

5. International data transfers

We are based in the United States, and our infrastructure and sub-processors may be located in the U.S. or other countries. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. or other jurisdictions where our sub-processors operate.

Where required by EU or UK law, we rely on appropriate transfer mechanisms such as the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum) to safeguard cross-border transfers.

6. How long we keep information

We retain personal data only as long as necessary for the purposes described in this Policy or as required by law:

  • Active account data: for as long as your account is active.
  • Customer Data on the free / beta plan: may be deleted at any time without notice (see Terms § 0); we strongly recommend exporting backups regularly.
  • Customer Data on paid plans: retained per the applicable order form and deleted within 60 days of account termination unless a longer period is required by law.
  • Logs and security data: typically up to 90 days, or longer when needed for security investigations or legal obligations.
  • Beta acknowledgment records: retained for as long as we operate the Service, plus the applicable statute of limitations, for legal-defense purposes.
  • Billing records: retained as required by tax and accounting laws (typically 7 years).

7. Cookies & similar technologies

We use the following categories of cookies and local storage:

  • Strictly necessary — session, organization selection, CSRF protection. These cannot be disabled and we do not require consent for them.
  • Functional — remembering preferences such as dark mode, dismissed banners, and your beta-terms acknowledgment.
  • Analytics — aggregated, privacy-respecting analytics to understand usage; only used where permitted by law and your consent (where required).

You can clear cookies and local storage in your browser at any time. Doing so may sign you out and reset preferences.

8. Your rights & choices

Depending on where you live, you may have the following rights with respect to your personal information:

EEA / UK (GDPR / UK GDPR)

  • Access
  • Rectification
  • Erasure ("right to be forgotten")
  • Restriction of processing
  • Portability
  • Object to processing
  • Withdraw consent at any time
  • Lodge a complaint with your supervisory authority

California (CCPA / CPRA)

  • Know what personal information we collect
  • Delete personal information
  • Correct inaccurate personal information
  • Opt out of "sale" or "sharing" of personal information — we do not sell or share for cross-context behavioral advertising
  • Limit use of sensitive personal information
  • Non-discrimination for exercising your rights

To exercise any of these rights, email nick@niche.dev from the address on file. We will verify your identity and respond within the timeframes required by applicable law (typically 30 days under GDPR, 45 days under CCPA, extensible where allowed). For Customer Data about your contacts, please direct requests to your organization's account administrator first — we will assist but generally cannot disclose data to non-account-holders.

9. Security & breach notification

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (HTTPS/TLS), encryption at rest where feasible, access controls, and audit logging.

However, no system is perfectly secure. If we determine that a security incident has resulted in unauthorized access to or disclosure of your personal information, we will notify you and any required regulator without undue delay and as required by applicable law. We strongly encourage you to use unique credentials, enable any available multi-factor authentication, and report suspected incidents to nick@niche.dev.

As a free / beta service, we do not commit to a specific RTO/RPO or notification timeline beyond what applicable law requires (see Terms § 0). Paid plans may carry additional commitments.

10. Children's privacy

The Service is not directed to children under 13 (or under 16 in the EEA / UK), and we do not knowingly collect personal information from such children. If you believe a child has provided us personal information, please contact nick@niche.dev and we will promptly delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. For material changes, we will provide additional notice (e.g. email or in-product banner). Your continued use of the Service after the update takes effect means you accept the updated Policy.

12. Contact us

For privacy-related questions, requests, or complaints, contact:

Operator: Niche.dev (a brand of Huber Dev LLC).

If you are in the EEA or UK and we are unable to resolve your concern, you have the right to lodge a complaint with your local data-protection supervisory authority. We do not currently have an EU representative; one will be appointed if and when required by Article 27 GDPR.

Questions about your privacy?

We're a small team and we read every email. Reach out anytime.

Email nick@niche.dev Read Terms of Service