Privacy Policy
Last updated: [DD Month YYYY]
This Privacy Policy explains how [DataRidge legal entity name] (“DataRidge”, “we”) collects, uses, shares, and protects personal data when you use our platform. It should be read together with our Terms of Service.
1. Controller and processor roles
For account and billing data, and for analytics about how the platform is used, DataRidge is the data controller. For the business data you upload about your own employees, clients, and operations (“Customer Data”), your organisation is the controller and DataRidge acts as a processor on your instructions — you are responsible for having a lawful basis and any notices or consents required to provide that data to us.
2. Data we collect
- Account data — name, work email, organisation details, role, and authentication identifiers.
- Customer Data — information you enter to run your business (employees, clients, suppliers, projects, invoices, finance and payroll records, documents you upload).
- Billing data — subscription, plan, and payment metadata. Card details are handled by our payment processors, not stored by us.
- Usage and device data — log data, pages and features used, IP address, and approximate location, collected to operate, secure, and improve the Service.
- Communications — messages you send us for support.
3. How we use data
- to provide, maintain, secure, and improve the Service;
- to process subscriptions and payments;
- to provide support and send service, security, and (where you have opted in) product communications;
- to monitor performance and prevent fraud or abuse;
- to comply with legal obligations and enforce our Terms.
4. Legal bases
Where applicable data-protection law requires a legal basis, we rely on: performance of our contract with you; our legitimate interests in operating and improving the Service (balanced against your rights); your consent (for example optional marketing); and compliance with legal obligations.
5. Sub-processors and sharing
We share data with vetted service providers who process it on our behalf under appropriate agreements. These currently include, among others:
- authentication and database hosting (e.g. Supabase);
- file/object storage (e.g. Cloudflare R2);
- payment processing (e.g. Stripe, and regional rails such as DPO Pay or Paynow);
- transactional email delivery (e.g. Resend);
- product analytics and error monitoring (e.g. PostHog, Sentry).
We do not sell personal data. We may disclose data if required by law or to protect rights, safety, and the integrity of the Service. A current list of sub-processors is available on request at [privacy@dataridge.io].
6. International transfers and hosting
Data is hosted in [region/data centre]. Where data is transferred across borders, we rely on appropriate safeguards required by applicable law. Tell us at [privacy@dataridge.io] if you need details of the safeguards in place.
7. Retention
We retain personal data for as long as your account is active and as needed to provide the Service. After account closure we delete or de-identify data in the ordinary course (typically within [30–90] days), except where longer retention is required by law (for example tax and accounting records) or to resolve disputes.
8. Security
We use technical and organisational measures appropriate to the risk — including encryption in transit, access controls, per-tenant isolation, and audit logging of changes. No system is perfectly secure; we encourage strong, unique passwords and will notify affected parties of a personal-data breach as required by law.
9. Your rights
Subject to applicable law, you may request access to, correction of, deletion of, or a copy of your personal data, and may object to or restrict certain processing or withdraw consent. For Customer Data where your organisation is the controller, please direct individual requests to that organisation; we will assist it as processor. Contact [privacy@dataridge.io] to exercise rights. You may also have the right to complain to your data-protection authority.
10. Applicable data-protection laws
We aim to comply with the data-protection laws of the markets we serve, including Zimbabwe's Cyber and Data Protection Act [Chapter 11:12], South Africa's POPIA, Zambia's Data Protection Act, Botswana's Data Protection Act, and, where relevant, the EU/UK GDPR. [Confirm the specific frameworks applicable to your operations with counsel.]
11. Cookies and similar technologies
We use strictly necessary cookies for sign-in and security, and limited analytics cookies/identifiers to understand product usage. You can control non-essential cookies through your browser; disabling essential cookies may break sign-in.
12. Children
The Service is for business use and is not directed to children under 18. We do not knowingly collect their personal data.
13. Changes and contact
We may update this Policy and will post the new version with a revised date; material changes will be notified as required. Contact our privacy team at [privacy@dataridge.io] or by post at [registered address].