The short version: We collect only what we need to run Ridgeline CRM. We don't sell your data. We don't share it with advertisers. Your job data, customer info, and photos belong to you. We use Google Firebase to store your data securely and Stripe to process payments.
1. Who We Are
Ridgeline CRM is operated by Maysworks, a software company based in Virginia, United States ("we," "us," or "our"). We provide cloud-based CRM and job management software for roofing contractors at ridgelinetakeoff.com.
This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the Ridgeline CRM application, website, and related services (collectively, the "Service").
By using the Service, you agree to the collection and use of information as described in this policy. This policy is incorporated into and subject to our Terms of Service.
2. Data We Collect
We collect the following categories of information:
2.1 Account and Identity Data
- Name and display name
- Email address
- Password (stored as a secure hash via Firebase Authentication — we never see your plain-text password)
- Company name and company code
- User role within your organization (admin, manager, crew leader, crew)
- Account creation date and last login
2.2 Business and Job Data
- Job records including customer names, addresses, and phone numbers
- Roofing measurements, material quantities, and calculation inputs
- Proposal content including pricing, scope of work, and selected options
- Electronic signature records (signatory name, timestamp, IP address)
- Job status, pipeline stage, and scheduling information
- Crew assignments and schedule entries
- Invoice records including amounts and payment status
- Profit and loss data per job
- Notes and custom fields you enter
2.3 Photos and Files
- Job photos uploaded through the app's camera or photo library
- Receipt photos uploaded for expense tracking
- Roof sketch drawings
2.4 Payment and Billing Data
- Subscription plan and billing status
- Transaction history (dates and amounts)
- Stripe customer ID (a reference ID, not your card number)
- Note: Full payment card details are collected and stored exclusively by Stripe — we never see or store your card number, CVV, or bank account details
2.5 Technical and Usage Data
- Device type, operating system, and browser type
- IP address
- Pages and features accessed within the app
- Timestamps of actions
- Error logs and crash reports
- Firebase performance and analytics data
2.6 Communications
- Emails or messages you send to our support team
- Feedback or feature requests you submit
3. How We Collect Data
| Method | What We Collect |
|---|
| You provide it directly | Account registration, job entry, customer info, photos, proposals, payment setup |
| Automatically when you use the app | Usage patterns, device info, IP address, error logs, feature access timestamps |
| From Firebase Authentication | Login events, authentication tokens, security activity |
| From Stripe | Subscription status, payment events, billing history (via webhook) |
| From third-party integrations | EagleView report data when you order a report; CompanyCam project data when you link your account |
4. How We Use Your Data
We use the information we collect for the following purposes:
4.1 Providing the Service
- Creating and managing your account
- Storing and syncing your job data, photos, and records across devices
- Processing subscription payments and managing billing
- Enabling team collaboration features within your company account
- Delivering proposals to your customers via shared links
- Sending invoices to your customers via Stripe
4.2 Improving the Service
- Analyzing usage patterns to understand which features are most valuable
- Diagnosing bugs, errors, and performance issues
- Developing new features and improving existing ones
4.3 Communications
- Sending transactional emails (account confirmation, password reset, billing receipts)
- Notifying you of material changes to these policies or the Terms of Service
- Responding to your support requests
- Sending product updates or announcements (you may opt out at any time)
4.4 Legal and Safety
- Complying with applicable laws and regulations
- Enforcing our Terms of Service and Acceptable Use Policy
- Detecting and preventing fraud, abuse, and security threats
- Responding to lawful requests from law enforcement or government authorities
We do not sell your personal information. We do not use your data for advertising purposes. We do not build advertising profiles.
5. How We Share Your Data
We do not sell, rent, or trade your personal information to third parties. We share data only in the following limited circumstances:
5.1 Service Providers
We share data with trusted third-party vendors who help us operate the Service. These vendors are contractually obligated to use your data only to provide services to us and not for their own purposes. Current service providers include Google Firebase, Stripe, EagleView, and CompanyCam (see Section 6 for details).
5.2 Within Your Organization
Data you enter into a company account is visible to other members of that same company account based on their assigned role. Admins and managers can view all job data. Crew members see only jobs assigned to them. You are responsible for managing user access within your account.
5.3 Your Customers
When you share a proposal link or send an invoice, your customers receive access to the specific content of that proposal or invoice, including your company branding and contact information.
5.4 Legal Requirements
We may disclose your information if required to do so by law, court order, subpoena, or other legal process, or if we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
5.5 Business Transfers
If Maysworks is involved in a merger, acquisition, sale of assets, or other business transaction, your data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.
5.6 With Your Consent
We may share your information for purposes not described in this policy with your explicit consent.
6. Third-Party Services
The Service relies on the following third-party providers. Each has their own privacy practices:
| Provider | Purpose | Data Shared | Privacy Policy |
|---|
| Google Firebase |
Authentication, database, file storage, hosting |
Account data, job data, photos, all app data |
firebase.google.com/support/privacy |
| Stripe |
Payment processing, subscription billing, invoicing |
Name, email, billing info, transaction data |
stripe.com/privacy |
| EagleView Technologies |
Aerial roof measurement reports |
Property address for measurement requests |
eagleview.com/privacy-policy |
| CompanyCam |
Photo management integration (optional) |
API token, project/photo data if linked |
companycam.com/legal/privacy |
| Google Fonts |
Typography on our website |
Browser/IP data (standard web request) |
policies.google.com/privacy |
We are not responsible for the data practices of these third-party services. We encourage you to review their privacy policies.
7. Your Customers' Data
When you use Ridgeline CRM, you may enter personal information about your customers — homeowners and property owners — including their names, addresses, phone numbers, and email addresses. This data is stored in your account and used to generate proposals and invoices on your behalf.
You are the data controller for your customers' personal information. We act as a data processor on your behalf. You are responsible for:
- Having a legal basis to collect and store your customers' personal information
- Complying with applicable privacy laws in your jurisdiction regarding how you handle customer data
- Informing your customers about how their data is used
- Responding to your customers' requests regarding their personal data
We do not use your customers' personal data for any purpose other than providing the Service to you.
8. Photos and Files
Photos and files you upload to the Service are stored securely in Google Firebase Storage. Photos are associated with specific job records in your account.
Photos are accessible to members of your company account based on their role. When you share a job gallery link, photos become accessible to anyone with that link. You are responsible for controlling who you share gallery links with.
We do not use your job photos for any purpose other than storing and displaying them within your account. We do not analyze, sell, or share photo content with third parties except as necessary to provide cloud storage through Firebase.
Upon account deletion or subscription cancellation, photos may be retained for up to 30 days before permanent deletion from our storage systems.
9. Payment Data
All payment card processing is handled exclusively by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. We do not collect, store, or have access to your full credit card number, CVV, or bank account details at any time.
We store only:
- Your Stripe customer ID (a non-sensitive reference token)
- Your subscription plan and billing status
- Payment history (dates and amounts)
For questions about how Stripe handles payment data, please review Stripe's Privacy Policy.
10. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. Specifically:
- Active accounts: All data is retained for the lifetime of the account
- After cancellation: Account data and job records are retained for a minimum of 30 days, after which they may be permanently deleted. You should export any data you need before canceling.
- After account deletion: Most data is deleted within 30 days. Some data may be retained longer where required by law (e.g., financial transaction records for tax compliance)
- Backups: Deleted data may remain in encrypted backups for up to 90 days before being overwritten
- Support communications: Retained for up to 3 years for quality assurance and legal purposes
To request early deletion of your data, contact us at support@ridgelinetakeoff.com.
11. Security
We take data security seriously and implement reasonable technical and organizational safeguards, including:
- All data transmission encrypted via HTTPS/TLS
- Data at rest encrypted in Google Firebase (AES-256)
- Firebase Security Rules that enforce role-based access control — users can only access data belonging to their company account
- Passwords stored as secure hashes via Firebase Authentication — we never store plain-text passwords
- Payment processing by Stripe (PCI-DSS Level 1 certified)
- API keys and secrets stored in Google Cloud Secret Manager, not in source code
Despite these measures, no system is completely secure. We cannot guarantee that unauthorized third parties will never be able to defeat our security measures. If you believe your account has been compromised, contact us immediately at support@ridgelinetakeoff.com.
In the event of a data breach that affects your personal information, we will notify you as required by applicable law.
12. Your Rights and Choices
You have the following rights regarding your personal information:
12.1 Access and Portability
You can access and export your job data at any time through Settings → Data → Export All Jobs. For a full copy of your personal account data, contact us at support@ridgelinetakeoff.com.
12.2 Correction
You can update your account information (name, email) at any time within the app under Settings → Account.
12.3 Deletion
You may request deletion of your account and personal data by contacting support@ridgelinetakeoff.com. We will process deletion requests within 30 days, subject to legal retention requirements.
12.4 Marketing Communications
You may opt out of non-transactional marketing emails at any time by clicking the unsubscribe link in any such email or by contacting us. You cannot opt out of transactional communications (billing receipts, security alerts, policy updates) as these are required to operate your account.
12.5 Account Data
You control all job data, customer records, and photos within your account. You can delete individual records, jobs, photos, or your entire account at any time.
13. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you
- Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions
- Right to Correct: You may request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising. No opt-out is necessary.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
To exercise your California privacy rights, contact us at support@ridgelinetakeoff.com with "California Privacy Request" in the subject line. We will respond within 45 days.
In the preceding 12 months, we have not sold personal information and do not intend to do so.
14. Children's Privacy
The Service is intended for use by business professionals and is not directed to children under the age of 13 (or 16 where applicable under GDPR). We do not knowingly collect personal information from children under 13.
If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly. If you believe we may have collected information from a child, please contact us at support@ridgelinetakeoff.com.
15. Cookies and Tracking
The Ridgeline CRM application itself does not use advertising cookies or third-party tracking. The Service uses the following limited technologies:
- Firebase Authentication tokens: Stored in browser local storage to keep you logged in. These are essential to the Service and cannot be disabled.
- Local storage: Used to cache app settings and job data for offline use as a Progressive Web App (PWA). No personal data is transmitted to third parties via local storage.
- Firebase Performance and Analytics: Basic usage analytics to understand app performance. This data is aggregated and not used for advertising.
Our marketing website (ridgelinetakeoff.com) uses Google Fonts, which may set cookies or log your IP address as part of a standard web request. We do not use advertising networks, remarketing pixels, or behavioral tracking on our website.
16. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify you via email to your registered address
- Display an in-app notice for significant changes
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this policy periodically.