Privacy Policy

Last Updated: October 19, 2025

Effective Date: October 19, 2025

1. Introduction

This Privacy Policy describes how Ridgebit LLC ("Retinue," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use the Retinue web application and services (the "Service").

We are committed to protecting your privacy and being transparent about our data practices. Please read this policy carefully to understand how we handle your personal information.

1.1 Scope

This Privacy Policy applies to all users of Retinue and covers: - Information we collect - How we use your information - How we share your information - Your privacy rights and choices - How we protect your information

1.2 Contact Information

Data Controller: Ridgebit LLC Email: info@ridgebit.net Address: 105 Plumb Rd, Middletown, CT 06457, United States

2. Information We Collect

2.1 Information You Provide Directly

Account Information

When you register for Retinue, we collect: - Email address (required for account creation and communication) - Password (stored as a cryptographic hash using bcrypt) - Full name (for personalization)

Conversation Data

When you use the AI assistant, we collect and store: - Messages you send to the assistant - AI responses generated for you - Conversation metadata (timestamps, message IDs)

Purpose: To provide the AI assistant service, maintain conversation history, and improve service quality.

Todo Items

When you create todos, we collect: - Todo content (task descriptions) - Todo metadata (due dates, completion status, creation timestamps)

Purpose: To provide task management functionality.

Preferences and Settings

We collect your preferences including: - Assistant personality preferences (customization of AI behavior) - Custom instructions for the AI assistant - Scheduling preferences (default meeting durations, availability) - Locale settings (language, timezone)

Purpose: To personalize your experience with Retinue.

2.2 Information from Third-Party Services

Google Calendar Integration (Optional)

If you connect your Google Calendar, we collect and store: - OAuth 2.0 access tokens (to access your calendar) - OAuth 2.0 refresh tokens (to maintain access) - Token expiration data - Google account ID (to identify your calendar)

We do NOT store your Google password.

When accessing your calendar, we may receive: - Calendar events (titles, descriptions, times, locations, attendees) - Calendar metadata (calendar names, settings)

Purpose: To provide calendar integration features, including reading and managing your calendar events on your behalf.

Data Retention: OAuth tokens are stored securely in our database and are deleted when you disconnect your Google Calendar or delete your account.

2.3 Automatically Collected Information

Technical Information

We automatically collect: - IP address (for security and analytics) - Browser type and version - Device type - Operating system - Access times and dates

Purpose: Security monitoring, troubleshooting, and service improvement.

Cookies and Similar Technologies

We use the following types of cookies: - Essential cookies: Required for authentication and service functionality (session management via JWT tokens)

Your Choice: You can control cookies through your browser settings, but disabling essential cookies may affect service functionality.

Third-Party Cookies: We do not use third-party analytics or advertising cookies.

2.4 Information We Do NOT Collect

We do not intentionally collect: - Sensitive personal information (health data, financial account details, government IDs) - Information about children under 13 without parental consent - Precise geolocation data - Biometric data

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Provision

• Account Management: Create and maintain your account
• Authentication: Verify your identity and maintain secure sessions
• AI Assistant: Process your messages through Claude AI to provide responses
• Calendar Integration: Access and modify your Google Calendar as requested
• Todo Management: Store and manage your task lists
• Personalization: Customize the service based on your preferences

3.2 Communication

• Service Updates: Notify you about changes to the Service
• Security Alerts: Inform you of security issues affecting your account
• Support: Respond to your inquiries and provide customer support
• Billing: Send payment receipts and subscription information (for paid tiers)

3.3 Security and Fraud Prevention

• Security Monitoring: Detect and prevent unauthorized access
• Fraud Prevention: Identify and prevent fraudulent activity
• System Integrity: Maintain the security and integrity of our Service

3.4 Analytics and Improvement

• Usage Analysis: Understand how users interact with Retinue
• Service Improvement: Identify bugs, optimize performance, develop new features
• Research and analytics using anonymized data only

3.5 Legal Compliance

• Legal Obligations: Comply with applicable laws and regulations
• Legal Process: Respond to legal requests (subpoenas, court orders)
• Rights Protection: Enforce our Terms of Use and protect our rights

4. How We Share Your Information

4.1 Third-Party Service Providers

We share your information with the following third parties:

Anthropic (Claude AI)

What we share: Your conversation messages, user ID Purpose: AI processing to generate assistant responses Data Processing: Anthropic processes your messages according to their Privacy Policy Location: United States Their Policy: https://www.anthropic.com/legal/privacy

IMPORTANT: When you use Retinue's AI assistant, your messages are sent to Anthropic. We recommend reviewing Anthropic's privacy practices.

Google LLC

What we share: OAuth tokens, calendar access requests Purpose: Google Calendar integration Data Processing: Google processes calendar data according to their Privacy Policy Location: United States and other jurisdictions Their Policy: https://policies.google.com/privacy

Note: You grant Google Calendar permissions directly through Google's OAuth flow. You can revoke access at any time.

Hosting Provider

What we share: All data stored in our database Purpose: Infrastructure and data storage Location: United States (servers located in New Jersey, Virginia, Ohio, or Miami - subject to change) Security: Industry-standard security measures including encryption at rest and in transit

4.2 Other Sharing Scenarios

We may share your information in the following circumstances:

Business Transfers

In connection with any merger, sale of company assets, financing, or acquisition of all or part of our business, your information may be transferred. We will notify you of any such change and any choices you may have.

Legal Requirements

We may disclose your information if required by law or in response to: - Subpoenas, court orders, or legal process - Requests from law enforcement or government authorities - Protection of our rights, property, or safety - Prevention of fraud or illegal activity

With Your Consent

We may share your information for other purposes with your explicit consent.

4.3 What We Do NOT Do

We do NOT: - Sell your personal information to third parties - Share your data with advertisers or marketing companies - Use your data for purposes unrelated to providing the Service - Share your Google Calendar data except as necessary for Service functionality

5. Data Security

5.1 Security Measures

We implement industry-standard security measures to protect your information:

Technical Safeguards: - Encryption in Transit: All data transmitted over HTTPS/TLS - Password Security: Passwords hashed using bcrypt (one-way cryptographic hash) - OAuth Token Security: Tokens stored securely in encrypted database fields - Access Controls: Limited employee access to personal data - Database Security: Secure PostgreSQL database with access controls

Organizational Safeguards: - Employee Training: Staff trained on data protection - Access Policies: Strict access control policies - Incident Response: Procedures for security breach response

5.2 Data Transmission

Your communications with Retinue are encrypted using HTTPS. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

5.3 Third-Party Security

We cannot control the security practices of third-party services (Anthropic, Google). We encourage you to review their security practices.

5.4 Your Responsibility

You are responsible for: - Maintaining the confidentiality of your password - Logging out of your account when using shared devices - Notifying us immediately of any suspected unauthorized access

5.5 Data Breach Notification

In the event of a data breach affecting your personal information, we will: - Notify relevant authorities as required by law - Inform affected users without undue delay - Provide information about the nature of the breach and steps being taken

6. Data Retention

6.1 Retention Periods

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy.

Specific Retention Periods:

• Account Information: Retained while your account is active
• Conversation History: Retained while your account is active
• Todo Items: Retained while your account is active
• OAuth Tokens: Retained until you disconnect Google Calendar or delete your account
• Server Logs: Retained for 90 days for security purposes

6.2 Account Deletion

When you delete your account: - Immediate Deletion: Account credentials and personal identifiers deleted within 14 days - Data Removal: Associated data (messages, todos, preferences) deleted within 14 days - Backups: Data in backups deleted within 14 days - Legal Retention: Some data may be retained if required by law

6.3 Anonymized Data

We may retain anonymized, aggregated data indefinitely for analytics and service improvement. This data cannot identify you personally.

7. Your Privacy Rights

7.1 General Rights (All Users)

Access: You can access your personal information through your account settings.

Correction: You can update your account information, preferences, and settings.

Deletion: You can delete your account and request deletion of your personal information.

Data Portability: You can request a copy of your data in machine-readable format by contacting us at info@ridgebit.net.

Revoke Consent: You can withdraw consent for optional features (e.g., disconnect Google Calendar).

7.2 Additional Rights for California Users (CCPA/CPRA)

If you are a California resident, you have the right to:

Know: Request disclosure of personal information collected, used, or shared in the past 12 months.

Delete: Request deletion of personal information (subject to exceptions).

Opt-Out: Opt out of the "sale" or "sharing" of personal information. Note: We do not sell or share personal information.

Non-Discrimination: Not be discriminated against for exercising CCPA rights.

Correct: Request correction of inaccurate personal information.

Limit Use: Limit use and disclosure of sensitive personal information.

California Shine the Light: We do not share personal information with third parties for their direct marketing purposes.

7.3 Exercising Your Rights

To exercise any of these rights: - Email us: info@ridgebit.net - Account Settings: Use in-app tools to manage your data - Delete Account: Use the account deletion feature

Verification: We may require verification of your identity before processing requests.

Response Time: We aim to respond within 45 days (may be extended to 90 days for complex requests).

No Fee: We do not charge a fee for processing valid requests (except for manifestly unfounded or excessive requests).

8. International Data Transfers

8.1 Data Location

Your personal information may be transferred to and processed in the United States, including: - United States (Anthropic, Google, our servers)

8.2 Your Consent

By using Retinue, you consent to the transfer of your information to the United States for processing as described in this Privacy Policy.

9. Children's Privacy

Retinue is intended for users 13 years of age and older. We comply with the Children's Online Privacy Protection Act (COPPA).

If you are under 13: - You must have your parent or guardian's permission to use Retinue - We may request parental consent for your use of the Service

If we discover that we have collected information from a child under 13 without parental consent: - We will delete the information as soon as possible - We will terminate the account

If you believe a child under 13 has provided us with personal information without parental consent: - Please contact us immediately at info@ridgebit.net

Parents/Guardians: You have the right to review, delete, or refuse further collection of your child's personal information by contacting us.

10. Third-Party Links and Services

Retinue may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties.

Your Responsibility: - Review privacy policies of third-party services you use through Retinue - Understand that we are not responsible for third-party data practices

Third-Party Services Currently Integrated: - Anthropic Claude: https://www.anthropic.com/legal/privacy - Google Calendar: https://policies.google.com/privacy

11. Do Not Track Signals

Some browsers transmit "Do Not Track" signals. Currently, we do not respond to Do Not Track signals because: - There is no industry standard for compliance - We do not track users across third-party websites - We only use essential cookies for service functionality

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features.

12.1 Notification of Changes

We will notify you of material changes by: - Posting the updated Privacy Policy on the Service - Updating the "Last Updated" date - Sending an email to your registered email address for significant changes

12.2 Review Obligation

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

12.3 Material Changes

If we make material changes that significantly affect your privacy rights: - We will provide prominent notice - You will have the option to delete your account if you do not agree

13. Your Responsibilities

While we take measures to protect your privacy, you also have responsibilities:

Account Security: - Choose a strong, unique password - Keep your credentials confidential - Log out when using shared devices - Report suspicious activity immediately

Data Accuracy: - Provide accurate information - Update your information when it changes - Review calendar entries created by the AI

Third-Party Services: - Review privacy policies of integrated services - Understand permissions granted to Retinue - Manage third-party access through your accounts

Conversation Content: - Do not share sensitive personal information unnecessarily - Understand that messages are processed by AI - Remember that conversations are stored

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Ridgebit LLC 105 Plumb Rd Middletown, CT 06457 United States

Email: info@ridgebit.net

Response Time: We aim to respond to all inquiries within 5 business days (we strive for within 24 hours, but cannot guarantee this timeframe).

For Data Subject Requests: Email info@ridgebit.net with "Privacy Request" in the subject line.

This Privacy Policy was last updated on October 19, 2025 and is effective as of October 19, 2025.

By using Retinue, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal information as described herein.