Legal
Privacy Policy
Effective June 10, 2026 · Last updated June 10, 2026
1. Introduction
This Privacy Policy explains how RingerLabs ("RingerLabs," "we," "us," or "our") collects, uses, and protects your personal information when you use ringerlabs.net or any services we provide.
Our server infrastructure is operated by Hetzner in Nuremberg, Germany (EU). All personal data we collect is stored in the European Union under EU data protection standards.
2. Who We Are
Data Controller: RingerLabs
Location: Bakersfield, California, USA
Contact: [email protected]
Our services are primarily directed at businesses in the United States. We do not actively market to the European Economic Area, but we respect applicable data protection frameworks for any EEA users — see Sections 5 and 12 for our GDPR-specific commitments.
3. Information We Collect
| Category | What We Collect | Source |
|---|---|---|
| Account Data | Name, email address, username, hashed password | You, at registration |
| Auth Logs | IP address, browser/device type (user agent), session timestamps | Automatic, on login |
| Billing Data | Stripe customer ID, subscription tier and status. Payment card numbers are collected and stored by Stripe, not by us. | You, via Stripe |
| Project Data | Website theme preferences, project notes, site approval history | You, during onboarding |
| Contact Form | Name, email, service interest, message | You, via contact form |
| Preferences | Email notification settings | You, in account settings |
| Technical Logs | IP address and user agent associated with site publish events | Automatic, on site actions |
We do not use website analytics tools, tracking pixels, or behavioral advertising on ringerlabs.net. We may also collect other incidental data necessary to operate the platform — such as consent records, service agreement signatures, in-app notifications, and application access grants — used solely to deliver and maintain the services.
4. How We Use Your Information
We use your personal information to:
- Create and manage your account
- Build, deliver, host, and maintain your website
- Process payments and manage your subscription
- Send transactional emails (account confirmations, password reset, billing receipts)
- Respond to contact form submissions and support requests
- Maintain platform security (authentication logs, IP records)
- Comply with legal obligations
We do not use your personal information for automated decision-making that produces legal or similarly significant effects. Our automated scoring (such as the Rate My Site audit tool) applies to websites, not individuals.
5. Legal Basis for Processing (GDPR)
Where applicable, our legal bases for processing personal data under the General Data Protection Regulation are:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and management | Contract performance (Art. 6(1)(b)) |
| Website build and hosting | Contract performance (Art. 6(1)(b)) |
| Payment processing | Contract performance (Art. 6(1)(b)) |
| Authentication and session logs | Legitimate interest — platform security (Art. 6(1)(f)) |
| Transactional emails | Contract performance (Art. 6(1)(b)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
6. Third-Party Service Providers
We share your personal information only with the following service providers that process data on our behalf:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Stripe | Payment processing | Name, email, billing address, Stripe customer ID | USA |
| Resend | Transactional email delivery | Name, email address | USA |
| Cloudflare | CDN, DDoS protection, DNS | IP address, HTTP request data | Global |
| Hetzner | Server hosting (database + application) | All data we collect | Germany (EU) |
| Anthropic | AI analysis (Rate My Site audit tool) | Submitted URL, captured page content | United States |
RingerLabs does not authorize these providers to use your data for purposes other than providing services to us. We have a Data Processing Agreement in place with Hetzner covering EU-hosted data.
7. Data Retention
| Data Category | Retention Period |
|---|---|
| Active account data | Until account deletion + 30–90 days |
| Authentication / session logs | 30–90 days from creation |
| Technical logs (site publish events) | Up to 1 year |
| Billing records (invoices, Stripe IDs) | 7 years (US tax recordkeeping requirements) |
| Contact form submissions | 24 months from submission |
| Marketing consent records | Duration of consent; proof retained indefinitely |
| Submitted URLs + free scan reports (Rate My Site) | 30 days after completion |
| Paid audit reports (Rate My Site) | Retained for the life of the account |
| Captured page content and screenshots (Rate My Site) | Not retained beyond processing |
Billing and financial records are retained for 7 years regardless of account status or deletion requests, as required by US federal and California tax law. Deletion requests for these records will be honored to the extent permitted by law.
8. Cookies
We use only the following cookies on ringerlabs.net:
| Cookie | Type | Purpose | Expiry |
|---|---|---|---|
| Auth session | Strictly necessary | Maintains your login session | Session |
| sidebar_collapsed | Functional | Remembers your sidebar layout preference | 1 year |
We do not use analytics cookies, advertising cookies, or any third-party tracking cookies. No consent banner is required or presented.
9. Data Security
We implement commercially reasonable technical and organizational measures to protect your personal information, including encrypted data in transit (TLS/HTTPS via Cloudflare), access controls, hashed passwords, and regular backups. No transmission over the internet is 100% secure, and we cannot guarantee absolute security.
10. Your Rights
10.1 Rights for All Users
You may contact us at any time to:
- Access the personal information we hold about you
- Correct inaccurate information
- Request deletion of your account and personal information
- Export a copy of your account data
10.2 GDPR Rights (EU Users)
If your data is subject to the GDPR, you additionally have the right to: restriction of processing; data portability in a structured, machine-readable format; object to processing based on legitimate interests; and lodge a complaint with your national supervisory authority.
10.3 California Rights (Voluntary)
Although RingerLabs may not currently meet the thresholds that legally require CCPA/CPRA compliance, we voluntarily extend the following rights to California residents: the right to know what information we collect and how it is used; the right to delete personal information (subject to retention exceptions); and the right to correct inaccurate personal information.
10.4 How to Submit a Request
Email [email protected] with the subject line "Data Rights Request." We will verify your identity before processing any request and respond within 30 days (extendable to 45 days with notice for complex requests).
11. Children's Privacy
Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us at [email protected] and we will delete it promptly.
12. Data Hosted in the European Union
Our servers are operated by Hetzner in Nuremberg, Germany (EU-Central). All personal data we collect is stored in the European Union and is subject to the data protection standards of the EU, including the GDPR. A Data Processing Agreement is in place with Hetzner.
For US-based users, data stored in the EU is generally subject to stronger legal protections than US federal law provides. We do not transfer your data out of the EU except through the service providers listed in Section 6, each of which implements appropriate safeguards.
13. No Sale of Personal Information
RingerLabs does not sell, rent, or trade your personal information to third parties for their own marketing or commercial purposes. We do not share personal information for cross-context behavioral advertising.
14. Data Breach Notification
In the event of a data breach affecting your personal information, RingerLabs will notify affected users and relevant authorities as required by applicable law, including California Civil Code § 1798.82 (within 45 days for California residents) and, where applicable, GDPR Article 33 (within 72 hours to the relevant supervisory authority).
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email and by updating the "Last Updated" date at the top of this page. Continued use of the services after the effective date of any change constitutes acceptance.
16. Contact
For privacy questions, data requests, or concerns:
Email: [email protected]
Business: RingerLabs
Location: Bakersfield, California, USA