Skip to content
← Back
RidgeCommand RidgeCommand

Privacy Policy

Last updated: 2 May 2026 — PenguinRidge Ltd

Contents
  1. Who we are
  2. What data we collect
  3. How we use your data
  4. AI processing — important
  5. Legal basis
  6. Third-party processors
  7. Data retention
  8. Cookies
  9. Your rights
  10. Security
  11. Changes to this policy
  12. Contact us

1. Who we are

RidgeCommand is a product of PenguinRidge ("we", "us", "our"). We are a software company based in the United Kingdom. When we refer to "RidgeCommand", we mean the web application available at this domain.

We are the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact: hello@penguinridge.co.uk

2. What data we collect

We collect only what is necessary to provide the service:

  • Account data: Email address, username, and a hashed password (we never store your password in plain text).
  • Task data: Tasks you create, including text, dates, tags, themes, priority, and completion status.
  • Habit data: Habits you define and your daily check-in history.
  • Journal data: Journal entries including date, mood, energy level, free-text content, gratitude, and reflection fields. All journal content is encrypted at rest using AES-128 encryption.
  • Story data: AI-generated stories created from your journal entries, stored encrypted.
  • Health data (optional): If you connect a wearable or enter data manually, we store daily health snapshots: sleep hours, sleep quality, steps, resting heart rate, and stress level. Each record is tagged with its source — garmin, oura, or manual — and that tag is included in your data export. Health data is special category data under UK GDPR and is only ever collected after you explicitly connect a device or enter it yourself. You can disconnect a wearable at any time in Settings; doing so stops further sync but does not delete historical snapshots unless you also delete your account.
  • Session data: An anonymous session token stored in a cookie to keep you signed in.
  • Technical logs: Anonymous request logs for error monitoring (no personal content included).

We do not collect payment card details, government ID, or location data. Biometric data is collected only via the optional wearable integrations described above — never from your device's sensors directly. We do not run advertising or sell data to any third party.

3. How we use your data

  • To provide the service: Storing your tasks, habits, and journal entries so you can access them.
  • To keep you signed in: Session cookies allow you to stay authenticated between visits.
  • To send account emails: Password reset emails, and account activation or deactivation notifications. These are transactional only — we do not send marketing emails without your explicit opt-in.
  • To power AI features: When you use AI features (journal story transformations, writing prompts, tidy-up), the relevant text is sent to our AI provider. See Section 4.
  • To monitor application health: Anonymous request metrics and error logs help us detect and fix problems.

4. AI processing — please read this

When you use any AI feature in RidgeCommand, relevant text from your account is sent to Anthropic's Claude API for processing. This includes:

  • Journal entry content (for story transformations, tidy-up, and analysis)
  • Gratitude and reflection fields (when AI features are applied to those sections)

Anthropic processes this data on our behalf as a data processor under a data processing agreement. Your journal text is sent only when you actively trigger an AI feature — it is not continuously monitored or transmitted.

Anthropic's data handling: Anthropic does not use API data to train their models by default. For details, refer to Anthropic's Privacy Policy.

Before your first AI feature use, you will be asked to explicitly confirm you understand and accept this processing. You can revoke this consent at any time in Settings — doing so will disable AI features for your account.

If you do not wish your journal content to be processed by Anthropic, do not use the AI features. All core tasks, habits, and journal writing functions work without any AI processing.

6. Third-party processors

We share data only with processors necessary to deliver the service:

ProviderPurposeData shared
Anthropic (USA)AI feature processingJournal text (content, gratitude, reflection, mood, energy), only when you trigger an AI feature and have given explicit consent. No account data is sent.
Stripe (Ireland / USA)Payment processing and subscription managementYour email address, username, a Stripe customer ID, chosen plan, and payment status. Card details are entered directly into Stripe — they never touch our servers. Governed by Stripe's standard Data Processing Addendum, which applies automatically to all business accounts.
Email delivery (configured SMTP provider)Transactional emails only — verification, password reset, password-changed notifications, account approval, optional weekly accountability summaryRecipient email address, your username, and the body text of the specific transactional email. Open/click tracking is explicitly disabled. We do not send marketing emails. Our production SMTP provider operates under a written Data Processing Agreement.
Sentry (optional)Error and performance monitoringOnly enabled when a DSN is configured. send_default_pii is set to false, so no email, user ID, IP, or request bodies are transmitted — only stack traces, release version, and sampled request durations. Governed by Sentry's standard Data Processing Addendum.
Google (optional)Sign in with GoogleWe request OpenID, email, and profile scopes. Google shares your email address and display name with us to create or link your account. Only activated if you click "Sign in with Google".
Microsoft (optional)OneNote integrationOAuth token for OneNote API access. We read OneNote notebook and page content to power theme analysis. Only activated if you connect your Microsoft account in Settings.
Trello (optional)Task export to TrelloOAuth token for Trello API access. We send task names and descriptions to create Trello cards when you use the export feature. Only activated if you connect Trello in Settings.
Garmin Ltd (optional)Wearable health data syncOAuth token for Garmin Connect API. We receive daily sleep, steps, resting heart rate, and stress data via webhooks. Only activated if you connect Garmin in Settings.
Oura Health Oy (optional)Wearable health data syncOAuth token for Oura Ring API. We receive daily sleep and readiness data. Only activated if you connect Oura in Settings.
Hetzner Online GmbH (Germany)Hosting infrastructureAll data stored on servers in EU data centres

All processors named above operate under a written Data Processing Agreement (DPA) that contractually restricts them to processing on our documented instructions, as required by Article 28 of the UK GDPR. Repository compliance notes for Anthropic, Stripe, and Sentry are maintained in the internal processor DPA register. Optional processors (Google, Microsoft, Trello, Garmin, Oura) are only activated by your explicit action. We do not share your data with advertisers, analytics companies, or any other third party.

7. Data retention

  • Account and content data: Retained for as long as your account is active.
  • Deleted items: Tasks, habits, and journal entries are soft-deleted and permanently purged after 7 days.
  • Sessions: Expired sessions are automatically purged after 7 days.
  • Password reset and email verification tokens: Purged once used, or within 1 day of expiry.
  • Push notification subscriptions: Automatically deleted after 180 days without a successful notification send.
  • Waitlist emails: Retained until you register an account (then deleted), or 12 months — whichever comes first.
  • Cancellation survey responses: Retained for up to 12 months after account deletion, then purged.
  • Admin audit logs: Retained for up to 24 months so we can investigate disputes or suspected account compromise. Purged automatically after that.
  • AI usage logs and feature-usage events: Retained for up to 12 months, then purged. Cascade-deleted immediately if you delete your account.
  • On account deletion: All your data is permanently deleted immediately, including historical health snapshots. There is no recovery after account deletion.
  • Backups: Encrypted database backups are retained for up to 30 days for disaster recovery, then automatically purged.

8. Cookies

We use only strictly necessary cookies. No advertising, tracking, or analytics cookies are used — and no third-party cookies are set by any page on this site.

CookiePurposeDuration
session_idKeeps you signed in between page loads7 days
csrf_tokenProtects against cross-site request forgery attacksSession

Because these cookies are strictly necessary for the service you have requested, we do not require your consent to set them under Regulation 6(4) of the Privacy and Electronic Communications Regulations (PECR). You can disable cookies in your browser, but the application will not function without them.

Future non-essential cookies: We do not currently use analytics, advertising, or any other non-essential cookies. If we ever introduce any, we will display a granular cookie consent banner before such cookies are placed, and you will be able to accept, reject, or customise your choices at that point. Until then, no banner is shown because there is nothing to consent to.

9. Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: Request a copy of all data we hold about you.
  • Right to rectification: Correct inaccurate data.
  • Right to erasure: Delete your account and all associated data. Available directly in Settings → Account → Delete Account.
  • Right to data portability: Export all your data as a JSON file. Available in Settings → Account → Export Data.
  • Right to withdraw consent: Withdraw AI processing consent at any time in Settings. This disables AI features without affecting your account.
  • Right to object: Object to processing based on legitimate interest.
  • Right to lodge a complaint: You have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any right, contact us at hello@penguinridge.co.uk. We will respond within 30 days.

10. Security

We take security seriously:

  • All connections are encrypted via HTTPS (TLS).
  • Passwords are hashed using bcrypt — we cannot recover your password.
  • Journal entries, stories, and analyses are encrypted at rest using AES-128 (Fernet).
  • Sessions are server-side with HttpOnly, SameSite=Lax cookies.
  • Login attempts are rate-limited; accounts lock after 10 failed attempts.

Despite these measures, no system is completely immune to attack. If you discover a security vulnerability, please report it to hello@penguinridge.co.uk.

11. Changes to this policy

We may update this policy to reflect product changes or legal requirements. Material changes will be communicated via email to registered users. The "last updated" date at the top of this page indicates when changes were last made.

12. Contact us

For any questions about this policy or your data:

Email: hello@penguinridge.co.uk
Company: PenguinRidge, United Kingdom

Questions about your data? hello@penguinridge.co.uk