Privacy Policy

Last updated: May 8, 2026

1. Introduction

ribby.dev LLC ("we", "us", "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your information.

2. Information We Collect

We collect the following types of information:

  • Contact information you provide voluntarily through our contact form, including your name, email address, phone number (optional), company (optional), and project details.
  • Client portal account information when you sign in to our client portal. We use Auth.js for authentication and store your name, email address, profile image (if provided by Google), and authentication tokens necessary to keep you signed in. If you sign in with Google, we receive these from Google’s OAuth flow. If you sign in with a magic link, we receive your email address only.
  • Project request details you submit through the portal lead form, including the project type, description, budget, and timeline you provide.
  • Billing information if you become a paying client. We use Stripe as our payment processor; Stripe stores your payment methods directly — we only retain a Stripe customer reference (an opaque identifier) on our side.
  • Phone numbers for SMS communications, only if you explicitly opt in via our contact form.
  • Basic usage data such as pages visited and referrer information, collected via standard web analytics (including Google Analytics / Google Ads conversion tracking) to improve our website and measure marketing effectiveness.

3. How We Use Your Information

We use your information to:

  • Respond to inquiries and provide requested services.
  • Authenticate you in the client portal and surface the projects and billing information associated with your account.
  • Add your contact details to our marketing list so we can send relevant updates about new services. You can unsubscribe at any time by emailing us.
  • Send marketing text messages, only if you have opted in.
  • Improve our website and services.
  • Comply with legal obligations.

4. Sharing of Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We use the following processors to operate the site and portal:

  • Vercel — hosting and edge infrastructure for ribby.dev.
  • Railway — managed Postgres database where portal account, project, and lead data live.
  • Resend — transactional email provider (magic-link sign-in emails, contact form replies, admin notifications).
  • Stripe — payment processor. If you are a paying client, your card and billing details are stored at Stripe under their privacy policy and never touch our servers directly.
  • Google — OAuth identity provider when you choose “Continue with Google” sign-in. Google may collect data under its own privacy policy.
  • Telnyx — SMS delivery (only if you have opted in to SMS).
  • Cloudflare Turnstile — bot prevention on public forms.
  • Google Analytics / Google Ads — usage analytics and conversion tracking on the marketing site.

Each processor handles your data only for the technical purpose of providing its service.

5. SMS-Specific Privacy

The following provisions apply specifically to phone numbers and SMS data collected by ribby.dev LLC:

  • We collect phone numbers only when you voluntarily provide them and check the optional SMS opt-in checkbox on our contact form.
  • Your mobile information will not be sold or shared with third parties for promotional or marketing purposes.
  • Your phone number is shared only with our SMS service provider (Telnyx) solely for the technical purpose of delivering messages you have opted in to receive.
  • You can opt out of SMS messages at any time by replying STOP to any message. Upon opt-out, your number will no longer be used for marketing messaging.
  • For full SMS terms, see our SMS Terms of Service.

6. Data Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law:

  • Contact form submissions and lead descriptions are retained while we are evaluating or actively engaged on your project, plus a reasonable follow-up window.
  • Client portal accounts are retained for the duration of your engagement with us. Magic-link verification tokens expire after 24 hours.
  • Billing records are retained as required by tax and accounting obligations (typically 7 years).

You may request deletion of your information at any time by emailing hello@ribby.dev.

7. Your Rights

You have the right to:

  • Access the personal information we hold about you.
  • Request correction or deletion of your information.
  • Opt out of marketing communications at any time.
  • Withdraw consent for SMS messages by replying STOP.

8. Security

We take reasonable measures to protect your personal information from unauthorized access, disclosure, or destruction. However, no method of transmission over the internet is 100% secure.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent changes.

10. Contact

For privacy-related questions, email hello@ribby.dev.