Privacy Policy

Ridgeline Software LLC ("we," "us," or "our") operates CostRadar ("the Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.

We collect the minimum data necessary to provide the Service. We do not sell your data. We do not use your data for any purpose other than delivering the Service to you.

2.1 Account Information

When you create an account, we collect:

• Email address (via Clerk authentication)
• Name (optional, from your Clerk profile)
• Authentication identifiers (Clerk user ID)
• Billing information (payment method details processed by Stripe — we do not store raw card numbers)

2.2 Azure Resource Data

To provide the Service, we retrieve and store the following from your Azure environment using a read-only service principal with Reader role access:

• Daily cost amounts per service and resource (via Azure Cost Management API)
• Resource names, resource group names, and subscription names
• Azure subscription IDs and tenant IDs
• Azure Advisor optimization recommendations (cost, reliability, and performance suggestions generated by Microsoft) — including rightsizing suggestions and Reserved Instance/Savings Plan opportunities
• Azure resource tags (key/value pairs attached to resources) — used to break down cost by team, department, or environment
• Service principal credentials you provide (tenant ID, client ID, client secret — stored encrypted)

We do not retrieve or store: resource configuration, virtual machine images, application data, storage contents, network traffic, or any data from within your Azure resources. We access billing records, resource metadata, Azure Advisor recommendations, and resource tags only.

2.3 Usage Data

We automatically collect limited usage information, including:

• Pages visited and features used within the dashboard
• API request logs (timestamps, endpoint, response codes — not request bodies)
• IP address and browser type, used for security monitoring and recorded in the audit log alongside account actions (anomaly acknowledgements, settings changes, team member changes, etc.)
• General location (country/region) derived from IP address for security purposes
• Analytics data collected via Microsoft Application Insights, including page views, feature usage, and error rates

2.4 Support Conversations

If you use the AI support chat, your messages and the assistant's responses are stored to provide conversation history and may be reviewed by our team to improve the Service. Conversations are retained for the duration of your account and then deleted upon account deletion.

Support conversations are processed by Google's Gemini API via OpenRouter. See Section 4 for details on third-party processors. Do not include passwords, client secrets, or sensitive personal information in support conversations.

2.5 Cookies and Local Storage

We use strictly necessary cookies and local storage for:

• Maintaining your authentication session (managed by Clerk)
• Remembering dashboard preferences (e.g., filter states)

We do not use advertising cookies or third-party tracking pixels.

We use the information we collect to:

• Provide the Service — pulling, storing, and analyzing your Azure cost and resource optimization data to surface anomalies, generate reports, and deliver alerts
• Send notifications — email digests, anomaly alerts via Slack or Teams webhooks you configure
• Process payments — managing subscriptions and billing through Stripe
• Provide support — responding to inquiries and powering the AI support assistant
• Improve the Service — analyzing aggregate, anonymized usage patterns to identify product improvements
• Security and fraud prevention — detecting abuse, unauthorized access, and suspicious activity
• Legal compliance — meeting our obligations under applicable law

We do not use your data to train AI models. We do not profile you for advertising purposes. We do not sell, rent, or trade your personal data.

We share data with the following sub-processors solely to provide the Service. Each is bound by data processing agreements and appropriate security standards.

We do not share data with any other third parties except as required by law or in connection with a business transfer (see Section 11).

We retain personal data for the following periods:

• Account and billing data — Duration of your account plus 90 days after termination
• Azure cost snapshots and anomaly data — Duration of your account (deleted promptly upon account deletion)
• Audit logs — 12 months from the date of each action
• Support conversation history — Duration of your account
• Abuse prevention records (retired Azure subscription IDs) — 90 days after account termination, trial expiration, or cancellation
• Viewer invite tokens — 7 days from creation or until used, whichever comes first
• Trial accounts not converted to paid plans — 30 days after trial expiration
• Payment records — 7 years as required by financial regulations

After the applicable retention period, data is deleted or anonymized. After account deletion, we will complete deletion of all non-financial data within 90 days. You may request immediate deletion of cost and operational data by contacting support@costradar.io.

We implement security measures appropriate to the sensitivity of the data we hold:

• Azure service principal credentials are stored encrypted using AES-256-GCM encryption at rest
• All data in transit is encrypted via TLS 1.2+
• Access to production data is restricted to authorized personnel only
• Authentication is handled by Clerk with industry-standard session management
• Admin impersonation actions are logged with an audit trail

No security system is perfect. In the event of a security breach affecting your personal data, we will notify affected users without undue delay, and no later than 72 hours after becoming aware of the breach where feasible. Notification will be sent to the email address associated with your account and will describe the nature of the breach, what data was affected, and what steps we are taking.

We use cookies and similar technologies to operate the Service. This includes:

• Session cookies (via Clerk) required for authentication and login state
• Analytics data collected via Microsoft Application Insights, including page views, feature usage, and error rates
• No third-party advertising cookies are used

These cookies are set by Clerk, our authentication provider. Because they are strictly necessary for authentication to work, they cannot be disabled without breaking your ability to sign in. You can control cookie behavior through your browser settings, but disabling cookies may prevent you from using the Service.

We do not currently respond to browser Do Not Track (DNT) signals. We do not track users across third-party websites.

Depending on your location, you may have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate personal data
• Deletion — Request deletion of your personal data (the "right to be forgotten")
• Portability — Request your data in a machine-readable format
• Objection — Object to certain processing of your data
• Restriction — Request that we restrict processing in certain circumstances
• Withdraw consent — Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at support@costradar.io. We will respond within 30 days. We may need to verify your identity before processing certain requests.

You can delete your entire account and all associated data through Settings → Account → Delete Account, or by emailing us directly.

If you are located in the European Economic Area or United Kingdom, you have the right to receive a copy of your personal data in a structured, machine-readable format (data portability). To request a data export, contact support@costradar.io.

If you are located in the European Economic Area, you have the right to lodge a complaint with your local supervisory authority if you believe we have not handled your data in accordance with applicable law.

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

• Right to Know — You may request information about what personal data we collect, use, disclose, and sell.
• Right to Delete — You may request deletion of your personal data, subject to certain exceptions.
• Right to Correct — You may request correction of inaccurate personal data.
• Right to Opt Out of Sale — We do not sell your personal information to third parties.
• Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at support@costradar.io. We will respond within 45 days.

If Ridgeline Software LLC is acquired, merges with another company, or sells substantially all of its assets, your data may be transferred as part of that transaction. We will provide notice before your data becomes subject to a materially different privacy policy.

The Service is intended for users 18 years of age and older. We do not knowingly collect personal information from persons under 18. If you believe we have inadvertently collected information from a minor, please contact us at support@costradar.io and we will delete it promptly.

Ridgeline Software LLC is based in the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer. We rely on appropriate safeguards (such as standard contractual clauses) when transferring data from the EEA to the United States.

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top and notify you through the dashboard or by email at least 14 days before changes take effect.

Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

For privacy-related questions, requests, or concerns:

Ridgeline Software LLC
Email: support@costradar.io
Texas, United States