BumpCRM logo

    Privacy Policy

    Last updated: February 15, 2026

    This Privacy Policy ("Policy") describes how Ridgebuilt Contractors LLC ("Company," "we," "us," or "our"), a New Jersey limited liability company, collects, uses, stores, shares, and protects information when you access BumpCRM (the "Service").

    1. Scope

    This Policy applies to your use of our web application and APIs. By using BumpCRM, you consent to the data practices described here. If you disagree, do not use the Service.

    2. Information We Collect

    A. Information You Provide Directly

    • Account Information: Name, email address, password, and other credentials.
    • Organization Data: Company name, domain, brand details, contact records, custom fields.
    • Content and Files: Emails drafted through BumpCRM, notes, tasks, and any documents or attachments you upload.
    • Support Interactions: Queries and attachments submitted through our contact form.

    B. Integration Data

    If you connect an email account (e.g., via Gmail OAuth or other IMAP/SMTP providers), we collect metadata (sender, recipient, timestamps, subject lines), email content, and attachments. We log open and click events for outbound emails to measure campaign performance. Individual recipients are not notified, and there is currently no opt‑out mechanism. Recent regulatory guidance requires explicit consent for individualized tracking; you are responsible for obtaining any necessary consent before using tracking features.

    C. Automatically Collected Data

    We log IP addresses, device and browser information, cookies, and activity data (e.g., workflow events) for authentication, session management, and analytics.

    3. How We Collect Information

    • Directly from you via account creation, form submissions, and user content.
    • Through email integrations using OAuth or credentials you provide.
    • Automatically via cookies, pixels, and server logs.
    • From third‑party services authorized by you.

    4. How We Use Information

    We use collected information to:

    • Provide CRM functionality and manage brand and contact data.
    • Synchronize email messages, draft responses, and run workflow automations.
    • Power AI features such as brand research (via Perplexity) and email drafting/analysis (via Lovable AI). Personal data is not used to train our models.
    • Measure open and click rates in outbound emails (see Integration Data).
    • Maintain security and comply with legal obligations.
    • Improve and develop the Service.

    5. Legal Basis (EEA Users)

    Processing is based on contractual necessity, legitimate interests, or consent. Explicit consent is required for individual‑level tracking and marketing communications.

    6. Third‑Party Services

    We use the following providers:

    • Resend for transactional email delivery (contact forms, feedback, invites).
    • Google Gmail API to sync and send Gmail messages.
    • Perplexity (via Lovable connector) for AI‑powered brand research.
    • Lovable AI to draft emails and analyze replies.
    • Various IMAP/SMTP providers for non‑Gmail accounts.
    • Stripe for payment processing.

    These providers access data only as needed to deliver their services.

    7. Data Storage & Security

    Data is stored on secure cloud infrastructure. Credentials and sensitive data are encrypted at rest. Access is controlled by role‑based permissions. We log and monitor access. While we implement reasonable safeguards, no system is completely secure.

    8. Data Retention & Deletion

    If you request account deletion, we permanently remove your personal data, brand records, and synced emails within 30 days. Encrypted backup copies may be retained for up to 90 days for disaster recovery. We retain data as long as necessary to provide the Service or meet legal requirements.

    9. Data Deletion & Export

    You may request access to, correction of, deletion of, or export of your data at any time. Visit our contact form to exercise these rights. We may require verification.

    10. Cookies & Tracking

    Cookies authenticate sessions and remember preferences. Tracking pixels in outbound emails capture open and click events; recipients are not individually notified. Regulators increasingly mandate clear disclosure and opt‑out mechanisms for tracking. If you use these features, ensure compliance with applicable laws.

    11. U.S. State Privacy Laws

    At least nineteen U.S. states have enacted privacy laws requiring disclosure of behavioral profiling and opt‑out mechanisms. California's CPRA mandates that profiling and tracking are regulated activities requiring consumer disclosure and opt‑out mechanisms, with substantial fines for non‑compliance. We honor browser‑based global privacy control (GPC) signals and other state‑specific rights as required.

    12. International Transfers

    Data may be processed in the United States. If personal data is transferred to other countries, we use legal mechanisms such as standard contractual clauses.

    13. Children's Privacy

    BumpCRM is intended for users 18 and older. We do not knowingly collect information from children.

    14. Changes to This Policy

    We may update this Policy. Material changes will be posted. Continued use after changes constitutes acceptance.

    15. Contact

    Ridgebuilt Contractors LLC
    971 US Highway 202 N, STE N, Branchburg, NJ 08876

    For privacy requests: contact form