Privacy & Cookie Policy

Last updated: May 2026

Ringfence is a product of Settleby Ltd, a company registered in England and Wales (No. 15107426, VAT GB448267759).

1. About this policy

This Privacy & Cookie Policy explains how Settleby Ltd ("we", "us") collects, uses, and protects personal data when you use Ringfence — the ringfence command-line tool, local proxy, and cloud dashboard at ringfence.dev. Settleby is the data controller for personal data processed in connection with the Service.

We process personal data in accordance with the UK General Data Protection Regulation, the Data Protection Act 2018, and — where applicable — the EU General Data Protection Regulation. Section 11 sets out a notice for residents of California, USA.

2. The privacy moat

Ringfence is built around a privacy boundary. The local agent runs on your machine and is the only component that ever sees prompt or completion content. The cloud receives metadata only:

  • What we DO send to the cloud: model identifier, input/output token counts, timestamp, derived cost in micros-USD, request status (allowed / blocked / errored), agent identifier.
  • What we NEVER send to the cloud: prompts, completions, file paths, source code, working-directory information, environment variables, hostnames.

This boundary is enforced in the local proxy's source code. If you operate the local agent in offline mode, no metadata is transmitted at all and budget enforcement continues to work.

3. Personal data we collect

3.1 Account data

  • Your email address and a hashed password (or a magic-link login token).
  • Your team or organisation name, as you provide it.
  • Roles and permissions within a team.

3.2 Billing data

Subscription billing is handled by Stripe. Stripe acts as an independent data controller for payment-related data, including card details. We receive from Stripe a customer identifier, a subscription identifier, the plan you selected, and the renewal date. We do not store card numbers or bank credentials.

3.3 Usage metadata (heartbeats)

When the local agent is configured to report to the cloud, it sends signed heartbeats containing the metadata listed in section 2. These heartbeats are linked to your team and to the agent identifier you issued, but contain no prompt or completion content.

3.4 Operational logs

Our cloud servers log standard request information for security and reliability: timestamp, method, path, status code, IP address, and user-agent. Logs are retained for up to 90 days.

3.5 Communications

If you contact us, we keep a record of the message and our response so we can follow up. If you opt in to product updates, we will email you occasionally about new features; you can unsubscribe at any time.

4. How we use your data and our legal basis

  • To provide the Service (performance of a contract): authenticating you, displaying budgets and usage, billing your subscription.
  • To secure the Service (legitimate interest): preventing fraud and abuse, investigating incidents.
  • To comply with legal obligations: keeping accounting records.
  • To send transactional email (performance of a contract): account verification, magic-link logins, billing notifications.
  • To send product updates (consent): only where you have opted in. You can withdraw consent at any time.

We do not sell or rent personal data. We do not use your data to train AI models, and we do not share your data with advertising networks.

5. Sub-processors and third parties

We rely on a small set of trusted providers to operate the Service:

  • Stripe Payments Europe Ltd — payment processing and subscription billing.
  • Resend — transactional email delivery.
  • Hosting provider for the cloud dashboard (currently in the United Kingdom; we will update this list if we change providers).
  • Slack Technologies — only if you configure Ringfence to deliver budget alerts to a Slack workspace you control. Settleby does not initiate or manage that integration on your behalf beyond delivering the alert you requested.

Each provider acts as either an independent controller (Stripe for card data) or a processor under a written agreement that includes the equivalent of UK GDPR Article 28 obligations. The current list of sub-processors for paid customers is also reflected in section 7 of the Data Processing Addendum at /dpa.

6. International transfers

Your data is primarily processed in the United Kingdom. Where any sub-processor transfers data outside the UK or European Economic Area, we rely on the UK International Data Transfer Agreement (IDTA) or the European Commission's Standard Contractual Clauses, supplemented where necessary by additional safeguards.

7. Retention

  • Account data: while your account is active, then deleted within 90 days of account closure unless legal obligations require longer retention.
  • Billing records: 7 years from the date of issue, as required by HMRC for VAT-registered companies.
  • Heartbeat metadata: 13 months by default. Customers on paid plans can request earlier deletion in writing.
  • Operational logs: up to 90 days.

8. Your rights (UK / EU)

Under the UK GDPR (and the EU GDPR where applicable) you have the right to:

  • access the personal data we hold about you
  • correct inaccurate data
  • request deletion of your data, subject to legal retention obligations
  • restrict or object to processing
  • request portability of data you provided to us
  • withdraw consent for any processing based on consent
  • lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local EU supervisory authority

To exercise any of these rights, email hello+privacy@ringfence.dev. We will respond within 30 days.

9. Security

We take reasonable technical and organisational measures to protect personal data, including:

  • TLS encryption for all traffic in transit
  • Bcrypt-hashed passwords
  • Per-agent bearer tokens combined with HMAC signatures and timestamp-drift checks for cloud heartbeats
  • Minimal access to production systems, gated by SSH keys and audit logs
  • Encrypted database backups stored in a separate region

If we become aware of a personal data breach affecting your data, we will notify the relevant supervisory authority within 72 hours where required by law, and notify you without undue delay where the breach is likely to result in a high risk to your rights.

10. Cookies

ringfence.dev uses a small number of cookies, all strictly necessary for the Service:

  • A session cookie that keeps you signed in to the cloud dashboard.
  • A CSRF cookie that protects forms against cross-site request forgery.

We do not use advertising cookies, third-party analytics cookies, or social media trackers. If we ever introduce optional analytics, we will ask for your consent through a cookie banner before any such cookie is set.

11. Notice for California residents

If you reside in California, the California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA) gives you certain rights regarding personal information.

Categories of personal information we collect, as described in section 3: identifiers (email), commercial information (subscription details), internet activity (operational logs), and inferences derived from heartbeat metadata.

We do not "sell" or "share" personal information for cross-context behavioural advertising as those terms are defined under the CPRA. We have not done so in the past 12 months.

California residents have the right to know, delete, correct, and limit the use of sensitive personal information. Because we do not sell or share, the "Do Not Sell or Share" right is moot, but we honour confirmation requests on demand.

To exercise these rights, email hello+privacy@ringfence.dev. We will not discriminate against you for exercising any of them.

12. Children

The Service is not directed at children under 16, and we do not knowingly process their personal data. If you believe a child has provided personal data to us, contact hello+privacy@ringfence.dev and we will delete it.

13. Changes to this policy

We may update this Privacy & Cookie Policy from time to time. Material changes will be notified by email and reflected in the "Last updated" date at the top of this page. Older versions are available on request.

14. Contact

Settleby Ltd, registered in England and Wales (No. 15107426).

Privacy enquiries: hello+privacy@ringfence.dev

If you are unhappy with how we have handled your data, you can lodge a complaint with the UK Information Commissioner's Office at ico.org.uk or with your local EU supervisory authority.