Privacy Policy
Last updated June 12, 2026
In plain English
- We collect what we need to run your compliance program — your account and company details, the insurance certificates, declaration pages, and regulatory filings you and your vendors or tenants upload, and the billing details Stripe processes for your subscription.
- We never sell your information. We process the documents you upload to extract coverage data, check it against your rules, and flag deficiencies — that's the service.
- We use AI (Anthropic) to read uploaded documents. We do not use your data to train AI models, and we send only the document needed for each extraction.
- You can ask us at any time to see, correct, export, or delete the information we hold. Email [email protected].
1. Who we are
Bindly Compliance is a business-to-business compliance-automation service. We help companies — property managers, motor carriers, brokers, and other businesses — track whether their vendors, subhaulers, and tenants carry the insurance coverage and regulatory filings that their contracts and applicable law require. This Privacy Policy covers bindlycompliance.com and the Bindly Compliance dashboard.
2. Information we collect
We collect information in a few ways:
- What you give us directly. When you start a trial, create an account, or set up your program, you share information like your business name, your contact details, the names and email addresses of your team and of the vendors or tenants you monitor, and the compliance rules you want enforced.
- The documents you and your vendors or tenants upload. Certificates of insurance (ACORD forms), policy declaration pages, renters declaration pages, MCS-90 endorsements, FMCSA filings, and similar records. These documents may contain personal information about third parties — named insureds, tenants, drivers, and signatories.
- Payment information. Subscriptions are billed through Stripe. Stripe handles your card details directly; we store only a customer and subscription reference and your plan — never full card numbers.
- What your browser sends automatically. Your IP address, browser type, device characteristics, and the pages you view. We use Cloudflare for hosting and DDoS protection.
3. How we use your information
- To provide the service — parse the documents you upload, extract coverage and filing data, evaluate it against your rules, and surface deficiencies.
- To request and collect documents on your behalf — including sending document requests and deficiency notices to the vendors and tenants you monitor.
- To bill and manage your subscription through Stripe.
- To provide support and respond to your questions.
- To meet our legal and regulatory obligations.
- To detect and prevent fraud, abuse, and security incidents.
4. Documents about third parties — your role and ours
A lot of what flows through Bindly Compliance is information about your vendors, subhaulers, and tenants rather than about you. For that information you are the party that decides why and how it is processed, and Bindly Compliance acts as your service provider (a "processor" under privacy law): we process it only to provide the service to you and on your instructions, never for our own marketing or sold to anyone.
You are responsible for having the authority to upload the documents and information you submit, and for the accuracy of the rules you configure. If one of your vendors or tenants asks us to access or delete information you uploaded, we will refer them to you as the business responsible for that record.
5. AI processing of documents
We use Anthropic's Claude models to read uploaded documents and extract structured data — coverage limits, effective and expiration dates, form types, and named parties. We send only the document and the extraction instructions to the model. We do not use your documents to train AI models, and our AI provider does not train its models on data sent through its API. AI usage is rate- and budget-capped to prevent abuse and runaway cost.
6. Cookies and analytics
We use a small set of essential cookies — your sign-in session for the dashboard and security cookies that block automated abuse. A full, itemized list lives on our Cookies & tracking page. If your browser sends the Global Privacy Control (GPC) signal, we treat it as a binding opt-out and never show you a cookie banner. We do not use Google Analytics, the Meta Pixel, or any advertising tracker.
7. Service providers we share information with
To provide the service, we share information with the following service providers under contractual data-protection terms:
- Cloudflare — hosting, content delivery, DDoS protection, database (D1), and document storage (R2).
- Clerk — sign-in and identity for the dashboard.
- Stripe — subscription billing and payment processing.
- Paubox — transactional email delivery (document requests, deficiency notices, account email).
- Anthropic — large-language-model provider used to extract data from uploaded documents. We send only the document needed and never use your data for model training.
- Help Scout — customer-support inbox for staff replies.
- Sentry — error monitoring, with PII scrubbing applied.
8. Your privacy rights
Depending on where you live, you have one or more of the following rights. For privacy questions or requests under CCPA and other state privacy laws, contact us at [email protected].
- Right to access — get a copy of the information we hold about you.
- Right to correction — fix anything we have wrong.
- Right to deletion — ask us to delete your information, subject to legal retention requirements and any compliance records you are obligated to keep.
- Right to opt out of sales / sharing — we do not sell or share your information for cross-context behavioral advertising. This setting is permanently on by default.
- Right to non-discrimination — we will not retaliate against you for exercising these rights.
California residents may also designate an authorized agent to make requests on their behalf. We respond to verifiable requests within 45 days.
9. Security
We protect information in transit with TLS and at rest with encryption, and we apply additional field-level encryption to sensitive identifiers such as DOT, MC, and EIN numbers. We use role-based access controls and audit logging for staff access to customer data, and we require multi-factor authentication for staff accounts that touch customer data.
No system is perfectly secure. If we ever experience a breach affecting your information, we will notify you and the appropriate regulators in accordance with applicable law.
10. Data retention
We retain your account and compliance records for as long as your subscription is active and for up to 7 years afterward to support audit, recordkeeping, and dispute resolution. Uploaded documents are retained while they are relevant to active monitoring. When you ask us to delete or export your data, we honor the request subject to any legal hold or recordkeeping obligation, and we confirm when it is done.
11. Where your data is processed
Bindly Compliance runs on Cloudflare's global network, with data processed primarily in the United States. We use the same controls regardless of which edge location serves a given request.
12. Changes to this policy
We may update this policy from time to time. When we make material changes, we will notify you by email (if we have one on file) and post a notice on this page. The "Last updated" date at the top reflects the most recent change.
13. Contact us
For privacy questions or requests under CCPA and other state privacy laws, contact us at [email protected].
Related: Terms of Service · Cookies & tracking