Privacy Policy

Last updated: [DATE]

Draft: pending legal review. This document is a working draft and has not yet been reviewed or approved by an attorney. It is not legal advice. Do not rely on it until the final version is published.

This Privacy Policy explains how Bindloops Inc. (“Bindloops,” “we”) collects, uses, and protects information when insurance agencies (“Customers”) and their authorized users use the Bindloops platform, and when visitors use this website. Bindloops provides software to insurance agencies; for data that an agency’s clients submit, the agency is the data controller and Bindloops acts as a service provider / processor (and, where applicable, a HIPAA Business Associate) on the agency’s behalf.

1. Information we collect

  • Account & business data from Customers: names, work email, phone, agency details, licensing/state data, and billing information (processed by our payment provider).
  • End-client datathat Customers and their clients input into the platform (e.g., contacts, policies, financial and, where applicable, health information). Bindloops processes this on the Customer’s behalf under our agreement.
  • Usage & technical data: log data, device/browser information, and activity within the platform, for security and to operate the service.

2. How we use information

  • To provide, maintain, and secure the platform.
  • To support Customers and respond to requests.
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations.
  • To improve our services (in aggregated or de-identified form where feasible).

We do not sell personal information.

3. Sharing & sub-processors

We share information with service providers that help us operate the platform, under contractual data-protection commitments — for example [Supabase] (database/hosting), [Twilio] (telephony/SMS), [Plaid] (bank connectivity, where used), [Meta] (messaging, where used), [Resend] (email), and [Vercel/Fly] (hosting). We may disclose information if required by law. We do not sell personal information.

4. Health information (HIPAA)

Where a Customer uses Bindloops to process Protected Health Information, Bindloops acts as a Business Associate and handles such information pursuant to a Business Associate Agreement (BAA) and applicable HIPAA requirements. [Confirm BAA program with counsel.]

5. Security

We use technical and organizational safeguards including encryption of sensitive data, tenant isolation, and access controls. No method of transmission or storage is 100% secure, but we work to protect information using reasonable industry practices.

6. Your rights

Depending on your jurisdiction (e.g., CCPA/CPRA in California, or GDPR where applicable), you may have rights to access, correct, delete, or port your personal data. For end-client data, requests are generally directed to the relevant agency (the controller). Contact [privacy-email] to exercise your rights; we respond as required by applicable law.

7. Retention

We retain information for as long as needed to provide the service and to meet legal, regulatory, and contractual obligations, then delete or de-identify it.

8. Children

The platform is not directed to individuals under 18.

9. Changes

We may update this policy and will post the current version here with its date.

Contact

Email: support@bindloops.com

Entity: Bindloops Inc.

Address: [address]