← Back to bind.co

bind.co Privacy Policy

Last updated: Dec 10, 2025

This Privacy Policy explains how bind.co ("bind," "we," "our," "us") collects, uses, processes, and retains information in connection with the bind.co platform.

bind.co provides infrastructure for user-authorized inbox data. This Policy explains our role, our data practices, and how responsibility is allocated among End Users, Developers, and bind.

1. Scope and Role

bind.co operates as a neutral system of record for authorization and access to inbox-derived information.

This Privacy Policy applies to:

  • End Users who connect an inbox to bind
  • Developers and Applications that integrate with bind
  • Visitors to bind.co websites and dashboards

bind.co acts as:

  • a processor / service provider on behalf of Developers (and, where applicable, End Users) for inbox-derived data processed under an Authorization, and under Developer instructions consistent with, and limited by, End User Authorizations, and
  • an independent controller for platform-level data such as authorization records, audit logs, security metadata, and system usage records.

2. Information We Process

A. Inbox Data (End User Content)

When an End User authorizes access, bind.co may process:

  • emails and attachments
  • message metadata (sender, recipient, timestamp, subject)
  • documents contained within the inbox
  • historical inbox content

Inbox data is processed as necessary to produce authorized Outputs. Applications do not receive direct access to the full inbox.

B. Outputs

bind.co generates Outputs, which may include:

  • structured data fields
  • classifications
  • confidence or certainty indicators
  • provenance and extraction metadata
  • scoped retrieval results returned to Applications

Outputs are generated artifacts of the bind.co service and are distinct from raw inbox content.

C. Authorization and Audit Data

bind.co records:

  • End User authorization events
  • requested and approved scopes
  • access requests and responses
  • timestamps and provenance
  • revocation events

These records are required to operate the service and preserve accountability.

D. Technical and Operational Data

bind.co also processes:

  • device and browser information
  • IP addresses
  • API usage data
  • logs, diagnostics, and performance metrics

This data is used for security, reliability, and abuse prevention.

3. How We Use Information

bind.co uses information to:

  • provide authorized access to Outputs
  • apply technical controls designed to enforce scope
  • maintain auditability and traceability
  • operate, secure, and improve the platform
  • detect and prevent abuse, fraud, or misuse
  • comply with legal obligations

bind.co does not:

  • sell personal information
  • use End User inbox data for advertising
  • make decisions on behalf of End Users or Applications

3A. Legal Basis for Processing

Where required by applicable law, bind.co processes personal information based on one or more of the following legal bases, as appropriate:

  • End User authorization (consent), where End Users authorize access to inbox data
  • Contractual necessity, to provide the bind.co service to Developers and Applications
  • Legitimate interests, such as security, auditability, abuse prevention, and service integrity
  • Legal obligations, including responding to lawful requests and complying with retention requirements

4. Full Inbox Processing

To produce authorized Outputs, bind.co may process inbox contents in full, including historical messages and attachments.

This processing enables:

  • accurate extraction
  • normalization across time
  • consistent provenance and audit records

Processing inbox data does not mean sharing it. Applications receive only Outputs within approved Scopes.

5. Sharing of Information

A. With Applications

bind.co provides Outputs to Applications only within the Scope authorized by the End User. Applications control how Outputs are used once delivered and are solely responsible for their downstream processing activities and privacy practices.

B. Service Providers and Subprocessors

bind.co uses trusted third-party service providers to operate the platform (e.g., cloud infrastructure, monitoring).

These providers process data only under bind's instructions and subject to confidentiality and security obligations.

C. Legal and Safety Disclosures

bind.co may disclose information:

  • to comply with lawful requests
  • to protect the security or integrity of the platform
  • to address fraud, abuse, or legal claims

6. Aggregated and Anonymized Data

bind.co may use aggregated or anonymized data, which cannot reasonably be linked back to an End User, to:

  • improve the service
  • develop new features
  • conduct benchmarking
  • support security and abuse detection

This data does not identify individuals.

7. Data Retention

A. Outputs

Outputs are retained:

  • to support ongoing authorized use
  • for as long as the relevant Authorization remains active
  • until deletion is requested by the End User

B. Deletion

When deletion is requested:

  • individual-level Outputs are removed from active systems
  • aggregated or anonymized data that cannot reasonably be linked back to an End User may persist
  • authorization records and audit logs may be retained as necessary for integrity, security, and legal accountability

C. Logs and Records

Authorization records, access logs, and audit data may be retained even after revocation or deletion requests where required to:

  • preserve system integrity
  • meet legal obligations
  • resolve disputes

8. End User Rights and Controls

End Users may:

  • review requested Scopes
  • approve or decline access
  • revoke Authorization at any time
  • request deletion of Outputs

Depending on jurisdiction, End Users may have additional rights such as access, correction, erasure, restriction, portability, objection, or the right to withdraw consent. These rights may be exercised by contacting bind. bind.co will respond to verifiable requests within the timeframes required by applicable law.

Requests are handled subject to applicable law, reasonable timelines, and technical constraints.

9. Developer Responsibilities

Applications that receive Outputs are responsible for:

  • their own retention and deletion practices
  • compliance with applicable privacy and data protection laws
  • providing their own privacy notices to End Users

Developers act as independent controllers of any personal data they collect or process through their Applications. bind.co does not control how Applications use Outputs once delivered.

10. Cookies and Similar Technologies

bind.co may use cookies or similar technologies for authentication, security, and service operation. bind.co does not use cookies for advertising or cross-site tracking.

11. Security

bind.co maintains safeguards designed to be reasonable and appropriate to the nature of the service, including administrative, technical, and organizational measures consistent with industry-standard practices.

No system is completely secure, and bind.co does not guarantee absolute security.

12. International Data Transfers

bind.co operates globally and may process data in multiple jurisdictions. Where required, bind.co relies on appropriate cross-border transfer mechanisms. Additional details may be provided in a Data Processing Addendum or upon request.

13. Children's Information

bind.co is not intended for use by children under the age of 13 and does not knowingly collect personal information from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated where required by law.

15. Contact Us

For privacy inquiries or requests:

Email: privacy@bind.co