TRUST & SECURITY

How we protect your data

BindLedger handles sensitive security evidence. We take that responsibility seriously. Here's how we protect the data you share with us.

Data Handling

Scan Inputs

We query public DNS, certificate, and service data. No credentials required. No agents installed.

Uploaded Documents

Carrier questionnaires and evidence files are processed for parsing and mapping. Files are stored encrypted at rest and transmitted over TLS.

Evidence Packets

Generated packets contain only the data you choose to include. Shareable links are token-gated and expire.

Infrastructure

Hosted on Vercel (application) and Supabase (database and storage). All data encrypted at rest (AES-256) and in transit (TLS 1.2+).

Access Controls

Authentication via Clerk. Role-based access within teams. API endpoints require valid session tokens.

Read-Only Verification

Our scan operates in read-only mode. We do not modify DNS records, email configurations, or any aspect of your infrastructure. We observe — we do not touch.

Data Retention

Scan results and uploaded documents are retained while your account is active and can be deleted on request at any time. Evidence packets remain available until their share link expires (90 days by default). Free tool usage is logged for quality assurance and service reliability; to request deletion of any data, see Deletion Requests below.

Free Tool Upload Handling

Files uploaded to free tools like our supplement parser and renewal inbox parser are processed for parsing and classification. Parsed outputs are logged for quality assurance. We do not use uploads for model training, do not share them with third parties, and do not retroactively associate free tool usage with your account if you later create one.

Internal Access Controls

Only authenticated users and their team members can access uploaded files and generated content. BindLedger staff do not access your files unless explicitly requested with written permission. Third parties do not have access to file contents for analytics, advertising, or other purposes.

Deletion Requests

To request deletion of your data, email security@bindledger.com. Account deletion removes all files, scans, and evidence packets. Requests are processed within 5 business days, and you will receive email confirmation once completed.

Incident Notification

In the event of a security incident, affected users will be notified within 72 hours. Notifications include what data was affected, what occurred, and the remediation steps we have taken. For questions or to report incidents, contact security@bindledger.com.

Responsible Disclosure

Found a security issue? Contact security@bindledger.com. We appreciate responsible disclosure and will respond within 48 hours. See our security.txt.

Privacy & Terms

See our privacy policy for full details on data handling and user rights. See our terms of service for the complete terms of using BindLedger.