Privacy policy

Last updated 3rd September 2025

Registrar

Aatos Legal Technology Ltd (2901500-3)
Lemuntie 3-5A
00510 Helsinki
Finland

For issues related to data protection, you can contact customer service at support@bindlegal.com

General

The privacy policy applies to the Bind internet service ("Bind"). The processing of personal data is governed by the EU General Data Protection Regulation (GDPR) and as well as applicable national data protection laws in the countries where Bind operates.

Contract for Personal Data Processing

When you create and manage your Bind account—including registration, payment processing, and service communications—you provide personal data (such as your name, email address, and payment details). For this account-related data, Bind determines the purposes and means of processing and therefore acts as the Data Controller.

In contrast, any personal data you enter when creating documents or electronic signatures is used solely to generate and manage your contracts. For this document-specific data, you remain the Data Controller, and Bind acts solely as a Data Processor, processing your data strictly on your instructions. Bind will not access, view, modify, or delete this content without your explicit consent—except where required by law, in which case such access will be fully documented.

You are responsible for ensuring that you have a lawful basis for processing any personal data you provide. Please review your obligations under the GDPR and other applicable data protection regulations.

Purposes and Basis for Processing Personal Data

We process your personal data for two distinct purposes:

Account Management, Communication, and Marketing:
The personal data provided during account creation (including email addresses and payment details) is used to verify your identity, process payments, send service notifications and updates, and, where applicable, deliver marketing communications. For these purposes, Bind acts as a Data Controller, as we determine the purposes and means of processing in line with our service agreements and legal obligations.

Document and Signature Services:
Any personal data you enter during the document or signature creation process is used exclusively to generate, manage, and execute your contracts. In this context, you remain the Data Controller, and Bind acts solely as a Data Processor by processing this data strictly on your behalf.

The processing of your personal data is based on our service agreements and, where applicable, on your explicit consent. Please refer to our full privacy policy for further details on our data protection practices.

Personal Data Processed

We may process various categories of your personal data in order to provide and improve our services. These include, but are not limited to:

• Identification Data: First name, last name, date of birth, and personal identification numbers.
• Contact Data: Address, phone number, and email address.
• Signature Data: Electronic signatures provided by you.
• Public Records: Data obtained from governmental or other public authorities.
• Technical Data: Information collected via cookies and other tracking technologies, including data on how you use our service.

This list is provided for informational purposes and is not exhaustive. We may process additional personal data as necessary to deliver, maintain, and improve our services.

Information Sources

We collect personal data from several sources to provide and improve our services:

Directly from You: When you sign up or interact with our service, we collect the information you provide (e.g., your name, email address, and account credentials via Clerk).

Usage Data: We automatically collect technical data—such as device information, IP address, and pages visited—to understand how you use Bind and to help us enhance our service.

Contract Data: When you create contracts, the data you enter is stored to enable and manage the service.

Cookies and Tracking Technologies: We use cookies and similar tools to gather information about your browsing activities.

Third-Party Submissions: Occasionally, another user may add personal data related to you. If you have concerns about such information, please contact the user who provided it.

Personal Data Processors

Access to personal data is strictly limited to individuals who require it to perform their work or duties, and all such individuals are bound by confidentiality agreements.

The following third-party service providers process personal data on our behalf:

Servers & Data Hosting: Amazon Web Services Inc.

Payment Processing: Stripe Inc.

Online Traffic Monitoring: Google Ireland Ltd and Meta Platforms Ireland Ltd.

Financial Management: Accountor Finago Ltd.

Customer & User Communication: Intercom Inc.

Language Processing: Groq, OpenAI

Analytics & Performance Tracking: Langfuse, Clarity, FullStory

Authentication & User Management: Clerk

Email Marketing: Customer.io

Personal Data Retention Period

Your personal data is retained for as long as your Bind account remains active. You may request account deletion by contacting our customer service. Inactive accounts may be removed after an extended period of inactivity. Prior to any deletion, Bind will notify you and provide an opportunity to reactivate your account.

Protection of Personal Data

Bind has implemented robust technical, organizational, and administrative security measures to protect your personal data against loss, misuse, unauthorized access, disclosure, alteration, and destruction. Our security procedures are regularly reviewed and enhanced to maintain the highest standards of data protection.

Disclosure of Personal Data

We may disclose your personal data to third parties—including governmental authorities, service suppliers, payment providers, and business partners—as necessary to deliver our services or as required by law. In every case, Bind ensures that appropriate confidentiality and data protection measures are in place before any disclosure.

Data Subject Rights and Security

Bind is committed to protecting your personal data and complying with applicable data protection laws. Bind processes your personal data based on consent, contractual necessity, and legitimate interest. In addition to our robust security measures you have the following rights regarding your personal data:

• Right of Access: You have the right to request information about the personal data we process about you, the purposes of processing, the recipients of your data, and the retention periods.
• Right to Rectification: You may request that inaccurate or incomplete personal data be corrected or completed.
• Right to Erasure (Right to be Forgotten): You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent, subject to any legal obligations.
• Right to Restriction of Processing: You may request that the processing of your personal data be restricted under certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transfer it to another data controller where technically feasible.
• Right to Object: You may object at any time to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: If the processing of your personal data is based on your consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority or equivalent local regulatory body if you believe your data protection rights have been violated.

Bind has implemented robust technical, organizational, and administrative measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. You can exercise your rights by contacting us at support@bindlegal.com, and we will respond in accordance with applicable laws and local regulations.

You can opt out of certain data collection by adjusting your browser or device settings, and you can request deletion of your account by contacting us.

Please note that Bind is not responsible for the content of documents or electronic signatures created by users within their accounts. For confidentiality reasons, Bind does not review these materials, and the rights listed above do not extend to personal data that may be contained within user-generated content.  

Cookies and Similar Technologies

Bind uses cookies and similar technologies to remember your preferences and track your usage, which helps us improve our services. You may configure your browser to refuse cookies; however, please note that some features of Bind may not work properly if cookies are disabled.

International Data Transfers

For technical reasons, personal data may be transferred outside the European Union (EU) or the European Economic Area (EEA). Such transfers are always based on legal grounds—such as the European Commission's adequacy decisions, EU Standard Contractual Clauses (SCC), or other appropriate safeguards. When transferring data to the United States, transfers may be carried out in accordance with the new EU-US Data Privacy Framework, provided that the recipient is certified under it, ensuring compliance with the GDPR.

Changes to this Policy

Bind may update this Privacy Policy periodically. If we make any significant changes, we will notify you by posting the revised policy on our website or within the Bind app. Your continued use of our services after such changes constitutes your acceptance of the updated policy.

Contact Us

If you have any questions or concerns about this Privacy Policy or your personal data, please contact us at support@bindlegal.com.