Privacy Policy

BindPages ("we", "us", "our") is operated by [COMPANY NAME], [ADDRESS]. This Privacy Policy explains how we collect, use, and protect information about you when you use bindpages.com and related services (collectively the "Service").

Account information

• Name, email address, and password hash when you register.
• Billing information (processed entirely by Stripe — we do not store card numbers).
• Plan tier, credit balance, and usage history.

Content you create

• Source URLs you submit for crawling.
• Recipe data scraped and generated from those sources.
• Ebook configurations, PDF outputs, and template customizations.
• Category labels and content you enter manually.

Third-party API keys

If you supply API keys for AI providers (OpenAI, Google Gemini, Anthropic Claude, DeepSeek, OpenRouter, or others), those keys are stored encrypted at rest and used only to make requests on your behalf. See Section 4 for full details.

Usage and technical data

• Log data: IP address, browser type, pages visited, timestamps.
• Job and queue metadata (crawl job status, PDF generation events).
• Error and performance telemetry.

• Provide, operate, and improve the Service.
• Process payments and manage subscriptions via Stripe.
• Send transactional emails (account confirmation, billing receipts, credit alerts).
• Respond to support requests.
• Detect and prevent abuse, fraud, and security incidents.
• Comply with legal obligations.

We do not sell your personal data to third parties and do not use it for ad targeting.

Your API keys are sensitive credentials and we treat them accordingly:

• Keys are encrypted at rest using AES-256 before being stored in our database.
• Keys are used exclusively to make AI API requests initiated by you within the Service.
• Keys are never logged in plain text, never sent to analytics services, and never accessible to BindPages staff except through the encrypted database.
• Keys are scoped to your account and are never shared with other users.
• You can delete your keys at any time from Settings → AI Providers. Deletion is immediate and irreversible.
• If you delete your account, all stored keys are permanently purged within 30 days.

BindPages is a multi-tenant platform. Your recipes, source URLs, ebooks, images, crawl jobs, and API keys are scoped to your user account. Other users cannot access your data. All database queries include a user-ID filter enforced at the API layer.

We share limited data with the following categories of service providers:

• Stripe — payment processing and subscription management. Stripe's privacy policy applies to payment data.
• Cloud infrastructure providers — hosting, object storage (MinIO/S3-compatible), and database services. Data is processed under data processing agreements.
• AI providers you configure — when you submit an API key and trigger a job, your recipe content is sent to that provider's API. Their privacy policies govern that data.
• Error monitoring tools (e.g. Sentry) — anonymized stack traces and performance data, no personal content.

We do not share your content with AI providers without an explicit user-initiated action.

We use cookies and similar technologies for session management and, with your consent, analytics. For full details see our Cookie Policy.

• Active account data is retained for as long as your account is open.
• If you cancel, your data is retained for 90 days in case you wish to reactivate, then purged.
• Backups may retain data for up to 30 days after purge.
• Anonymized aggregate analytics may be retained indefinitely.

You have the right to:

• Access a copy of the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and associated data (via Settings → Account or by emailing us).
• Export your recipe and ebook data in a machine-readable format on request.
• Withdraw consent for non-essential cookies at any time via the cookie banner.

GDPR (EU/EEA users). If you are located in the European Economic Area, you may also have the right to data portability, restriction of processing, and the right to lodge a complaint with your local supervisory authority. Our lawful basis for processing is contract performance (account and billing) and legitimate interests (security, abuse prevention).

CCPA (California users). We do not sell personal information. California residents may request disclosure of categories of personal information collected and request deletion under the CCPA.

We use industry-standard measures including TLS in transit, encrypted storage for credentials, and access controls. No system is perfectly secure; we will notify affected users of any confirmed data breach as required by law.

We may update this policy periodically. We will notify you by email or in-app notice for material changes. The "Last updated" date at the top reflects the most recent revision.

Privacy requests and questions: [email protected]