Privacy Policy
Last updated: March 22, 2026
1. Information We Collect
We collect information you provide directly when using Bindly:
| Data Type | Purpose |
|---|---|
| Email address | Account creation, authentication, notifications |
| Name (optional) | Display in Spaces and public content |
| OAuth tokens | Google sign-in |
| Knowledge content | Bindings, Versions, Sets you create |
| Usage data | Analytics for service improvement |
2. How We Use Your Information
- Provide and maintain the Service
- Authenticate your identity
- Store and serve your knowledge content
- Generate search indexes for your content
- Display public content on bind.ly
- Send service-related communications (account verification, password reset)
- Analyze usage patterns to improve the Service
3. Data Storage and Security
Your data is stored on Cloudflare's global infrastructure:
- Metadata (titles, summaries, user info) is stored in Cloudflare D1 (distributed SQLite).
- Content (full Binding text) is stored in Cloudflare R2 (object storage).
- Search indexes are stored in Cloudflare Vectorize.
- Passwords are hashed using PBKDF2 with unique salts. We never store plaintext passwords.
- Sessions use JWT tokens with 15-minute expiry and 7-day refresh tokens.
4. Data Sharing
We do not sell your data to third parties. Your data is shared only in these cases:
- Public content: Content in public team or open Spaces is accessible to anyone and indexed by search engines.
- Temporary shares: Content shared via temporary links is accessible to anyone with the link.
- Service providers: Cloudflare (infrastructure), Resend (email delivery).
- Legal requirements: If required by law or to protect our rights.
5. Your Rights
- Access: View all your data through the app or API.
- Correction: Update your profile and content at any time.
- Deletion: Delete individual Bindings or your entire account.
- Export: Download your content via the API.
- Portability: All content is stored as markdown, a standard format.
6. Cookies
We use essential cookies for authentication (session JWT). We do not use tracking cookies or third-party analytics cookies.
7. MCP and LLM Access
When you connect an LLM via MCP, it accesses your Spaces using your authentication credentials. MCP connections use OAuth 2.0 or User Keys. We log MCP tool usage for analytics and rate limiting purposes.
8. Data Retention
Your data is retained as long as your account is active. When you delete a Binding, all its Versions are permanently removed. Account deletion removes all associated data.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date.
10. Contact
For privacy-related questions, contact us at support@bindly.app.