Privacy Policy

Last updated: 2026-06-26

This Privacy Policy explains how BondWatch ("we", "us") collects, uses, shares and protects personal data, and the rights you have. It is designed to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA/CPRA). It also describes our handling of third-party data for the purposes of Google API/OAuth and advertising-platform review, even where those integrations are not currently enabled.

1. Data controller & contact

BondWatch is operated by 9GG LLC. The data controller is 9GG LLC, 30 N Gould St, Ste R, Sheridan, WY 82801, USA. For any privacy request, or to reach our Data Protection Officer / privacy contact, email support@9gg.app.

2. Personal data we collect

Account data: email address, hashed password, plan, account and organization identifiers, verification status, timestamps.
Compliance data you enter: names of license/bond/insurance/certification holders, identifiers, jurisdictions, issue and expiry dates, renewal URLs and notes. This may include personal data about your staff (e.g. a technician's certification).
Billing data: processed by Stripe; we store a customer/subscription identifier and plan status, not full card numbers.
Communications: emails you send us and renewal notices you dispatch through the Service.
Technical data: essential session cookie, IP address, browser/device information, and server logs needed to operate and secure the Service.

3. Lawful bases for processing (GDPR/UK-GDPR)

Contract (Art. 6(1)(b)) — to create your account and provide the Service.
Legitimate interests (Art. 6(1)(f)) — to secure, maintain and improve the Service, and prevent abuse, balanced against your rights.
Consent (Art. 6(1)(a)) — for non-essential cookies and any optional marketing; you may withdraw consent at any time.
Legal obligation (Art. 6(1)(c)) — to meet legal, tax and accounting requirements.

4. How we use data

To provide the monitoring, drafting and dispatch features; to authenticate you; to take payment; to send transactional and renewal emails; to provide support; to secure and improve the Service; and to comply with law. We do not use the contents of your compliance data to train our own models, and we do not sell personal data.

5. Sub-processors & third-party recipients

We share personal data with the following processors, each under a data-processing agreement, only as needed to provide the Service:

Processor	Purpose	Data shared
Stripe	Subscription payments & billing	Email, billing identifiers
Resend	Transactional & renewal email delivery	Recipient email, message content
DeepSeek / Anthropic	AI drafting of renewal-action notices	Item metadata used to draft a notice
Hosting provider	Application & data hosting	All data, at rest on our servers

If we later enable Google sign-in/OAuth or advertising, any Google user data would be used only to provide the requested feature, never sold, and handled per Google's API Services User Data Policy (including Limited Use). This policy will be updated before such integrations go live.

6. International transfers

Our processors may store or process data in the United States and other countries. Where data is transferred outside the EEA/UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum) or an adequacy decision.

7. Data retention

We keep account and compliance data for as long as your account is active. After account closure we delete or anonymize personal data within 90 days, except where we must retain limited records (e.g. invoices) to meet legal obligations. Server and security logs are kept for a limited period and then rotated.

8. Your rights

GDPR / UK-GDPR

Access a copy of your personal data
Rectification of inaccurate data
Erasure ("right to be forgotten")
Restriction of, or objection to, processing
Data portability (a machine-readable export)
Withdraw consent at any time, and lodge a complaint with your supervisory authority

California (CCPA/CPRA)

Know what personal information we collect and how it is used and shared
Delete and correct your personal information
Opt out of "sale" or "sharing" — we do not sell or share personal information as defined by the CCPA
Non-discrimination for exercising your rights

To exercise any right, email support@9gg.app. We will verify your identity and respond within the time required by law.

9. Cookies

We use a strictly-necessary session cookie to keep you logged in, and — only with your consent — optional cookies. See our Cookie Policy and manage choices via the consent banner.

10. Security

Passwords are hashed with a memory-hard algorithm (scrypt) and per-user salts; sessions are signed and time-limited; cookies are HttpOnly, Secure and SameSite. We apply access controls and scope each customer's data to their own workspace. No method of transmission or storage is 100% secure.

11. Children

The Service is for businesses and is not directed to children under 16. We do not knowingly collect their data.

12. Changes

We may update this policy; material changes will be notified by email or in-product, and the "Last updated" date will change.

Contact / Do Not Sell: BondWatch, 9GG LLC, 30 N Gould St, Ste R, Sheridan, WY 82801, USA · support@9gg.app

Terms Privacy Cookies Disclaimer