Legal Documents

1.1 Information You Provide Directly. We collect your name, email address, and other registration information. We also collect all Project Data you input into the Service, including construction phases, financial figures, draw requests, lien waivers, inspection records, photographs, documents, and contractor information. We collect the content of messages, notes, and communications submitted through the Service. Payment information is collected and processed by our third-party payment processor — we do not store full payment credentials.

1.2 Information Collected Automatically. We automatically collect usage data (pages visited, features used, actions taken, timestamps), audit log data (bank portal access events including IP address and user agent, draw submissions, approvals, rejections), device and technical data (IP address, browser type, operating system), and session cookies to maintain your authenticated session. We do not use persistent tracking cookies for advertising.

1.3 Information from Third Parties. We may receive information from OAuth authentication providers you use to sign in. We use this information only to provide the Service.

We use your information to provide and maintain the Service, process your requests, and store your Project Data. We use your email to send service-related communications and, where you have opted in, product updates. We use technical data and IP addresses to detect and prevent unauthorized access, abuse, and fraud. We may use or disclose your information as required by applicable law, court order, or legal process. We use aggregated, de-identified usage data to improve the Service.

We do not sell your personal information to third parties. We share information with trusted service providers who perform services on our behalf (cloud hosting, storage, payment processing), subject to confidentiality obligations. When you generate a bank portal link and share it with a lender or reviewer, that person will have read-only access to your Project Data — you are responsible for managing who receives your link. In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We may disclose information as required by law or to protect the rights, property, or safety of the Company or others.

We retain your personal information and Project Data for as long as your Account is active. Following Account termination, we retain data for up to 90 days to allow for Account recovery, after which we delete or anonymize it unless required to retain it longer by law. Audit log data may be retained longer as required by applicable law or to protect the Company's legal interests. De-identified, aggregated data may be retained indefinitely.

We implement industry-standard technical and organizational measures including encrypted data transmission (TLS/HTTPS), secure cloud storage with access controls, session-based authentication, rate limiting, and audit logging of sensitive operations.

You may access and update your Account information at any time through the Service settings. You may export your Project Data through the Service's export features, including the Audit Log CSV export. You may request deletion of your Account and associated personal information by contacting us — we will process deletion requests within 30 days, subject to legal requirements. You may opt out of marketing emails at any time; you cannot opt out of service-related communications while your Account is active.

If you are a California resident, you have the right to know what personal information we collect, use, disclose, and sell; the right to delete personal information we hold about you (subject to exceptions); the right to correct inaccurate personal information; the right to opt out of the sale or sharing of personal information (we do not sell personal information); the right to non-discrimination for exercising your rights; and the right to limit the use of sensitive personal information. To exercise these rights, please contact us at [email protected].

Nevada residents have the right to opt out of the sale of certain covered information. We do not sell covered information as defined under Nevada law.

The Service is operated in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have additional rights under GDPR, including rights of access, rectification, erasure, restriction, portability, and objection. The legal basis for our processing is primarily performance of a contract (Article 6(1)(b) GDPR) and our legitimate interests (Article 6(1)(f) GDPR).

The Service is not directed to children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware of such collection, we will delete that information promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date and, where practicable, by email notification. Your continued use of the Service after any modification constitutes your acceptance of the revised Policy.

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

DrawBridge
Email: [email protected]

We will respond to all privacy-related inquiries within 30 days.

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, THE COMPANY'S LIABILITY FOR ANY PRIVACY-RELATED CLAIMS, INCLUDING CLAIMS ARISING FROM DATA BREACHES, UNAUTHORIZED DISCLOSURE, OR FAILURE TO COMPLY WITH THIS POLICY, SHALL BE LIMITED AS SET FORTH IN THE LIMITATION OF LIABILITY SECTION OF THE TERMS OF SERVICE. THE COMPANY SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM ANY PRIVACY-RELATED CLAIM.