Legal

Privacy Policy

This policy explains what information Binder by Atty Labs collects, how we use it, who we share it with, and how we keep it safe. We wrote it in plain language because we think a privacy policy you can read in five minutes is more useful than one written for lawyers.

1. Who we are

Binder is a multi-tenant SaaS product built and operated by Atty Labs, LLC, a Tennessee limited liability company. References to "we," "us," "Atty Labs," or "Binder" mean Atty Labs, LLC. You can reach us any time at hello@binderlogs.com.

2. What this policy covers

It covers everything we collect through the binderlogs.com website, the app at app.binderlogs.com, and any email or form you send us. If your organization has signed a separate written agreement with us (typically an enterprise contract), that agreement controls where it differs from this policy.

3. What we collect

• Website visit data. Standard server logs (IP address, browser, page, timestamp) for site reliability and abuse prevention.
• Contact and waitlist forms. Your name, work email, organization, approximate number of sites, and any message you choose to send.
• Account data. When you sign up for Binder, we collect the account holder's name, work email, phone (optional), organization name, address, and the user accounts they invite.
• Product data. Inside Binder, your team creates operational quality logs (refrigerator temps, AED checks, oxygen tanks, cleaning rounds, controlled substance counts, accreditation evidence, etc.). These records, their signatures and timestamps, and any files your team uploads as evidence are the "product data" you store with us.
• Payment data. Card details and billing address are collected directly by Stripe, our payment processor. We never see or store your card number; we receive only a Stripe customer ID, the last four digits, the brand, and the billing email.
• Transactional and lifecycle email. We log delivery metadata (sent, accepted, bounced) for the emails we send so we can investigate delivery issues.

4. What we do NOT collect

Binder is designed to operate without Protected Health Information (PHI). The product captures operational evidence (was the fridge between 36 and 46 degrees this morning, was the AED checked) and never asks for patient identifiers, clinical notes, or records covered by HIPAA. Do not enter PHI into Binder.

Binder is not intended to receive, store, or process PHI unless we have separately entered into a Business Associate Agreement with you. If you believe PHI has been submitted to Binder, notify us promptly at hello@binderlogs.com so we can work with you on appropriate handling or deletion. We are happy to scope a BAA path with enterprise customers who need it.

5. How we use what we collect

• To run the product: store your logs, render your dashboards, send escalation alerts when readings are out of range, and email your team the 90-day customer cadence.
• To bill you for the subscription you signed up for, through Stripe.
• To respond to questions you send us through forms or by email.
• To investigate abuse, debug problems, and improve the product.
• To send launch updates if you joined the waitlist, with a one-click way to opt out of every message we send.

We do not sell personal information. We do not run advertising trackers on this site or inside the product. We do not share customer product data with third parties for their own marketing.

6. Who we share information with (our subprocessors)

We rely on a small set of vendors to operate Binder. Each one processes data on our behalf under their own commercial terms.

• Microsoft Azure (US regions): hosts the application, the database, and uploaded evidence files. Our data residency is the United States.
• Microsoft Azure Communication Services: delivers transactional and lifecycle email from noreply@mail.binderlogs.com.
• Stripe: processes subscription payments. Card data goes directly from your browser to Stripe.
• Cloudflare: provides DNS, CDN, and email routing for binderlogs.com.
• Formspree: receives marketing-site form submissions and forwards them to our team inbox.

If we add a new subprocessor that materially changes how we handle customer data, we will update this list and note the change in our next product email.

7. How we secure information

• Tenant isolation in the database. Binder enforces customer separation at the PostgreSQL row-level. Every query carries a tenant identifier; cross-tenant access is blocked at the database layer, not just in application code.
• Encryption. Data is encrypted in transit (TLS 1.2+) and at rest. Secrets and credentials live in Azure Key Vault.
• Access control. Inside your account, Binder enforces role-based scopes (frontline staff, site leader, regional leader, enterprise admin, auditor). Single sign-on is available for enterprise customers.
• Audit trail. Every consequential action inside Binder is recorded in an append-only audit log with timestamps.
• SOC 2. Binder is designed with SOC 2 Type II control principles in mind. We are not yet certified. We are happy to share our security overview, and a SOC 2 audit is on the near-term roadmap.

8. How long we keep information

• Active customers. We retain your product data for the life of your subscription so your audit trail is continuous.
• After cancellation. We retain your product data for 60 days after the subscription ends so you can return, restart, or request an export. After that period, we may delete or deidentify the data according to our retention practices, unless a longer retention period is required by law or agreed with you in writing.
• Contact-form and waitlist data. Retained until you ask us to delete it.
• Billing records. Retained for seven years to meet tax and accounting requirements.
• Server logs. Retained for 90 days, then rotated.

9. Your rights

You can ask us to access, correct, export, or delete the information we hold about you, including any product data your account has stored in Binder. Email hello@binderlogs.com from the address we have on file. We will respond within 30 days, faster if we can.

Some deletion requests may be limited where information is needed to maintain an audit trail, comply with law, prevent fraud, resolve a dispute, or fulfill a customer agreement. Where that applies, we will explain what we can remove, what we need to retain, and why.

If you are an account holder, you can also export standard log and report data directly from inside Binder in available export formats, such as CSV. Certain formatted reports, bulk PDFs, evidence packets, historical reconstructions, custom exports, and migration support may require a paid professional services engagement.

10. Cookies and analytics

binderlogs.com uses only the cookies and similar storage needed for the site and product to work (sign-in sessions, CSRF protection, Stripe Checkout). We do not run third-party advertising trackers and we do not sell behavioral data.

11. Children

Binder is a business tool for healthcare operators. It is not directed at children under 16, and we do not knowingly collect their information.

12. International users

Binder operates in the United States and stores customer data in US Azure regions. If you access the site or product from outside the US, understand that your information will be transferred to and processed in the United States.

13. Changes to this policy

We may update this policy as the product evolves. When we do, we will change the "Last updated" date below and, for material changes, send a note to the email addresses on file. The current version always lives at this URL.

14. How to contact us

Email us at hello@binderlogs.com. We use AI-assisted support to help answer routine questions quickly, but we do not want support to feel robotic. Messages that need judgment, account review, billing help, security review, or a real conversation are routed to the right person.

Last updated: May 23, 2026 (rev. 3) · Terms of Use · Security Overview