Legal
Data Deletion
Last updated:
You can request deletion of your data from Bindlab at any time. Because Bindlab serves a regulated industry — commercial insurance distribution — some categories of data are subject to mandatory retention under federal and state law (Errors and Omissions, IRS, NAIC, state insurance department records, bordereaux). This page explains, in plain language, what we can delete, what we must retain, what we do with retained data to honor the spirit of your request, and how to submit a request.
1. What “data deletion” means at Bindlab
Most SaaS platforms can simply delete everything on request. Bindlab cannot, because we operate inside the insurance regulatory perimeter. When you ask us to delete your data we do three things:
- Hard delete categories of data that are not subject to mandatory retention.
- Anonymize categories of data that must be retained as a regulatory record but where your identifying details can be removed without breaking the record.
- Retain under restricted access categories of data that must be kept in original form to satisfy a specific regulatory or contractual obligation. Access to this data is limited to the people and systems that need it to satisfy that obligation.
The rest of this page tells you which categories fall into which bucket, so you can make an informed request.
2. What we can delete on request
The following data can be hard-deleted at your request, subject only to identity verification:
- Your account identity beyond what regulatory recordkeeping requires — optional phone number, profile picture, user preferences.
- Support conversations and tickets, including chatbot interactions through the Seven16 Group Support widget.
- Marketing contact data and email subscription preferences (we suppress the address so it cannot be re-contacted).
- Optional uploaded materials that are not part of a regulatory record (for example, internal notes, draft documents that were never submitted to a carrier).
- AI conversation history and per-entity AI memory that is not part of a logged AI operation underlying a regulated action.
- Device, browser, and IP logs older than the 2-year rolling audit window — these auto-purge anyway; on request we can purge sooner where doing so does not break an active security investigation.
3. What we must retain by law
The categories below are subject to mandatory retention under federal and state insurance law and tax law. We cannot delete them on request — but we can anonymize where the regulatory record permits and we restrict access in all cases.
3.1 Errors & Omissions records (7 years)
Workflow state transitions, AI operation telemetry, evidence documents, audit trails, and the activity log underlying any submission, quote, or policy you handled through Bindlab. These establish that an action was taken, by whom, when, and on what basis. Required for E&O defense. Retained 7 years after the associated tenant or policy becomes inactive.
3.2 Tax records (7 years)
Broker fee amounts, broker fee payment receipts, and related financial transaction records. Required for IRS recordkeeping. Retained 7 years.
3.3 Agency contract documents (10 years)
Executed agency contracts and contract amendments. Retained 10 years after termination to satisfy statute of limitations on potential contract disputes.
3.4 Producer licensing and appointment records (active + 7 years)
NPN, license details, state appointments, and the license-sync history with NIPR (when integrated). Required by NAIC and state insurance departments to demonstrate that any sales activity conducted through the platform was performed by a properly licensed and appointed producer.
3.5 Submission and policy records (active + 7 years)
Submission data marketed to carriers, accepted quotes, bound policies, certificates of insurance issued, and the documents underlying each. Required to reconstruct the policy of record for any insured, in support of E&O defense and carrier inquiry.
3.6 Bordereaux and carrier-mandated retention
Where a carrier program contractually requires retention of specific records (for example, premium bordereaux, loss bordereaux, claims data on delegated authority programs), those records are retained for the carrier-mandated period.
3.7 Surplus lines filings
State surplus-lines filing records, stamping documentation, and premium tax records. Retention periods vary by state, typically 5 to 7 years.
3.8 Compliance evidence documents
W-9 forms, E&O policies, license copies, and other compliance evidence uploaded to satisfy a compliance regime. Retained while the tenant is active plus 7 years for audit and SOC 2 purposes.
4. How anonymization works
For categories where the regulatory record permits anonymization without breaking the record, we replace identifying fields with irreversibly-de-identified placeholders. The audit trail continues to reflect that an event occurred at a specific time with a specific outcome, but the personal-identifier surface is removed.
Anonymization is one-way: once your record is anonymized, it cannot be re-linked to you. Some regulatory frameworks may require us to keep an internal cross-reference for a defined period in case the regulator inquires; that cross-reference is isolated, access-restricted, and disposed of when the regulatory period ends.
5. How to request deletion
Email privacy@bindlab.io with:
- The account email associated with your Bindlab access;
- The tenant workspace (agency) the request relates to, if applicable;
- The scope of your request — for example: “delete my user profile,” “delete my agency's data subject to the retention exceptions you publish,” “delete my support conversation history,” or “delete a specific document I uploaded that should never have been shared”;
- Any context that helps us scope the request accurately (for example, “I left the agency and want my personal identifying data anonymized”).
A self-service deletion flow inside the application is on our roadmap. Until that ships, email is the request channel.
6. Identity verification and timeline
We will verify your identity before acting on a deletion request, using information we already hold (typically: confirming control of the account email plus one additional confirmation step appropriate to the scope of the request). We will complete the request within 30 days of verification, or tell you why we need more time and when to expect completion.
You may also designate an authorized agent to make a request on your behalf, subject to verification of the agent's authority.
7. What happens after we process the request
You will receive a written confirmation summarizing:
- What was hard-deleted;
- What was anonymized, and what categories the anonymization covered;
- What was retained under restricted access, the specific regulatory basis for the retention, and the date the retention period ends;
- The effective date of the deletion action.
Deletion is permanent. Hard-deleted data is not recoverable from backups beyond the standard backup-rotation window, after which it is unreachable.
8. Related privacy rights
Deletion is one of several rights you have under our Privacy Policy. You also have the right to access, correct, and export your data. If you want a copy of your data before deleting it, request access first; we will provide your data in a portable, machine-readable format within the same 30-day window.
California residents have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Residents of other states with comprehensive privacy laws have parallel rights under their respective statutes. See the “Your rights” section of the Privacy Policy for the full list.
9. Contact
For deletion requests and all other privacy questions: privacy@bindlab.io.
For security concerns: security@bindlab.io.