Privacy Policy
This Privacy Policy explains how Atlas IP Holdings LLC (“Atlas”, “we”, “us”, “our”) collects, uses, discloses, and protects personal data in connection with the BRidge platform, software, APIs, and websites (collectively, “BRidge”). It forms part of our Terms and EULA.
Summary: We process personal data to provide and secure BRidge, fulfill contracts, comply with law, and improve functionality. We use subprocessors under contract; we do not sell personal data and do not share it for cross-context behavioral advertising. Users have rights described below (GDPR/UK/CCPA and other state laws).
Table of Contents
1.Scope & Roles
We act as a controller for website, account, and billing data, and generally as a processor for Customer personal data ingested into BRidge by our customers (e.g., counterparties, drivers on BOLs). Where we are a processor, a Data Processing Addendum (“DPA”) governs and prevails.
2.Data We Collect
- Account & Profile: name, email, role/entitlements, company, phone.
- Transactional: contract fields, BOL metadata (e.g., driver name/signature timestamps), inventory events, indices usage, audit logs.
- Technical: IP, device/browser info, session identifiers, request IDs, telemetry (Prometheus/Sentry), security signals (rate-limit hits, auth outcomes).
- Billing: plan, invoices, payment confirmations (via processor).
- Support/Comms: tickets, emails, meeting notes.
- Cookies/Similar: session, CSRF, analytics, preference cookies (see §10).
- Sensitive data (CPRA): We do not use sensitive personal information for inferring characteristics or for cross-context behavioral advertising.
3.How We Use Data
- Provide, operate, and support BRidge features (contracts, BOL PDFs, exports, indices, trading functions).
- Secure and monitor the service (audit chain hashing, anomaly detection, fraud/abuse prevention).
- Comply with legal obligations and enforce agreements.
- Improve functionality, quality, and performance (aggregated analytics, benchmarking).
- Communicate notices, updates, and support messages.
4.Automated Processing & Profiling
BRidge may apply automated scoring/anomaly detection to flag security or fraud risks. These processes do not produce legal effects or similarly significant effects about individuals without human review. You may request human review of a decision by contacting us (see §13).
5.Legal Bases (GDPR/UK GDPR)
- Contract – to deliver BRidge to your organization.
- Legitimate interests – security, product improvement, fraud prevention, aggregated analytics (balanced against data subject rights).
- Legal obligation – tax, accounting, regulatory inquiries.
- Consent – where required for certain cookies/marketing (withdraw anytime).
6.Sharing & Subprocessors
We do not sell personal data. We share with:
- Subprocessors: cloud hosting, storage, observability/monitoring, email, PDF generation, backup, security—bound by confidentiality and data protection terms.
- Integrations you enable: e.g., ICE Digital Trade, storage providers, analytics—subject to their terms.
- Authorities/Legal: when required by law or to protect rights, safety, and system integrity.
- Corporate events: M&A/financing/asset transfer with continued protections.
A current list of core subprocessors is available at /legal/subprocessors (or upon request) and may be updated. We will provide reasonable advance notice of material changes where required.
7.International Transfers
We may transfer personal data across borders (including to the United States). For EEA/UK transfers, we rely on Standard Contractual Clauses (SCCs) and the UK IDTA/Addendum and conduct transfer risk assessments (TRA/TIA) with supplementary measures as needed. Details are provided in the DPA.
8.Security & Retention
- Security: session & host protections, rate limiting, security headers, structured logging, audit chain, role-based entitlements, encryption in transit, and defense-in-depth vendor controls.
- Incident response: We notify customers of security incidents affecting their data without undue delay after becoming aware, via admin email or in-product notice. Security contact: info@atlasipholdingsllc.com.
- Retention: We retain personal data as long as necessary to provide BRidge and meet legal obligations. Operational logs have rolling TTLs; backups follow DR objectives (see
/admin/dr/objectives in-product).
Typical windows: account/billing records: 7 years; security/audit logs: 90–365 days; support tickets: up to 3 years. On verified deletion, we delete or de-identify unless retention is legally required.
9.Your Privacy Rights
- GDPR/UK GDPR: access, rectification, erasure, restriction, portability, objection, complaint to a supervisory authority. Where we process as processor, contact your organization’s admin; we’ll support requests as processor.
- CCPA/CPRA (California) & other US state laws (VA/CO/CT/UT et al.): right to know/access, delete, correct, and opt-out of “sale”/“sharing.” We do not sell or share personal information for cross-context ads. We honor recognized opt-out preference signals (e.g., GPC) where required.
9.1 Exercising Your Rights & Appeals
Email info@atlasipholdingsllc.com with your request, jurisdiction, and verification info (account email/org). If we deny a request (e.g., cannot verify identity or legal exception applies), you may submit an appeal by replying to our decision notice; we will respond within applicable statutory timelines.
Do Not Sell or Share My Personal Information: We do not sell or share for cross-context behavioral advertising. You can manage preferences at
/privacy/choices (if available) or by contacting us.
10.Cookies, Consent & Signals
We use essential cookies (authentication/session, CSRF), functional cookies (preferences), and limited analytics/telemetry. Where required, we present consent controls and honor your choices. See our Cookie Notice for details.
We honor applicable opt-out preference signals (e.g., Global Privacy Control) for relevant jurisdictions and do not respond to legacy “Do Not Track” headers.
Marketing: Service emails are transactional; marketing emails are optional and include unsubscribe links.
11.Children’s Privacy
BRidge is for business use only and not directed to children under 16 (or under 13 under COPPA). We do not knowingly collect such data. If you believe we have, contact us for deletion.
12.Changes & Versioning
We may update this Policy. Material changes will be posted here and effective upon posting or as otherwise stated. Continued use of BRidge indicates acceptance.
Version: 1.1 • Last Updated: October 6, 2025 • Change log
Change log
- v1.1 – Added automated processing clarifications, incident notice language, GPC recognition, and sensitive data statement.
- v1.0 – Initial publication.
Atlas IP Holdings LLC — Privacy
info@atlasipholdingsllc.com
EU/UK Representative (if applicable): details provided in DPA or upon request.
Data Protection Officer (if appointed): contact via the privacy email above.