← Back to BDS Content Server

Privacy Policy

Last updated: July 16, 2026 · Effective: July 16, 2026

BDS Content Server is a product of CITROOT LLC, a California limited liability company ("BDS", "we", "us", "our"). This Privacy Policy explains what information we collect, how we use and protect it, and the choices you have.

What this Policy covers — and what it does not

This Policy applies to our customer-facing services: the website www.bdscont.com, the customer portal at app-test.bdscont.com, and the accompanying licensing, subscription, and billing API (together, the "Service").

It does not cover the documents and archived content held inside a BDS Content Server instance that you deploy and operate in your own cloud environment. That content stays within your infrastructure and your storage buckets — we do not receive, host, read, index, or process it. For that data you are the controller and your own cloud provider is your processor; this Policy governs only the account, licensing, and billing relationship between you and CITROOT LLC.

1. Who we are and how to contact us

CITROOT LLC, 2108 N St, Ste N, Sacramento, CA 95816, USA. Privacy enquiries: privacy@bdscont.com. Support: support@bdscont.com. Sales: sales@bdscont.com.

2. Information we collect

Information you provide

Information from federated sign-in (only if you choose it)

If you sign in with Google or Apple, we verify the identity token those providers issue and receive your basic account information — your email address and basic profile — solely to identify your BDS account. We request no other scopes, and we do not access any other data in your Google or Apple account.

Information from your BDS Content Server deployment

Where your deployment reports usage to us for licensing and metered billing, it sends aggregate counters only: the identifier of the metered resource, a quantity, a timestamp, and an optional note. It does not transmit your documents, document identifiers, file names, or content of any kind.

Information collected automatically

We use no third-party advertising trackers and no analytics services of any kind.

3. How we use information

We do not use your information for advertising, profiling, or automated decision-making, and we do not sell it.

4. Legal bases for processing (EEA, UK, and Switzerland)

5. How we share information

We never sell your personal information. We share it only with service providers that process data on our behalf under contract, and only as needed to run the Service:

We may also disclose information for legal and safety reasons where required by law or to protect rights and safety, and in connection with a merger, acquisition, or asset sale, subject to this Policy.

6. Email we send

We send only transactional account email: registration and email-verification confirmations, and password-reset confirmations. These are part of the Service and are necessary to operate your account. We do not send marketing or promotional email, and we do not share your address for third-party marketing.

7. SMS/Text messaging

If you choose to provide a mobile number, the only text messages we send are one-time account-verification codes. We do not send marketing or promotional texts. Providing a mobile number is optional and is never a condition of purchase or use of the Service. Full detail, including the opt-in language and how to stop messages, is on our SMS Opt-In & Consent page.

We will not share your opt-in to an SMS campaign with any third party for purposes unrelated to providing you with the services of that campaign. We may share your Personal Data, including your SMS opt-in or consent status, with third parties that help us provide our messaging services, including but not limited to platform providers, phone companies, and any other vendors who assist us in the delivery of text messages.

All of the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Your phone number and opt-in data will not be shared or sold to third parties or affiliates for marketing, lead generation, or third-party analytics purposes.

8. Security

No method of transmission or storage is perfectly secure, but we work to protect your information and limit access to it.

9. Where we process your data

We operate in the United States, and all Service data is processed and stored in Google Cloud's us-west1 region. We do not currently offer an EU or other regional hosting option for the portal.

If you access the Service from the EEA, the United Kingdom, or Switzerland, your personal data is transferred to and processed in the United States. Where such a transfer requires a safeguard, we rely on the European Commission's Standard Contractual Clauses. To request our data processing agreement, contact privacy@bdscont.com.

This applies to your portal account and billing data only. Documents inside your own BDS Content Server deployment never leave the cloud region you choose — if you require EU data residency for archived content, you control that entirely through where you deploy.

10. Data retention and deletion

11. Your rights and choices

12. Cookies

We use only strictly necessary cookies: your authenticated session, a CSRF-protection token, and — if you ask us to remember a device for two-factor authentication — a trusted-device cookie, which is HttpOnly and contains no personal data. We set no advertising, analytics, or tracking cookies, so we do not show a consent banner for them.

13. Children

The Service is for businesses and is not directed to children under 13, and we do not knowingly collect their data.

14. Changes to this Policy

We may update this Policy. Material changes will be reflected by the "Last updated" date and, where appropriate, by additional notice to you. Continued use after changes means you accept the updated Policy.

15. Contact

CITROOT LLC (BDS Content Server) · 2108 N St, Ste N, Sacramento, CA 95816, USA · privacy@bdscont.com