Privacy Policy
Last updated: July 16, 2026 · Effective: July 16, 2026
BDS Content Server is a product of CITROOT LLC, a California limited liability company ("BDS", "we", "us", "our"). This Privacy Policy explains what information we collect, how we use and protect it, and the choices you have.
What this Policy covers — and what it does not
This Policy applies to our customer-facing services: the website www.bdscont.com, the customer portal at app-test.bdscont.com, and the accompanying licensing, subscription, and billing API (together, the "Service").
It does not cover the documents and archived content held inside a BDS Content Server instance that you deploy and operate in your own cloud environment. That content stays within your infrastructure and your storage buckets — we do not receive, host, read, index, or process it. For that data you are the controller and your own cloud provider is your processor; this Policy governs only the account, licensing, and billing relationship between you and CITROOT LLC.
1. Who we are and how to contact us
CITROOT LLC, 2108 N St, Ste N, Sacramento, CA 95816, USA. Privacy enquiries: privacy@bdscont.com. Support: support@bdscont.com. Sales: sales@bdscont.com.
2. Information we collect
Information you provide
- Account data — first and last name, username, email address, locale, and your password (stored only as a bcrypt hash, never in readable form).
- Mobile number — optional, used only for account-verification codes if you choose to provide one. See section 7.
- Organization data — your business partner record: company name, and the addresses, cities, states, countries, postal codes, and phone numbers you enter for billing and contact.
- Billing data — handled by our payment processors (Stripe and LemonSqueezy). We store a customer reference token and a subscription identifier. We never store your card number.
- Support communications — messages you send us.
Information from federated sign-in (only if you choose it)
If you sign in with Google or Apple, we verify the identity token those providers issue and receive your basic account information — your email address and basic profile — solely to identify your BDS account. We request no other scopes, and we do not access any other data in your Google or Apple account.
Information from your BDS Content Server deployment
Where your deployment reports usage to us for licensing and metered billing, it sends aggregate counters only: the identifier of the metered resource, a quantity, a timestamp, and an optional note. It does not transmit your documents, document identifiers, file names, or content of any kind.
Information collected automatically
- Security and audit logs — IP address, browser user agent, and timestamps of sign-in attempts, recorded to detect abuse and to protect your account.
- Consent records — when you give or withdraw a consent, we record the decision, its type, a timestamp, and the IP address and user agent it came from, so we can demonstrate the consent later.
- Billing provider records — the notifications our payment processors send us about your subscription. These records may contain your name, email address, and billing address as held by that processor. See section 10 on retention.
We use no third-party advertising trackers and no analytics services of any kind.
3. How we use information
- To create and maintain your account and your organization's portal access.
- To issue, renew, expire, and revoke the license keys that authorize your BDS Content Server deployments.
- To operate subscriptions, enforce plan quotas, and bill metered usage.
- To secure the Service — rate limiting, lockout after failed sign-ins, and abuse investigation.
- To send you service email (see section 6) and, if you opt in, verification codes by SMS (see section 7).
- To provide support and to comply with our legal and tax obligations.
We do not use your information for advertising, profiling, or automated decision-making, and we do not sell it.
4. Legal bases for processing (EEA, UK, and Switzerland)
- Contractual necessity — to provide the account, licensing, and billing you signed up for.
- Legitimate interests — to secure the Service, prevent abuse, and keep audit records.
- Consent — for optional processing such as SMS verification codes, which you may withdraw at any time.
- Legal obligation — to meet tax, accounting, and lawful-request requirements.
5. How we share information
We never sell your personal information. We share it only with service providers that process data on our behalf under contract, and only as needed to run the Service:
- Google Cloud Platform — hosting, compute, and database infrastructure (region
us-west1, United States), together with Google Secret Manager for credential storage. - Firebase Hosting (Google) — serving this website and the portal's static assets.
- Stripe and LemonSqueezy — payment processing, checkout, and subscription management.
- Our email provider — delivering the service email described in section 6.
- Google and Apple — only to verify your identity token if you use federated sign-in.
We may also disclose information for legal and safety reasons where required by law or to protect rights and safety, and in connection with a merger, acquisition, or asset sale, subject to this Policy.
6. Email we send
We send only transactional account email: registration and email-verification confirmations, and password-reset confirmations. These are part of the Service and are necessary to operate your account. We do not send marketing or promotional email, and we do not share your address for third-party marketing.
7. SMS/Text messaging
If you choose to provide a mobile number, the only text messages we send are one-time account-verification codes. We do not send marketing or promotional texts. Providing a mobile number is optional and is never a condition of purchase or use of the Service. Full detail, including the opt-in language and how to stop messages, is on our SMS Opt-In & Consent page.
We will not share your opt-in to an SMS campaign with any third party for purposes unrelated to providing you with the services of that campaign. We may share your Personal Data, including your SMS opt-in or consent status, with third parties that help us provide our messaging services, including but not limited to platform providers, phone companies, and any other vendors who assist us in the delivery of text messages.
All of the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Your phone number and opt-in data will not be shared or sold to third parties or affiliates for marketing, lead generation, or third-party analytics purposes.
8. Security
- Traffic to the Service is protected in transit with TLS.
- Passwords are stored as bcrypt hashes. API keys and refresh tokens are stored only as SHA-256 hashes — we cannot recover the original value.
- Data at rest is protected by Google Cloud's default encryption for its database and storage services.
- Two-factor authentication is available on your account using time-based one-time passwords (TOTP) from an authenticator app.
- Access to production systems is limited to personnel who need it.
No method of transmission or storage is perfectly secure, but we work to protect your information and limit access to it.
9. Where we process your data
We operate in the United States, and all Service data is processed and stored in Google Cloud's us-west1 region. We do not currently offer an EU or other regional hosting option for the portal.
If you access the Service from the EEA, the United Kingdom, or Switzerland, your personal data is transferred to and processed in the United States. Where such a transfer requires a safeguard, we rely on the European Commission's Standard Contractual Clauses. To request our data processing agreement, contact privacy@bdscont.com.
This applies to your portal account and billing data only. Documents inside your own BDS Content Server deployment never leave the cloud region you choose — if you require EU data residency for archived content, you control that entirely through where you deploy.
10. Data retention and deletion
- We keep account, organization, and licensing data while your account is active and as needed to provide the Service.
- Billing and payment records are retained as required by tax and accounting law, typically seven years.
- Sign-in audit history and consent records are retained for security and compliance purposes.
- Encrypted database backups are retained for 30 days and then rotated out.
- You can delete your account from the portal, or request deletion at any time by emailing privacy@bdscont.com. We will delete your personal data within 30 days, except where retention is required by law.
11. Your rights and choices
- Access, correct, delete, or export your data — from the portal, or by contacting privacy@bdscont.com. We respond within 30 days.
- EEA/UK/Swiss residents additionally have the right to restrict or object to processing, to withdraw consent at any time without affecting prior processing, and to lodge a complaint with your supervisory authority.
- California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and to opt out of "sale"/"sharing" — we do neither. We do not discriminate against you for exercising these rights.
- Withdraw SMS consent at any time by replying STOP, or by removing your mobile number from your profile.
12. Cookies
We use only strictly necessary cookies: your authenticated session, a CSRF-protection token, and — if you ask us to remember a device for two-factor authentication — a trusted-device cookie, which is HttpOnly and contains no personal data. We set no advertising, analytics, or tracking cookies, so we do not show a consent banner for them.
13. Children
The Service is for businesses and is not directed to children under 13, and we do not knowingly collect their data.
14. Changes to this Policy
We may update this Policy. Material changes will be reflected by the "Last updated" date and, where appropriate, by additional notice to you. Continued use after changes means you accept the updated Policy.
15. Contact
CITROOT LLC (BDS Content Server) · 2108 N St, Ste N, Sacramento, CA 95816, USA · privacy@bdscont.com