Privacy Policy

Last updated: March 31, 2026

This Privacy Policy explains how Bridgeway collects, uses, stores, and shares your information when you use our platform. By using Bridgeway, you agree to the practices described in this policy.

1. Who We Are

Bridgeway is a customer communication and relationship management platform operated as an Oklahoma limited liability company ("Bridgeway," "we," "us," or "our"). If you have questions about this Privacy Policy, you may contact us at support@bridgeway.app.

2. Information We Collect

We collect information in the following ways:

2.1 Information You Provide Directly

Account information: name, email address, phone number, company name, and password when you register or update your account.
Contact data: names, phone numbers, email addresses, and notes you add for your contacts within the platform.
Communication content: messages, conversation history, broadcast content, and files you create or upload through the Service.
Billing information: subscription tier selections and billing contact details. Full payment card data is handled directly by Stripe and is never stored on our servers.
Support communications: any information you provide when contacting us for help.

2.2 Information Collected Automatically

Usage data: pages visited, features used, actions taken, timestamps, and session duration.
Device and browser information: IP address, browser type and version, operating system, and referring URLs.
Cookies and session data: we use session cookies essential to the operation of the Service (authentication, CSRF protection). We do not use third-party advertising or tracking cookies.
Log data: server logs including IP addresses, request paths, and error information, retained for security and debugging purposes.

2.3 Information from Third-Party Services

Twilio: message delivery status, phone number metadata, and inbound message content routed through Twilio's platform.
Stripe: subscription status, payment event notifications (e.g., payment succeeded, failed), and customer identifiers. We do not receive full card numbers or banking credentials.
Anthropic/Claude: AI conversation inputs you submit are processed by Anthropic. Please review Anthropic's privacy policy for details on how they handle that data.

3. How We Use Your Information

We use the information we collect to:

Provide, operate, maintain, and improve the Service;
Authenticate users and manage account access and permissions;
Process and display messages, contacts, pipelines, and other content you create;
Facilitate SMS and other communications you initiate through the platform;
Process billing and manage your subscription;
Send transactional emails (password resets, billing receipts, escalation notifications) — we do not send unsolicited marketing emails;
Monitor for abuse, security incidents, and policy violations;
Comply with legal obligations and respond to lawful requests from authorities;
Diagnose technical issues and improve platform reliability.

4. How We Share Your Information

We do not sell, rent, or share your personal information with third parties for their own marketing or commercial purposes. We share information only in the following limited circumstances:

4.1 Service Providers
We share data with third-party vendors who process it on our behalf to deliver the Service, including:

Twilio, Inc. — for SMS and voice communication delivery;
Stripe, Inc. — for payment processing and subscription management;
Anthropic, PBC — for AI-assisted messaging features;
Microsoft Azure — for cloud hosting, database storage, and infrastructure.

Each provider is contractually obligated to protect your data and may only use it to perform services for us.

4.2 Legal Requirements
We may disclose your information if required to do so by law, court order, subpoena, or other governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Bridgeway, our users, or the public.

4.3 Business Transfers
If Bridgeway is involved in a merger, acquisition, asset sale, or bankruptcy proceeding, your information may be transferred as part of that transaction. We will notify affected users via email or a prominent notice on the Service prior to any such transfer.

4.4 With Your Consent
We may share your information for any other purpose with your explicit prior consent.

5. Data Retention

We retain your account information and content for as long as your account is active. If you cancel your account or your access is terminated, we may retain your data for up to 90 days before deletion to allow for account recovery and to fulfill legal or audit obligations. Anonymized or aggregated data may be retained indefinitely. Certain data (such as billing records and communication logs) may be retained longer as required by law.

6. Data Security

We implement commercially reasonable technical and organizational safeguards to protect your information. Sensitive data — including message content and account credentials — is encrypted before being stored. All data transmitted between your browser, our platform, and our service partners is protected in transit. Access to data within our systems is restricted to authorized personnel through role-based controls.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security and are not liable for unauthorized access resulting from circumstances beyond our reasonable control. You are responsible for maintaining the security of your account credentials.

7. Cookies

We use only essential cookies necessary to operate the Service — specifically, authentication session cookies and anti-forgery tokens. These cookies expire when your session ends or after 8 hours of inactivity. We do not use advertising, analytics, or tracking cookies from third parties. You may disable cookies in your browser settings, but doing so will prevent you from logging in or using the Service.

8. Your Contacts' Privacy

When you import or add contacts to the platform, you represent and warrant that you have the legal right to store and process their personal information and to contact them via the channels you use through the Service. You are the data controller for your contacts' information. We process that data solely on your behalf as a data processor. You are responsible for providing any required notices to your contacts and for honoring their privacy rights and opt-out requests.

9. SMS Opt-Outs

When a contact replies STOP (or any recognized opt-out keyword) to an SMS message sent through the Service, that contact is automatically flagged as opted out and will no longer receive messages through the platform. You must not attempt to circumvent this opt-out mechanism. Failure to honor opt-out requests may expose you to liability under the TCPA and applicable carrier regulations — we are not liable for any such claims.

10. Children's Privacy

The Service is intended for use by businesses and individuals who are at least 18 years of age. We do not knowingly collect personal information from anyone under the age of 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will delete that information promptly. If you believe we have inadvertently collected such information, please contact us at support@bridgeway.app.

11. California Privacy Rights (CCPA)

If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, request deletion of your personal information, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at support@bridgeway.app. We will respond to verifiable requests within 45 days as required by law.

12. International Users

The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States where our servers and service providers are located. By using the Service, you consent to this transfer. If you are located in the European Economic Area (EEA) or United Kingdom, please be aware that we do not currently offer a Data Processing Agreement (DPA) and recommend consulting with a privacy attorney before using the Service with personal data of EU/UK residents.

13. Links to Third-Party Sites

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of any third party. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and may notify you by email or via a notice within the Service. Your continued use of the Service after any changes take effect constitutes your acceptance of the revised policy. If you do not agree to the revised policy, you must stop using the Service.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us at:
Bridgeway
Email: support@bridgeway.app