Privacy Policy

Last updated: May 09, 2026

This Privacy Policy describes how BrainFog Solutions LLC (“Company,” “we,” “us,” or “our”), operating as Crossbeam Cloud, collects, uses, discloses, and protects your information when you use our website, applications, and services (collectively, the “Service”). By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Definitions

  • Account — a unique account created for you to access the Service.
  • Organization — the company, firm, or legal entity on whose behalf you use the Service.
  • General Contractor (“GC”) — an Organization that subscribes to a paid plan to manage subcontractor compliance.
  • Subcontractor — a user or Organization that creates a free account to submit compliance documents to one or more GCs.
  • Personal Data — any information that relates to an identified or identifiable individual.
  • Usage Data — data collected automatically from use of the Service (e.g., page views, feature interactions, device information).
  • Documents — files uploaded to the Service, including but not limited to Certificates of Insurance (COIs), W9 forms, bonds, endorsements, waivers, and subcontract agreements.

2. Information We Collect

2.1 Information You Provide

  • Account information — name, email address, phone number, job title, and role within your Organization.
  • Organization information — company name, address, industry classification, and team member details.
  • Documents — COIs, W9 forms, bonds, endorsements, waivers, and other compliance-related files you upload.
  • Payment information — billing address and payment method details (processed and stored by our payment processor; we do not store full credit card numbers).
  • Communications — messages you send to us via email, contact forms, or in-app support channels.
  • Procore integration data — project names, subcontractor lists, and related construction data you authorize us to import from your Procore account.

2.2 Information Extracted from Documents

When you upload Documents, our AI-powered extraction technology processes them to identify and extract:

  • Insured party details (name, address)
  • Insurance carrier names and NAIC codes
  • Policy numbers, effective dates, and expiration dates
  • Coverage types and limits (general liability, auto liability, umbrella, workers’ compensation)
  • Endorsement codes and descriptions
  • Certificate holder information
  • Producer/broker contact information (name, email, phone, address)
  • Tax classification, employer identification numbers (EIN), and taxpayer identification presence (for W9 forms)

This extracted data is used to automate compliance verification and is stored within your Account.

2.3 Information Collected Automatically

  • Usage Data — IP address, browser type and version, operating system, pages visited, time and date of visits, time spent on pages, unique device identifiers, and referring URLs.
  • Analytics data — feature usage patterns, compliance event counts, and interaction data collected through our analytics provider.
  • Cookies and similar technologies — we use essential cookies for authentication and session management. See Section 7 for details.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service — process Documents, run compliance checks, generate reports, and deliver notifications.
  • Manage your Account — authenticate your identity, manage Organization membership, and enforce role-based access controls.
  • Process payments — manage subscriptions, process billing, issue invoices, and track usage for seat-based billing.
  • Send communications — deliver compliance alerts, renewal reminders, expiration warnings, and COI requests to insurance agents on your behalf.
  • Facilitate integrations — sync data between the Service and third-party platforms you connect (e.g., Procore).
  • Scan for security threats — scan uploaded Documents for malware before processing.
  • Improve the Service — analyze usage patterns, identify trends, troubleshoot issues, and develop new features.
  • Comply with legal obligations — retain records as required by applicable law, respond to legal process, and enforce our Terms of Service.

4. How We Share Your Information

4.1 With Third-Party Service Providers

We share information with the following categories of service providers that process data on our behalf:

  • Authentication and identity providers — name, email, password (hashed), and Organization associations to manage sign-in and access controls.
  • Payment processors (Stripe) — billing address, payment method, transaction history, and subscription details. We do not store full credit card numbers; all payment data is handled by Stripe in accordance with PCI-DSS standards.
  • Cloud infrastructure and AI providers (Google Cloud Platform) — Documents, extracted data, and application data are stored and processed on Google Cloud infrastructure located in the United States.
  • Email delivery providers — email addresses and email content for transactional messages such as compliance alerts, renewal reminders, and COI requests.
  • Electronic signature providers — signer identity, email, document content, and signature records for waiver and agreement workflows.
  • Email verification providers — email addresses to validate deliverability before outreach.
  • Analytics providers — anonymized usage data and feature interaction events to help us understand how the Service is used and to improve it.
  • Error monitoring providers — technical error data and device/browser information to diagnose and fix issues.
  • Notification providers — user identifiers and notification content for in-app alerts.

4.2 With Other Users of the Service

  • GC-to-Subcontractor sharing — when a Subcontractor submits Documents to a GC, that GC can view the Subcontractor’s compliance status, uploaded Documents, and extracted coverage data for their shared projects.
  • Multi-GC visibility — Subcontractors can see which GCs have requested documents and their compliance status with each. GCs cannot see a Subcontractor’s relationships with other GCs.
  • Automated outreach — when a GC uses our compliance outreach features, emails are sent to insurance agents and brokers using contact information extracted from the Subcontractor’s Documents, on behalf of the GC.

We may disclose your information if required to:

  • Comply with a legal obligation, court order, or government request.
  • Protect and defend our rights or property.
  • Prevent or investigate potential wrongdoing or security incidents.
  • Protect the personal safety of users or the public.

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your Personal Data becomes subject to a different privacy policy.

5. Data Storage and Security

5.1 Infrastructure

Your data is stored on Google Cloud Platform infrastructure located in the United States. Documents are stored in Google Cloud Storage with encryption at rest using FIPS 140-2 validated cryptography.

5.2 Security Measures

We implement commercially reasonable security measures including:

  • Encryption at rest and in transit (TLS 1.2+)
  • Role-based access controls
  • Audit logging of compliance state changes
  • Malware scanning of all uploaded Documents
  • Secure credential storage with encryption

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

  • Account and Organization data — retained for as long as your Account is active and for a reasonable period thereafter to facilitate re-onboarding. Data is deleted upon written request.
  • Documents and extracted data — retained for as long as your Account is active. Documents are not automatically deleted upon Account cancellation to preserve compliance audit trails and facilitate future re-onboarding.
  • Usage and analytics data — retained in aggregated or anonymized form for internal analysis.
  • Payment records — retained as required by applicable tax and financial regulations.
  • Audit logs — retained indefinitely to support compliance defense and regulatory requirements.

To request deletion of your data, contact us at privacy@crossbeamcloud.com.

7. Cookies and Tracking Technologies

7.1 Essential Cookies

We use essential cookies for authentication and session management. These cookies are necessary for the Service to function and cannot be disabled.

7.2 Analytics

We use third-party analytics tools to understand feature usage and improve the Service. You may opt out of analytics tracking through your browser settings or by contacting us.

7.3 Third-Party Cookies

Our third-party service providers (such as authentication and payment processors) may set their own cookies as necessary to provide their services. Please refer to their respective privacy policies for details.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your Personal Data:

8.1 All Users

  • Access — request a copy of the Personal Data we hold about you.
  • Correction — request correction of inaccurate or incomplete data.
  • Deletion — request deletion of your Personal Data (subject to legal retention requirements).
  • Data portability — request your data in a structured, machine-readable format.
  • Opt out of marketing — unsubscribe from promotional communications at any time.

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know — what Personal Data we collect, use, and disclose.
  • Right to delete — request deletion of your Personal Data.
  • Right to opt out of sale — we do not sell your Personal Data.
  • Right to non-discrimination — we will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact us at privacy@crossbeamcloud.com. We will respond within 45 days.

8.3 European Users (GDPR)

If you are located in the European Economic Area, you have additional rights including the right to lodge a complaint with your local data protection authority. Our legal basis for processing your data is:

  • Contract performance — to provide the Service you requested.
  • Legitimate interests — to improve our Service and communicate with you.
  • Consent — where you have given explicit consent for specific processing activities.

9. International Data Transfers

Your information is processed and stored in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

10. Children’s Privacy

The Service is not intended for anyone under the age of 18. We do not knowingly collect Personal Data from individuals under 18. If you believe a minor has provided us with Personal Data, please contact us and we will take steps to delete such information.

The Service may contain links to third-party websites or services not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. For material changes, we will also notify you via email or a prominent notice within the Service.

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us:

  • Email: privacy@crossbeamcloud.com
  • Mail: BrainFog Solutions LLC, 4113 Downton Abbey Ave, College Station, TX 77840
  • Phone: 1-979-321-4202
Schedule a Demo