LoadBear
Sign in Start free
Legal

Privacy Policy

Effective: April 24, 2026 Version: 1.0 Contact: hello@loadbear.co
About this document This document was drafted by LoadBear for a typical B2B SaaS deployment of the LoadBear Platform. It is provided as a starting point and should be reviewed by a qualified attorney before being relied upon as a binding agreement. Email hello@loadbear.co with any questions.

1. Introduction and Scope

This Privacy Policy ("Policy") explains how LoadBear ("LoadBear," "we," "us," or "our") collects, uses, discloses, and protects information when you visit loadbear.co, use the LoadBear Platform, communicate with our team, or otherwise interact with us (collectively, the "Services"). This Policy applies to information we collect from individuals in the United States, the European Economic Area, the United Kingdom, Switzerland, and elsewhere, except where superseded by a separate notice or agreement.

By using the Services, you acknowledge that you have read and understood this Policy. If you are using the Services on behalf of an organization (a "Customer"), you represent that you have authority to bind that organization to this Policy and to our Terms of Service. Where we process personal information on a Customer's behalf as a service provider or processor, our processing is governed by our Data Processing Addendum and the Customer's instructions, not by this Policy.

2. Information We Collect

2.1 Information you provide directly

We collect information you submit when you create an account, request a demo, complete forms, contact support, or otherwise communicate with us. This may include your name, business email address, phone number, employer, role, billing details, payment method, postal address, account credentials, and any content you choose to provide in messages, forms, or our AI assistant chats.

2.2 Information collected automatically

When you visit our website or use the Services, we and our service providers automatically collect technical and usage information, including: IP address, device identifiers, browser type and version, operating system, language preferences, referring and exit URLs, pages and features accessed, dates and times of access, click events, mouse movements (in aggregate), and approximate geolocation derived from IP. We collect this information using cookies, pixels, log files, server beacons, and similar technologies (see Section 7).

2.3 Customer Data

When a Customer deploys an agent on the LoadBear Platform, the Customer (and the Customer's end users) may submit data to be processed by the agent ("Customer Data"). Customer Data may include personal information of the Customer's own customers, prospects, employees, vendors, or other third parties. With respect to Customer Data, LoadBear acts as a service provider (under U.S. state privacy laws) or processor (under the GDPR/UK GDPR), and the Customer is the business or controller. Our handling of Customer Data is governed by the agreement with the Customer and our DPA, not by this Policy.

2.4 Information from third parties

We may receive information from third-party sources, including business contact databases, marketing platforms, social networks (including OAuth providers if you sign in with Google or similar), our payment processor, our hosting and analytics providers, and integration partners who supply data with your authorization or our Customer's authorization.

3. How We Use Information

We use the information described above for the following purposes, each of which corresponds to a permissible purpose under applicable law (including, where applicable, GDPR Article 6):

  • To provide and operate the Services — including provisioning workspaces, authenticating users, configuring agents, processing payments, providing customer support, and maintaining service quality. Legal basis: performance of a contract; legitimate interests.
  • To develop and improve the Services — including diagnosing and fixing issues, analyzing usage patterns in aggregate, and developing new features. Legal basis: legitimate interests.
  • To communicate with you — including sending service-related notices, transactional messages, billing communications, security alerts, and (where permitted) marketing communications. Legal basis: performance of a contract; legitimate interests; consent where required.
  • To personalize and target marketing — including measuring marketing effectiveness, retargeting visitors via advertising platforms, and tailoring content. Legal basis: consent (where required) or legitimate interests.
  • To ensure security and prevent fraud — including detecting unauthorized access, abuse of the Services, and other harmful activity. Legal basis: legitimate interests; legal obligations.
  • To comply with legal obligations — including responding to lawful requests, complying with tax and accounting obligations, and enforcing our agreements. Legal basis: legal obligations.
  • To exercise or defend legal claims — Legal basis: legitimate interests; establishment, exercise, or defense of legal claims.

We do not sell personal information for monetary consideration, and we do not engage in cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA").

4. AI Processing and Automated Decision-Making

The LoadBear Platform uses third-party large language models and other artificial intelligence systems to operate agents, summarize information, generate text, and produce other outputs. We want to be transparent about this:

  • We do not use Customer Data to train any general-purpose AI model. Customer Data is processed only to provide the Services to the Customer and is not used by us, or our model providers, to train models that benefit other customers, except where the Customer expressly opts in to a feature that requires such use.
  • Inputs you submit to our website AI assistant ("Mia") are processed by our model provider to generate responses, are not used by us or our model provider to train models, and are retained only as necessary to operate, audit, and improve our prospect communications.
  • Solely automated decisions producing legal or similarly significant effects on individuals are not made by the Services as configured by us. Customers may configure agents to take actions on their behalf; the Customer is responsible for ensuring such configurations comply with applicable automated decision-making laws (including GDPR Article 22 and similar provisions in U.S. state laws).
  • AI outputs may be inaccurate. We disclose the use of AI in user-facing surfaces where appropriate. Outputs should be reviewed by a human before being relied upon for material decisions.

5. Sharing and Disclosure

We disclose information in the following circumstances:

  • Service providers and subprocessors. We share information with vendors that perform services on our behalf — including cloud hosting (Cloudflare, Inc.), AI model providers (Anthropic, PBC), payment processing (Stripe, Inc.), email and notification delivery, analytics, customer support, and similar functions. These vendors are bound by contractual obligations to protect the information they process. Our subprocessors for Customer Data are listed in our DPA.
  • At Customer direction. Where we process Customer Data on behalf of a Customer, we share information at the Customer's direction or as necessary to provide the Services to the Customer.
  • Legal requirements. We may disclose information if we believe in good faith that disclosure is necessary to comply with a law, regulation, legal process, or governmental request; to enforce our agreements; to protect the rights, property, or safety of LoadBear, our users, or others; or to detect, prevent, or address fraud, security, or technical issues.
  • Business transfers. If LoadBear is involved in a merger, acquisition, financing, reorganization, sale of assets, or insolvency proceeding, information may be transferred as part of that transaction, subject to standard confidentiality and continued protection of the information.
  • Affiliates. We may share information with our affiliates and subsidiaries, who will use it consistent with this Policy.
  • With your consent. We may share information for any other purpose with your consent or at your direction.

6. Sale or Sharing of Personal Information

We do not "sell" personal information for monetary consideration. We do not "share" personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. We do not knowingly sell or share the personal information of consumers under 16 years of age.

To the extent we use cookies, pixels, or similar tracking technologies that may constitute "selling" or "sharing" under expansive interpretations of certain U.S. state privacy laws, you may opt out by following the instructions in Section 7 and Section 10. We honor Global Privacy Control (GPC) signals as a valid opt-out request from California consumers and consumers in other states whose laws recognize GPC.

7. Cookies and Similar Technologies

We and our service providers use cookies, web beacons, pixels, local storage, and similar technologies for the following purposes:

  • Strictly necessary — required to enable core functionality such as authentication, session management, security, and load balancing.
  • Functional — to remember preferences and settings.
  • Analytics — to measure traffic and understand how visitors use the Services. We use Cloudflare Web Analytics, which is designed to be privacy-friendly and does not use third-party cookies or fingerprinting.
  • Marketing — only where deployed and only with consent in jurisdictions that require it.

You can control cookies through your browser settings and through any cookie consent interface we provide. Disabling cookies may impact certain functionality. We honor Do Not Track signals only where required by law.

8. International Data Transfers

LoadBear is operated from the United States, and our service providers may be located in the United States and other countries. If you access the Services from the European Economic Area, the United Kingdom, Switzerland, or any jurisdiction with data export restrictions, your information will be transferred to and processed in the United States and other jurisdictions that may not provide the same level of data protection as your home jurisdiction.

Where applicable, we rely on the European Commission's Standard Contractual Clauses (Module 2 or 4 as appropriate), the UK International Data Transfer Addendum, the Swiss-equivalent SCCs, or other lawful transfer mechanisms. A copy of the relevant transfer mechanism is available on request to hello@loadbear.co.

9. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting, or reporting requirements. Specifically:

  • Account information — for the duration of your account and for a reasonable period after termination to handle disputes, comply with legal obligations, and enforce our agreements.
  • Customer Data — as set out in the agreement with the Customer and our DPA.
  • Marketing communications — until you opt out, plus a reasonable period to honor your opt-out and maintain suppression lists.
  • Logs and security data — typically up to 12 months, longer where required for security investigations or legal obligations.
  • Mia chat transcripts — typically up to 90 days for service quality improvement and dispute resolution.

Where we anonymize information so that it can no longer be associated with an identifiable individual, we may retain and use that anonymized information indefinitely.

10. Your Privacy Rights

10.1 Rights for California residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what categories and specific pieces of personal information we have collected about you, the sources, the purposes for collection, and the categories of recipients.
  • Request deletion of personal information we have collected, subject to certain exceptions.
  • Request correction of inaccurate personal information.
  • Opt out of any "sale" or "sharing" of personal information.
  • Limit the use of "sensitive personal information" to the purposes permitted under the CCPA/CPRA.
  • Not be discriminated against for exercising your rights.
  • Designate an authorized agent to make requests on your behalf, subject to verification.

Categories of personal information we have collected in the past 12 months include identifiers, commercial information, internet/network activity, geolocation data, and inferences. Categories of sources, purposes, and recipients are described in Sections 2, 3, and 5 of this Policy. We have not sold personal information for monetary consideration in the past 12 months.

10.2 Rights for residents of other U.S. states

If you are a resident of Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia (or another state with a comprehensive privacy law in effect), you may have rights to access, correct, delete, or obtain a portable copy of your personal information; to opt out of targeted advertising, the sale of personal information, and certain profiling; and to appeal a denial of your rights. The specific scope of these rights varies by state.

10.3 Rights for residents of the European Economic Area, United Kingdom, and Switzerland

If the GDPR or UK GDPR applies to our processing of your personal data, you have the right to:

  • Access your personal data and obtain information about how it is processed.
  • Request rectification of inaccurate or incomplete personal data.
  • Request erasure ("right to be forgotten") in certain circumstances.
  • Restrict or object to processing in certain circumstances, including for direct marketing.
  • Receive your personal data in a portable format.
  • Withdraw consent at any time where processing is based on consent (without affecting prior processing).
  • Lodge a complaint with your local supervisory authority.

10.4 How to exercise your rights

To exercise any of these rights, email hello@loadbear.co with your request and the jurisdiction whose rights you are invoking. We will verify your request using reasonable means appropriate to the nature of the request and the sensitivity of the information involved. We will respond within the timeframes required by applicable law (typically 45 days under U.S. state laws, with possible extensions; 30 days under GDPR/UK GDPR).

If your request relates to Customer Data we process on behalf of one of our Customers, we will direct your request to the relevant Customer or assist them in responding.

11. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, accidental loss, alteration, and disclosure. Measures include encryption in transit (TLS 1.2 or higher) and at rest (AES-256), workspace isolation for Customer Data, least-privilege access controls, multi-factor authentication for administrative accounts, vendor security review, and incident response procedures. No system is perfectly secure; we cannot guarantee that personal information will never be subject to unauthorized access. You are responsible for safeguarding your account credentials.

12. Children's Privacy

The Services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16 without verifiable parental consent, we will delete it as soon as reasonably possible. If you believe a child has provided personal information to us, please contact hello@loadbear.co.

13. Third-Party Links and Services

The Services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy notices.

14. Notice of Financial Incentives

From time to time we may offer financial incentives (such as discounts, credits, or free trials) in exchange for the collection, retention, or sale of personal information. Any such program will be described in a notice provided at the time of the offer, including the material terms, the categories of personal information involved, and how to opt in and out.

15. Do Not Track

Some browsers transmit "Do Not Track" signals. Because there is no industry-standard interpretation of these signals, we do not respond to them at this time, except where required by law. We do honor Global Privacy Control (GPC) signals where required.

16. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by posting the updated Policy on the Services and, where required, by other means (such as email or in-product notice). The "Effective" date at the top of this Policy indicates when it was most recently revised. Your continued use of the Services after the effective date of any update constitutes your acceptance of the updated Policy.

17. Contact Us

If you have questions, concerns, or requests regarding this Policy or our privacy practices, please contact us:

If you are in the EEA, UK, or Switzerland and we do not resolve your concern, you have the right to lodge a complaint with your local data protection supervisory authority.