Privacy Policy

True Bearing LLC ("Company", "we", "us", or "our") operates CIMScan, an IC Sentinel product. This Privacy Policy explains how we collect, use, store, and protect information when you use the CIMScan service at cimscan.ai.

We take the confidentiality of your data seriously. CIMScan is designed to process sensitive financial documents. We collect only what is necessary to operate the service and retain nothing longer than required.

Account information — When you register, we collect your name, email address, firm name, and firm website. This information is used to create and manage your account and to generate your firm's unique ingest address.

Submitted documents — CIM PDF files submitted to your ingest address are received and processed by our pipeline. These documents are deleted immediately upon completion of processing and are never stored long-term.

Scan outputs — The structured data and narrative analysis generated by CIMScan (Dataset D and IC Insights) are stored securely and made available to your account for 90 days, after which they are automatically and permanently deleted.

Payment information — Payment is processed by Stripe. We do not store credit card numbers or payment credentials. We retain transaction records (amount, date, scan type) for accounting purposes.

Usage data — We collect basic service logs including API request timestamps, scan status events, and error logs for the purpose of operating and improving the service. These logs do not contain document content.

Support communications — If you contact us via the help form or by email, we retain that correspondence to respond to your inquiry and improve the service.

We use the information we collect solely to:

• Create and manage your account and firm registration
• Process submitted CIM documents and deliver scan outputs
• Send transactional emails (verification, welcome, scan confirmation, delivery, password reset)
• Process payments via Stripe
• Respond to support requests
• Maintain service security and diagnose technical issues

We do not use your data for advertising. We do not sell, rent, or share your data with third parties for their own marketing purposes.

CIMScan is built for processing confidential financial documents. We treat submitted CIMs with the following protections:

• Documents are transmitted over encrypted connections (TLS)
• Documents are processed in isolated pipeline jobs and are not used to train AI models
• Documents are deleted immediately upon pipeline completion — they are not retained in any storage system
• Document content is never shared with any third party except as required to operate the AI processing pipeline

We retain different categories of data for different periods:

• Submitted CIM documents: deleted immediately upon pipeline completion
• Scan output files (Dataset D, IC Insights): 90 days from delivery date, then automatically and permanently deleted
• Account and firm data: retained for the life of your account, deleted upon account deletion request
• Payment transaction records: retained for 7 years as required for accounting and tax compliance
• Service logs: retained for 90 days

We use the following third-party services to operate CIMScan. Each is bound by their own privacy and security policies:

• Supabase — database and authentication (supabase.com)
• Mailgun — transactional email delivery (mailgun.com)
• Stripe — payment processing (stripe.com)
• Railway — cloud infrastructure and hosting (railway.app)
• OpenAI / Anthropic — AI processing pipeline (documents are processed but not retained by these providers for training purposes under our enterprise agreements)

We do not share your personal data with any other third parties.

We implement industry-standard security measures including:

• TLS encryption for all data in transit
• Encryption at rest for all stored data via Supabase
• Access controls limiting data access to authorized personnel only
• Unique per-firm ingest addresses preventing cross-firm data submission

No system is completely secure. If you believe your account has been compromised, contact [email protected] immediately.

You have the right to:

• Access the personal data we hold about you — contact [email protected]
• Request correction of inaccurate account information — via Account Settings or email
• Request deletion of your account and all associated data — via Account Settings or email
• Receive a copy of your data in a portable format — contact [email protected]

We will respond to data requests within 30 days.

CIMScan uses only essential cookies required for authentication session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

CIMScan is a professional B2B service and is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors.

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email at least 14 days before the changes take effect. The effective date at the top of this page will reflect the most recent revision.

Questions, requests, or concerns regarding this Privacy Policy should be directed to:

True Bearing LLC — IC Sentinel / CIMScan
[email protected]