Data Usage Policy

Effective April 30, 2026 · Version 1.0

How Data Is Collected, Used, Shared, and Retained on the Submit Bonds Platform

1. Purpose & Scope

This Data Usage Policy describes how data is collected, used, shared, retained, and protected on the Submit Bonds™ Platform ("Platform") operated by Submit Bonds, LLC ("Submit Bonds," "we," "our," or "us"). It applies to all Users of the Platform — licensed bail bond agents, detention facility personnel, surety carriers, authorized government personnel, and administrators.

This Policy works in concert with the Submit Bonds Terms of Service, Privacy Policy, Information Security Policy, and Agent Submission Guidelines. Where this Policy and another Submit Bonds policy address the same topic, the more specific policy controls. Where any policy conflicts with applicable law or a binding contract, the law or contract controls.

What this Policy is and is not. This Policy explains what data flows through the Platform, who it goes to, why, and how long it is kept. It is not a Privacy Policy in the sense of consumer privacy disclosures (those are addressed separately), and it is not an internal data handling SOP for Submit Bonds staff. It is a single reference document for Users, partners, and regulators who need to understand data movement on the Platform.

2. Core Principles

All data processing on the Platform follows these principles:

Purpose limitation — data is used only for the purposes for which it was submitted or generated
Authorization-based access — Users access only the data their role permits
Minimum necessary disclosure — third parties receive only the data needed to perform their function
Accuracy — Users are responsible for the accuracy of data they submit; Submit Bonds maintains processes to flag and correct identified errors
Retention discipline — data is retained only as long as required for legitimate purposes
Auditability — all sensitive data access and modification is logged and reviewable
Lawful basis — every data flow has a clear basis in contract, regulation, or User consent

3. Categories of Data Processed

The Platform processes the following categories of data:

Data Category	Examples	Source
User Account Data	Names, emails, phone numbers, license numbers, agency affiliations, role assignments	User-submitted
Authentication Data	Hashed passwords, MFA configurations, session tokens, login history	Generated by Platform
Identity Verification	Government ID images, selfie biometrics, license validation results	User-submitted + 3rd party
Bond Submission Data	Power of Attorney records, General Appearance Bonds, charges, bond amounts, defendant information	User-submitted
Defendant Information	Names, identifiers, charges, booking data, jail facility records	User-submitted + facility records
Surety & Financial Data	Power of Attorney issuance records, surety affiliations, premium calculations	Surety carrier
Audit & Activity Logs	Login events, submissions, status changes, document access, administrative actions	Generated by Platform
Communications	Notifications, support inquiries, system messages, tracking number reports	User-submitted + Platform
Regulatory Records	DFS license validation, state regulator data, compliance flags	3rd party + Platform

Submit Bonds does not knowingly collect data from minors. The Platform is restricted to authorized professional Users.

4. How Data Is Collected

Data flows into the Platform through the following pathways:

4.1 Direct submission by Users

Most Platform data is submitted directly by authenticated Users in the course of their authorized work — bond submissions, status updates, communications, and account information. Users represent that they have the legal right and authority to submit each piece of data they enter.

4.2 Identity verification flows

During account onboarding and at certain compliance checkpoints, Users may submit government-issued identification, biometric selfie images, and license documentation. This data is processed through trusted third-party identity verification providers and the results (and underlying images, where retained) become part of the User's compliance record.

4.3 Third-party integrations

The Platform retrieves data from third-party sources to support its functions, including:

State Department of Financial Services (DFS) records for license validation
Equivalent state regulatory databases in jurisdictions where the Platform operates
Surety carrier systems for Power of Attorney issuance and reconciliation
Court and detention facility data feeds where formal data-sharing agreements exist

4.4 Platform-generated data

The Platform automatically generates data from User activity, including audit logs, session records, system notifications, and analytics on Platform usage. This data exists to support security, compliance, and Platform improvement.

4.5 Communications

Users initiate communications with Submit Bonds through support channels, embedded messaging, and email. These communications and any attachments become part of the Platform's records.

5. How Data Is Used

Data on the Platform is used for the following purposes only:

5.1 Platform operation

Authenticating Users and authorizing access to data and functions
Processing bond submissions and routing them to receiving facilities
Tracking submission status, generating notifications, and supporting workflow
Validating Users' licenses and authority through DFS and equivalent regulator data
Reconciling electronic submissions with original mailed Power of Attorney records

5.2 Compliance and audit

Detecting and investigating suspicious activity, fraud, or misuse
Producing audit trails for regulatory examinations and surety reconciliations
Responding to lawful requests from law enforcement, courts, and regulators
Maintaining records required by Florida insurance and bail bond regulations and equivalent rules in other operating jurisdictions

5.3 Communication

Sending transactional notifications about bond status, submissions, and account events
Providing User support and responding to inquiries
Notifying Users of Policy changes, system maintenance, and service updates
Delivering optional product updates where the User has opted in

5.4 Platform improvement

Analyzing aggregated, de-identified usage patterns to improve features and reliability
Diagnosing performance and security issues
Developing new features and integrations

What we do not do with Platform data. Submit Bonds does not sell User or defendant data. Submit Bonds does not use Platform data to train artificial intelligence or machine learning models without specific authorization. Submit Bonds does not share Platform data with marketing partners. Submit Bonds does not use defendant information for any purpose other than facilitating the bond submission for which it was provided.

6. Data Sharing & Third-Party Recipients

The Platform exists to facilitate information flow among multiple authorized parties. Data is shared with the following recipient categories, only for the purposes listed, and only to the extent necessary:

Recipient Category	Data Shared	Purpose
Detention facilities (jails)	Bond submission data, defendant information, supporting documents	Required to fulfill the core Platform function — submitting bonds to facilities for review
Surety carriers	Power of Attorney records, agent affiliation, bond amount, defendant identifiers	Required for surety underwriting, power reconciliation, and issuance
State regulators (DFS and equivalents)	License validation queries; full record disclosure only when required by law or regulatory request	Required by law and for license verification
Identity verification providers	Government ID images, selfie biometrics, name matching data	Required for identity verification of new agents
Cloud infrastructure providers	All Platform data as part of hosting services	Required for Platform operation; bound by data processing agreements
Communication providers (SMS, email)	Recipient contact info, message content for transactional notifications	Required to deliver Platform notifications
Payment processors	Payment card data (tokenized); transaction amount; billing identifiers	Required to process Platform fees and transactions
Law enforcement & courts	Bond records, audit logs, identity verification when compelled by valid legal process	Required by law
Professional advisors (legal, audit)	Limited access as needed for legal advice or compliance audits, under confidentiality obligations	Standard business operations

6.1 Surety carrier relationship

Each bail bond agent operates under appointment by one or more surety carriers. Bond data is necessarily shared with the appointing surety as part of the bond's lifecycle — power issuance, premium reconciliation, and reporting. This sharing is inherent to the surety relationship and not a separate disclosure choice by Submit Bonds.

6.2 Detention facility data flow

Bond submissions are reviewed by authorized detention facility personnel. Once submitted to a facility, the bond data and supporting documents become part of that facility's record-keeping system, subject to the facility's own data handling rules. Submit Bonds is not responsible for the data handling practices of detention facilities or other government bodies.

6.3 No sale of data

Submit Bonds does not sell Platform data to data brokers, marketers, advertisers, or other third parties. Disclosures occur only as described in this Policy, as required by law, or with explicit User authorization.

6.4 Cross-border transfers

The Platform is operated and data is stored within the United States. Submit Bonds does not currently transfer Platform data to recipients outside the United States, except where required to fulfill a lawful request involving a foreign jurisdiction or where a User explicitly directs such a transfer.

7. Acceptable Use of Data Accessed Through the Platform

Users with access to data on the Platform — agents viewing their own bond records, facility staff reviewing submissions, surety personnel reconciling powers, administrators investigating compliance — must use that data only for purposes consistent with their authorized role. Specifically, Users:

7.1 May

Access data necessary to perform their authorized role
Download or print records for legitimate business purposes (case files, surety reconciliation, audit response)
Share data with their own internal staff who have a need to know and are bound by appropriate confidentiality obligations
Submit data to authorized recipients (sureties, facilities, regulators) as required by their role

7.2 May not

Access data outside the scope of their authorized role
Share login credentials or otherwise enable unauthorized access
Use defendant information for any purpose unrelated to the bond at hand
Disclose Platform data to third parties not authorized to receive it
Scrape, bulk-export, or aggregate Platform data for commercial purposes outside the User's authorized role
Use Platform data to identify, contact, or solicit defendants outside the bond posting and supervision process
Use Platform data to compete with Submit Bonds, replicate its commercial offerings, or train competing systems
Combine Platform data with other datasets in a way that creates new identifying information about individuals beyond what is authorized

7.3 Consequences of misuse

Misuse of Platform data may result in immediate suspension or termination of access, reporting to applicable state regulators (including DFS for licensed bail bond agents), reporting to surety carriers, civil action, and referral to law enforcement where the conduct may constitute a crime.

8. Data Retention Schedule

Data is retained for the periods set forth below, after which it is deleted, archived, or anonymized in accordance with our data lifecycle procedures. Retention periods reflect the minimum needed to fulfill the listed purposes, the requirements of applicable law, and the practical needs of audit and reconciliation.

Data Category	Retention Period	Basis
Bond submission records (POA, GAB, supporting docs)	7 years from bond discharge or final disposition	FL surety record-keeping rules + surety carrier requirements
Defendant information tied to bond records	7 years from bond discharge	Linked to bond record retention
Audit logs (security, access, admin actions)	5 years from log entry	Industry standard for compliance investigations
Authentication & login history	2 years from event	Forensic investigation window
Identity verification results & images	7 years from verification	AML/KYC + bond record alignment
User account data (active accounts)	Duration of account + 7 years post-closure	Tied to bond record retention
User account data (inactive accounts)	7 years from last bond submission, then evaluated	Tied to bond record retention
Communications & support records	3 years from communication	Standard customer service retention
Backups	Backup-cycle dependent (typically 30–90 days)	Operational continuity
Marketing communications data	Until opt-out + 1 year	Standard marketing retention

Retention exceptions. Data subject to a legal hold (litigation, investigation, regulatory inquiry) is retained until the hold is lifted, regardless of the schedule above. Data required to demonstrate compliance with a specific regulatory obligation is retained for the period required by that regulation. Aggregated, de-identified data may be retained indefinitely for statistical and Platform improvement purposes.

9. Data Integrity & Accuracy

Users are responsible for the accuracy of data they submit. Submit Bonds maintains the following data integrity practices:

Audit logging captures changes to bond records, submission status, and User account data
Power of Attorney numbers are tracked from electronic submission through original document mail-back to detect mismatches and fraud
Defendant name consistency is checked across documents within a single submission
License validation against DFS and equivalent registries flags expired or revoked licenses
Identity verification flows are designed to detect document tampering and impersonation

If a User identifies an error in data on the Platform, they may correct it through the Platform's standard editing functions where available, or contact Submit Bonds support for assistance with data they cannot edit directly.

10. User Rights & Control Over Data

Users have the following rights with respect to data on the Platform:

10.1 Account data

Review and update profile information through the Platform's account management functions
Request correction of inaccurate data
Request closure of the account, subject to retention obligations described in Section 8

10.2 Bond submission data

Bond submission data, once submitted, becomes part of the official record of the bond and cannot be unilaterally deleted by the submitting User. This is an essential property of the Platform's role as a system of record. Users may request corrections to inaccurate bond data; corrections are evaluated against audit, regulatory, and surety carrier requirements.

10.3 Defendant data

Defendants are not direct Users of the Platform. Inquiries from defendants or their authorized representatives regarding their information may be directed to Submit Bonds, and Submit Bonds will respond consistent with applicable law, the bond record's status, and the obligations owed to the submitting agent and surety.

10.4 Data portability

Users may export bond records they have submitted in a standard format consistent with their role and authorization level. Bulk export tools are provided through the Platform interface or, on request, through Submit Bonds support.

11. Legal Basis for Processing

Submit Bonds processes Platform data on the following bases:

Contract — performance of the Submit Bonds Terms of Service and related agreements with Users, sureties, and facilities
Legal obligation — compliance with state and federal laws governing bail bonds, surety operations, and recordkeeping
Legitimate business interest — operating, securing, and improving the Platform; preventing fraud and misuse
Consent — where Users opt into specific communications or features beyond the core Platform function

12. Security of Data

Data on the Platform is protected by the controls described in the Submit Bonds Information Security Policy, including encryption at rest and in transit, role-based access controls, multi-factor authentication, audit logging, vulnerability management, and infrastructure-level protections. Users are responsible for protecting their own credentials and maintaining the security of any devices they use to access the Platform.

13. Changes to This Policy

This Policy is reviewed at least annually and updated as the Platform, the regulatory landscape, or our data practices evolve. Material changes will be communicated through the Platform, by email, or by other reasonable means. The current version is always available at www.submitbonds.com. Continued use of the Platform after the effective date of any change constitutes acknowledgment of the updated Policy.

14. Contact

Questions, requests, or concerns regarding this Data Usage Policy may be directed to Submit Bonds through the contact information published at www.submitbonds.com. Requests requiring identity verification (account closures, data corrections, formal data requests) may require the User to authenticate through the Platform or provide additional verification before being processed.

15. Relationship to Other Policies

This Policy is part of the Submit Bonds policy family, which includes:

Submit Bonds Terms of Service — the binding contract governing Platform use
Privacy Policy — describes the collection and use of personal information specifically
Information Security Policy — describes the security controls protecting Platform data
Agent Submission Guidelines — operational standards for submitting bonds

Together these documents form the complete framework governing data on the Platform. Where this Policy is silent on a specific topic, the relevant other policy applies.