Privacy Policy

Last updated: May 2026

This website (bridgingmain.com) is operated by Main St Holding I LLC, a California limited liability company doing business as Bridging Main (“Bridging Main,” “we,” “us,” or “our”). The “Bridging Main” name and brand are owned by Bridging Main LLC (Wyoming) and licensed to the operating entity. This policy explains what information we collect, how we use it, and what choices you have.

What we collect

Information you provide directly. When you fill out a form on our site—such as the discovery call request, email signup, or telecom savings estimator—we collect the information you enter: your name, email address, company name, phone number, and any message you include. We collect this information through Formspree, a third-party form processing service.

Information you provide through interactive AI features. Some pages on our site include AI-powered interactive tools. When you use one of these tools, we collect the responses you enter—for example, answers to assessment questions or messages you type into a guide. These responses are stored anonymously by default and processed by a third-party AI provider to generate your results. See the “AI features” section below for details. If you participate in a workspace assessment with colleagues from your organization, additional information is collected—see “Workspaces and multi-respondent assessments” below.

Information collected automatically. We use Google Analytics 4 (GA4) to understand how visitors use our site. GA4 collects:

• Pages visited and time spent on each page
• How you arrived at our site (referral source, search query)
• General device and browser information
• Approximate geographic location (city-level, derived from IP address)

GA4 does not collect your name, email address, or other personally identifying information unless you provide it through a form. Google Analytics uses cookies to distinguish unique visitors. You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-On.

AI features

Our site uses AI to power interactive features that help you assess your operations, find relevant information, and explore our services. This section describes how AI features handle your data when you use them on your own. If you participate in a multi-person workspace assessment, additional data handling applies—see “Workspaces and multi-respondent assessments” below.

How AI features work. When you interact with an AI feature, the responses you enter (for example, your assessment answers, or messages you type into a guide) are sent to a third-party AI provider, which generates a response that is then displayed to you. We currently use Anthropic’s Claude API as our AI provider. The privacy policy framework below applies to any AI provider we use; if we add another provider in the future, we will note it under “Third-party services.”

Anonymous by default. AI feature interactions are stored under a random session identifier, not under your name or email. We do not collect personally identifying information through AI features unless you choose to provide it (for example, by submitting a form to receive a follow-up).

What happens if you contact us. If you submit a discovery call request, lead form, or PDF download request after using an AI feature, your AI session is linked to that submission so we can review your context before responding. At that point, the session is no longer anonymous—it becomes part of the lead record.

What our AI provider does with your data. Anthropic’s commercial API terms apply to our use. As of this policy’s last updated date:

• Anthropic does not use commercial API inputs or outputs to train its models by default.
• Anthropic retains API inputs and outputs for up to 7 days, then deletes them.

You can review Anthropic’s current data-handling practices in their Privacy Policy and Trust Center.

Storage on our side. We store anonymous AI feature interactions on our own servers for up to 90 days, then delete them. AI sessions linked to a discovery call or lead submission are retained as part of the lead record and follow our standard retention practice for business records (see “Data retention” below). Workspace assessment data follows a different retention schedule—see “Workspaces and multi-respondent assessments” below.

How we use AI feature data. We review AI feature interactions to improve our content, tools, and services. We do not attempt to re-identify anonymous interactions, and we do not match anonymous patterns to identifiable individuals.

Workspaces and multi-respondent assessments

Some of our AI assessments support workspaces, where multiple people from the same organization can take the same assessment together and compare results. The general AI feature practices above continue to apply; this section describes what changes when a workspace is involved.

How workspaces work. Anyone who completes an assessment can create a workspace from their result page. Workspace creation produces a unique URL containing a random string. The person who creates the workspace (the “initiator”) shares the URL with colleagues, who join by completing the same assessment. Late participants must complete the full assessment before seeing any workspace data, so their answers aren’t anchored on what others have already submitted. Workspaces hold up to 25 participants by default; we can raise this on request.

What we collect from workspace participation. When you create or join a workspace, we collect your first name and your role (for example, “Property Manager”). Providing your full name is optional. We also record the IP address you submit from for abuse detection (see “IP capture” below). The assessment responses you enter follow the same handling described under “AI features” above.

What other workspace participants see. Your individual responses are never shown to other participants. Other participants see your first name and role. Group averages and aggregate patterns become visible only once enough people have answered: a group-average view requires at least three total participants, and any role-segmented variance view requires at least two people from each role. Below those thresholds, each participant sees only their own results. The workspace dashboard plainly shows what views are currently available and what is gated.

Honest disclosure about small workspaces: in workspaces with very few participants, motivated participants could approximate others’ answers by comparing aggregate views against their own. We recommend honest answers regardless—the diagnostic value of a workspace assessment depends on it.

What Bridging Main sees. We review assessment responses and workspace data to improve the assessment, prepare for discovery conversations initiated by workspace participants, and identify patterns across organizations. Within an organization’s workspace, we treat individual responses as confidential to that organization. Across organizations, we may reference anonymized aggregate patterns (for example, “mid-size operators commonly score lower on documentation maturity”) but never identifying details. We do not reveal one organization’s specific results to another organization, in any form.

IP capture. We record the IP address you submit from at the time of each workspace submission. This is used for abuse detection—for example, identifying patterns where a single source is creating many workspaces, or joining workspaces in ways that look like scraping. IP addresses captured this way are retained for 30 days, then deleted. Beyond this operational logging, we do not surveil participants within their own workspaces.

Workspace lifetime. A workspace remains active for 12 months from its last activity (no new participants, no retakes, no logins). At month 11, the initiator receives an email with a one-click option to keep the workspace active. After 12 months of inactivity, the workspace becomes read-only for an additional 12 months, then is permanently deleted along with all associated data.

Workspace ownership transfer. If a workspace initiator becomes unreachable—for example, leaves their organization—the workspace becomes read-only for remaining participants. A request to transfer workspace ownership requires email confirmation from the requester and approval by Bridging Main.

Linking an assessment to a discovery request. When you click the discovery-call button from your Scorecard results page (whether standalone or from a workspace dashboard), the discovery form receives a reference to your assessment. We use this reference to review your responses and the AI-generated narrative before our conversation, so we can prepare with context you've already shared. The reference is created only when you initiate the discovery request from the results page; clicking the discovery link from elsewhere on the site (the main navigation, the footer, an article, etc.) does not link the request to any assessment. If you'd prefer to keep your assessment unlinked from a discovery request, use the discovery form directly without going through the results-page button.

How we use your information

We use the information we collect to:

• Respond to your inquiries and schedule discovery calls
• Send you information you’ve requested (such as resources you signed up for)
• Generate personalized results from AI-powered tools you use on our site
• Identify patterns across organizations using anonymized, aggregated workspace data—never individual or organization-specific cross-references
• Understand how our site is used so we can improve it
• Communicate with you about our services if you’ve expressed interest

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We do not send unsolicited marketing emails to people who have only submitted a discovery call request or downloaded a resource.

Third-party services

We use the following third-party services that may process your data:

• Formspree—processes form submissions. Formspree Privacy Policy
• Google Analytics 4—website analytics. Google Privacy Policy
• Google Tag Manager—manages the analytics script. Google Privacy Policy
• Anthropic—provides the Claude API used to power our AI features. Anthropic Privacy Policy

Cookies

Our site uses a limited number of cookies and similar technologies:

• Google Analytics cookies (_ga, _ga_*)—used to distinguish unique visitors and track sessions. These expire after 2 years and 24 hours respectively.
• Session storage—we use browser sessionStorage (not cookies) to maintain consistent A/B test variants, track referral sources within a single visit, and preserve in-progress responses on AI-powered tools (so a page refresh does not lose your work). This data is automatically cleared when you close your browser tab.

We do not use advertising cookies, retargeting pixels, or any tracking technology beyond what is described above.

Data retention

We retain different categories of data for different periods:

• Form submissions (discovery call requests, signups, leads) are retained in our Formspree account and email for as long as needed to respond to your inquiry and maintain our business records.
• Anonymous AI feature interactions are retained for up to 90 days, then deleted.
• AI sessions linked to a discovery call or lead submission are retained as part of the lead record alongside the form submission.
• Workspace participation data (assessment responses, first name, role, join timestamps, and workspace metadata) is retained for the active life of the workspace—12 months from last activity—plus 12 months in read-only archive, then permanently deleted.
• Workspace IP addresses captured at submission are retained for 30 days, then deleted (matching our rate-limit log retention).
• Rate-limit logs (IP addresses recorded only to prevent abuse of AI features) are retained for up to 30 days.
• Anonymized cross-organization aggregate patterns derived from workspace data are retained indefinitely with no individual or organization identification.
• Google Analytics data is retained according to Google’s default retention settings (14 months for user-level data).

You can request deletion of your personal information at any time—see “Your rights” below.

Security

For information about how we secure the data described in this policy—including encryption in transit and at rest, access controls, AI feature defenses, incident response, and how to report a security issue—see our Security page. Privacy and security are reviewed together when either changes.

Your rights

Depending on your jurisdiction, you may have the right to:

• Request access to the personal information we hold about you
• Request correction or deletion of your personal information
• Request deletion of an anonymous AI feature session by its session ID (visible to you in the AI tool you used)
• Request removal of your individual record from a workspace assessment you participated in—your individual responses are purged; aggregate workspace data is retained so the remaining participants’ results are not affected
• Request deletion of an entire workspace if you are its initiator—all individual records, workspace metadata, and the workspace itself are purged
• Opt out of analytics tracking (via the Google Analytics Opt-Out Add-On linked above)
• Withdraw consent for future communications

How to exercise these rights. Email privacy@bridgingmain.com with your request. We will respond within 30 days. For deletion requests, please include enough information for us to locate your record—either the email address you used to contact us, the session ID from an AI feature you used, or the workspace URL you participated in.

California residents have additional rights under the California Consumer Privacy Act (CCPA). We do not sell personal information as defined by the CCPA.

Children’s privacy

Our site and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated “Last updated” date. We will not materially reduce your rights under this policy without providing notice.

Contact

If you have questions about this privacy policy or want to exercise your data rights, contact us at:

Main St Holding I LLC dba Bridging Main
1081 Camino del Rio S, Ste 105
San Diego, CA 92108
hello@bridgingmain.com
Privacy requests: privacy@bridgingmain.com