BAA Generator
HomePrivacy Policy

Privacy Policy

Effective date: April 17, 2026 · Last updated: April 17, 2026

This Privacy Policy describes how BAA Generator ("we," "us," or "our") collects, uses, and shares information when you visit baagenerator.com ("the Site") or use our Business Associate Agreement generation tool ("the Service").

1. Information we collect

1.1 Data you enter into the BAA wizard

When you use the BAA wizard, you provide information about the parties to the agreement, including names, addresses, the nature of services, and selected contract clauses. This data is processed in your browser to render your document. We do not store the contents of your generated Business Associate Agreement on our servers. When you close the browser tab, the wizard data is discarded unless you have explicitly saved it locally on your device.

1.2 Payment information

If you purchase the $29 clean copy, payment is processed by Stripe, Inc. We never see, collect, or store your full card number or CVC. Stripe provides us with a transaction identifier, the last four digits of the card, a payment status, and the billing email you provide at checkout. See Stripe's Privacy Policy.

1.3 Automatically collected data

Like most websites, our hosting provider (Vercel) automatically logs certain information when you visit the Site, including IP address, browser type and version, referring URL, pages viewed, and timestamps. We use this information for security, troubleshooting, and aggregate analytics.

1.4 Cookies and analytics

We use a minimal set of cookies required to operate the Site and, optionally, privacy-respecting analytics tools to understand aggregate usage (e.g., which pages are visited most often). We do not use cookies for advertising profiling and do not sell data to advertising networks.

2. How we use information

3. How we share information

We do not sell your personal information. We share information only with:

4. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal information, or to object to certain processing. Residents of California (CCPA/CPRA) and the European Union / United Kingdom (GDPR) have expanded rights under those laws. To exercise any right, email privacy@baagenerator.com. We will respond within the timeframe required by applicable law.

5. Data retention

We retain transactional records (receipts, payment confirmations) for as long as required for accounting and tax purposes, typically seven years. Server logs are retained for 30–90 days. Wizard inputs are not retained on our servers beyond the active session.

6. Security

We use industry-standard technical and organizational safeguards to protect the information we process, including TLS encryption in transit, access controls, and periodic review of our security posture. No system is perfectly secure; if you believe your information has been compromised, contact us immediately.

7. Children

The Service is not directed to children under 16. We do not knowingly collect information from children. If you believe a child has provided information to us, contact privacy@baagenerator.com and we will delete it.

8. International transfers

Our servers are located in the United States. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S. By using the Service, you consent to that transfer.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "Last updated" date at the top of this page. Continued use of the Service after the update constitutes acceptance of the revised policy.

10. Contact

Questions about this Privacy Policy or our data practices: privacy@baagenerator.com.