Privacy Policy

Last updated: June 11, 2026

DutyBolt, Inc. ("DutyBolt," "we," "us") operates the software at dutybolt.com that helps U.S. importers prepare IEEPA tariff-refund (CAPE) claim files. This policy explains what we collect, why, and the choices you have. DutyBolt is independent software and is not affiliated with U.S. Customs and Border Protection (CBP).

1. Information we collect

• Account data: your email address, password (stored only as a one-way bcrypt hash), and optional company name.
• Import records you upload: entry data in CSV, XLSX, or Form 7501 PDF form — entry numbers, importer-of-record numbers, entry dates, HTS codes, and duty amounts.
• Usage and device data: basic log information (IP address, timestamps) used for security and rate limiting.
• Payment data: processed by our payment provider, Razorpay. We do not see or store your full card number.

We never request or store bank account or ACH details. Your tariff refund is paid to you directly by CBP — it does not pass through DutyBolt.

2. How we use your information

• To classify your entries, estimate your refund, and generate CAPE Declaration files.
• To read uploaded Form 7501 PDFs using a third-party AI provider (e.g. Anthropic, OpenAI, or Google) solely to extract entry fields.
• To send transactional email (verification codes, claim status, receipts) via our email provider, Brevo.
• To secure the service, prevent abuse, and meet legal obligations.

We do not sell your personal information, and we do not use your import records for advertising.

3. Where your data lives

Account and entry data is stored in a managed MongoDB database. Uploaded files are stored on our server outside the public web root and are reachable only through your authenticated session. All traffic is encrypted in transit (TLS).

4. Sub-processors

We share data only with vendors that help us run the service: our hosting provider, MongoDB Atlas (database), Brevo (email), Razorpay (payments), and an AI provider for PDF extraction. Each processes data only on our instructions.

5. Data retention & deletion

You can permanently delete your import data, claims, and uploaded files at any time from Account → Delete data. Deleting your data does not reset paid usage. We retain minimal records needed for legal, tax, and fraud-prevention purposes.

6. Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data. Email [email protected] and we will respond within a reasonable time.

7. Security

We use bcrypt password hashing, encrypted transport, session cookies marked HttpOnly and Secure, rate limiting, and file-type validation. No system is perfectly secure, but we take reasonable measures appropriate to the sensitivity of import data.

8. Changes

We may update this policy; material changes will be reflected by the "last updated" date above.

9. Contact

Questions? Email [email protected].