Bounded Security Privacy Policy

Last updated: May 30, 2026
Effective date: May 30, 2026

This Privacy Policy ("Policy") describes how Bounded Security ("Bounded," "we," "us," or "our") collects, uses, discloses, stores, and protects information in connection with the Bounded AI-security platform, including the website at bounded-security.com, the security console at platform.bounded-security.com, the Bounded browser extension, the Bounded desktop sensor, the Bounded backend services, and any related applications, APIs, integrations, and connectors (collectively, the "Services").

Brand notice. "Bounded Security" is a product and brand name. As of the effective date of this Policy, Bounded Security is operated as an unincorporated venture and is not a registered legal entity. References to "Bounded," "we," "us," or "our" refer to the operators of the Bounded Security brand and the Services. Nothing in this Policy shall be construed as a representation that any specific corporate entity exists, and this Policy will be updated to identify the operating legal entity if and when one is formed.

By accessing or using the Services, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, do not access or use the Services.

1. Who this Policy covers

The Services are an enterprise, business-to-business security product. They are designed to be deployed by an organization (the "Customer" or "Organization") to discover, monitor, and enforce security policy over AI tools - browser extensions, desktop AI agents, MCP servers, code dependencies, and connected SaaS applications - operating within that Organization's environment.

This Policy distinguishes between:

• Customers / Organization administrators - the businesses and the individuals who configure and operate the Services on behalf of an Organization. For most data processed through the Services, the Customer is the controller (or equivalent) and Bounded acts as a processor / service provider that processes data on the Customer's behalf and under the Customer's instructions.
• End users / covered users - individuals (typically the Customer's employees, contractors, or other authorized personnel) whose devices, browsers, repositories, or accounts are monitored by the Services as deployed by their Organization.
• Website visitors - individuals who visit bounded-security.com or otherwise interact with our public marketing surfaces.

Important for end users: If your employer or another organization has deployed the Services on a device, browser, or account you use, that organization - not Bounded - determines what is monitored, why, and for how long the resulting data is retained within the limits the Services allow. Please direct questions about that organization's monitoring practices to the organization. Bounded processes such data on the organization's behalf.

2. Scope and relationship to other agreements

This Policy supplements, and is incorporated into, any master services agreement, order form, enterprise agreement, terms of service, or data processing agreement ("DPA") between Bounded and a Customer. Where a separately negotiated written DPA or enterprise agreement exists between Bounded and a Customer, that agreement governs to the extent of any conflict with this Policy. In the absence of such an agreement, this Policy governs.

This Policy does not apply to:

• Third-party products, services, websites, or platforms that the Services connect to or scan (for example, GitHub, GitLab, Slack, Zendesk, Jira, Confluence, Salesforce, Notion, or Google Drive), which are governed by their own privacy policies and terms; or
• Any data, system, or organization not deployed, configured, or operated through the Services.

3. Information we collect

The Services are purpose-built to detect security risk. By design, we seek to minimize the collection of personal data and to avoid storing raw sensitive content wherever the security objective can be achieved with masked, fingerprinted, or metadata-only representations. The categories below describe what may be collected depending on which components an Organization deploys and how it configures them.

3.1 Account, tenancy, and licensing data

• Identifiers for Organizations and users (organization ID, user ID, email address, display name, role/membership, authentication identifiers).
• License keys, license assignments, and entitlement state.
• Invitations, memberships, and access-control metadata.
• Authentication and session data, including tokens and token expiry metadata. Authentication is handled through our identity provider and supporting infrastructure.

3.2 Security telemetry and findings (the core of the Services)

Depending on the components deployed, the Services collect security-relevant signals such as:

• Browser extension inventory and risk findings - installed browser extension identifiers, names, versions, vendors, declared permissions and host permissions, and computed risk scores and recommendations.
• Desktop agent and MCP server findings - process names, command signatures, configuration paths, detected AI coding assistants and agents, MCP server identifiers and capabilities, heartbeat state, and computed risk scores and recommendations.
• Device sensor data - a per-device sensor identifier, hashed sensor tokens, heartbeat timestamps, and the agent/MCP findings described above. The sensor performs local process inspection on the host; it transmits findings (not raw process memory or file contents) to the backend.
• Repository scan findings - repository and connector metadata, file paths, matched vulnerability identifiers (e.g., CVE/CISA/OWASP references), code-pattern matches, and masked evidence snippets surfacing the matched line for triage.
• SaaS application connector findings - metadata and DLP findings drawn from connected applications (e.g., channels, tickets, issues, pages, records, files, and message/document bodies that the connector is authorized to read), reduced to masked samples and fingerprints for display.
• OAuth consent, shadow account, and upload/download signals - metadata about risky OAuth grants, unmanaged accounts, and data-movement events observed by the extension.
• Security events and audit logs - policy evaluations, decisions (allow/block/redact/warn), recommendations, and administrative actions performed in the console.

3.3 Data Loss Prevention (DLP) detections

The DLP engine scans text - for example, content typed into web forms and GenAI prompts, repository files, email content, and SaaS application content - against a catalog of recognizers for credentials, secrets, and sensitive identifiers (including, among others, API keys and cloud tokens, database and basic-auth URLs, private keys, OAuth client secrets, storage connection strings, payment-card data, and personal, employee, customer, or patient identifiers).

DLP evidence is masked by design. The Services emit masked samples and stable fingerprints that allow an Organization to understand the nature and location of a detection without exposing the underlying secret or personal data. The Services are designed not to store raw DLP matches (the unmasked secret or full sensitive value) in SQL, in the document store, in security-event payloads, in connector metrics, or in audit logs. Real-time browser DLP scanning is performed on the user's device, and the extension can redact sensitive input locally before it leaves the browser.

3.4 Public vulnerability intelligence

The Services maintain a vulnerability catalog assembled from public-domain U.S. government feeds (such as CISA KEV, NIST NVD, and MITRE CVE Services). This catalog contains vulnerability metadata only and does not contain Customer personal data.

3.5 Website, product usage, and technical data

• Standard server and network log data (IP address, user-agent, request timestamps, and similar diagnostic information).
• Product usage and operational diagnostics necessary to operate, secure, debug, and improve the Services (for example, error reports, performance metrics, feature-usage counters, and rate-limiting state).
• Cookies and similar technologies as described in Section 11.

3.6 Communications

If you contact us (for example, by email or through a support channel), we collect the content of your communications and related metadata to respond and maintain records.

3.7 Information we do not intentionally collect

• We do not seek to collect raw, unmasked secrets or sensitive content beyond what is strictly necessary to surface a masked finding.
• We do not require, and the Services are not designed to ingest, special categories of data for their own sake; where such data appears, it does so only incidentally within content an Organization directs us to scan, and is reduced to masked findings.
• The Services are not directed to children and are not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. See Section 13.

4. How we use information

We use information for the following purposes:

1. To provide the Services - discovering, inventorying, scoring, and reporting on AI-related security risk; evaluating and enforcing Customer-defined policy; running scheduled and manual scans; and surfacing findings, events, and dashboards in the console.
2. To operate authentication, tenancy, and licensing - authenticating users, enforcing access control and multi-tenant isolation, and managing licenses and entitlements.
3. To secure the Services - detecting, investigating, and preventing fraud, abuse, unauthorized access, and security incidents; enforcing rate limits; and maintaining audit trails.
4. To maintain, debug, and improve the Services - diagnosing errors, monitoring performance, and developing new and improved features and detections.
5. To communicate with you - sending service, security, administrative, and transactional messages, and responding to inquiries.
6. To comply with law - meeting legal, regulatory, tax, accounting, and contractual obligations, and establishing, exercising, or defending legal claims.

Use limitation. When Bounded acts as a processor/service provider, we process Customer data only to provide and support the Services and as otherwise permitted by the applicable agreement and law. We do not sell personal data, and we do not "share" personal data for cross-context behavioral advertising. We do not use Customer content to train generative AI models for unrelated purposes. Any use of aggregated or de-identified data is limited as described in Section 5.

5. Aggregated and de-identified data

We may create and use aggregated, anonymized, or de-identified data - including statistics derived from vulnerability intelligence, risk findings, and product usage - that does not identify any individual or Organization. We may use such data for any lawful business purpose, including operating, securing, benchmarking, and improving the Services and our threat intelligence. Where we de-identify data, we maintain the data in de-identified form and do not attempt to re-identify it except as permitted by law to test the effectiveness of de-identification.

6. Legal bases for processing (EEA/UK and similar jurisdictions)

Where data-protection law requires a legal basis, we rely on the following, as applicable:

• Performance of a contract - to provide the Services to a Customer and its authorized users.
• Legitimate interests - to secure, operate, debug, and improve the Services and to protect our rights and those of our Customers, balanced against individuals' rights and interests. Securing enterprise environments against AI-related risk is a core legitimate interest the Services serve.
• Legal obligation - to comply with applicable law.
• Consent - where required (for example, for certain cookies or optional communications), in which case consent may be withdrawn at any time without affecting prior processing.

Where Bounded processes data as a processor on a Customer's behalf, the Customer is responsible for establishing and maintaining a lawful basis for the processing it directs, for providing required notices to its personnel, and for obtaining any necessary consents.

7. How we share information

We do not sell personal data. We disclose information only as described below:

• Within the Customer's Organization - findings, events, and reports are made available to that Organization's authorized administrators and users according to their roles. Multi-tenant isolation is enforced so that one Organization cannot access another Organization's data.
• Service providers / sub-processors - we use vetted infrastructure and service providers to host and operate the Services (for example, cloud hosting, managed database, authentication, and serverless compute providers). These providers process data on our behalf under contractual confidentiality and security obligations and only as needed to provide their services. Our core infrastructure is operated on Google Cloud / Firebase, including a managed PostgreSQL (Cloud SQL) database located in the me-west1 region.
• Third-party platforms you connect - when an Organization authorizes a connector (e.g., GitHub, GitLab, Slack, Zendesk, Jira, Confluence, Salesforce, Notion, Google Drive), we exchange the data necessary to perform the authorized scan. Those platforms act under their own privacy policies.
• Legal, safety, and compliance - we may disclose information if required by law, regulation, legal process, or governmental request, or where we believe disclosure is reasonably necessary to protect the rights, property, or safety of Bounded, our Customers, users, or the public, or to enforce our agreements.
• Business transfers - if the Bounded Security brand, business, or its assets are involved in a financing, acquisition, merger, reorganization, or sale, information may be transferred as part of that transaction, subject to the receiving party's commitment to honor this Policy or provide comparable protection.
• With your direction or consent - for any other disclosure made at your direction or with your consent.

A current list of sub-processors is available to Customers on request and, where required by a DPA, we will provide advance notice of material changes to sub-processors and an opportunity to object.

8. Connector tokens and credentials

OAuth access and refresh tokens, sensor tokens, and similar credentials are treated as highly sensitive:

• SaaS application connector tokens are encrypted (AES-GCM) before storage and are decrypted only inside our backend scan flows; they are not exposed to the console UI or to other Organizations.
• Sensor tokens are stored only in hashed form server-side; the cleartext token is returned once at activation and stored locally on the device with restricted file permissions.
• Repository connector tokens are stored encrypted and segregated from non-secret connector metadata.

These credentials are used solely to perform the scans the Organization has authorized.

9. Data storage, location, and international transfers

The Services are hosted on Google Cloud Platform / Firebase under the project associated with the Bounded Security brand. The primary managed PostgreSQL database (Cloud SQL via Firebase Data Connect) and related compute are provisioned in the me-west1 region; certain serverless, caching, content-delivery, authentication, and logging components may process data in other regions in which our infrastructure providers operate.

If you access the Services from a jurisdiction different from where our infrastructure is located, your information may be transferred to, stored in, and processed in other countries whose data-protection laws may differ from those of your jurisdiction. Where such transfers are subject to data-protection law, we rely on appropriate safeguards (for example, Standard Contractual Clauses or equivalent mechanisms) as required. Customers requiring specific transfer terms should address them in a DPA.

10. Data retention

We retain information for no longer than is necessary for the purposes described in this Policy, after which it is deleted or de-identified, subject to the exceptions below.

• Account, tenancy, and licensing data - retained for the duration of the Customer relationship and for a reasonable period thereafter as needed for legal, audit, and dispute-resolution purposes.
• Security findings, events, and audit logs - retained while relevant to the Organization's security posture and according to the Organization's configuration and the applicable agreement. The Services store the most recent sensor/finding state and recompute matches from the live vulnerability catalog at render time; superseded sensor/finding state may be overwritten rather than retained indefinitely.
• DLP findings - retained only as masked samples and fingerprints; raw matches are not stored at all (see Section 3.3).
• Connector tokens - retained in encrypted/hashed form only while the connector or sensor is active; revoking or disconnecting a connector or sensor is designed to remove or invalidate the associated credential.
• Vulnerability catalog - refreshed on an ongoing basis from public feeds; older snapshots may be superseded.
• Operational and server logs - retained for a limited period for security, debugging, and capacity purposes, then rotated or deleted.
• Backups - data may persist in encrypted backups for a limited period after deletion from primary systems and is overwritten on the ordinary backup-rotation cycle. Deletion from live systems does not instantaneously purge backups, but backed-up data is not restored except for disaster-recovery purposes and ages out on rotation.

Where Bounded acts as a processor, the Customer may configure retention within the limits the Services provide and may request deletion or return of Customer data on termination as set out in the applicable agreement. We may retain information for longer where required by law or to establish, exercise, or defend legal claims.

11. Cookies and similar technologies

The public website and the console use cookies and similar technologies (such as local and session storage) that are strictly necessary to provide core functionality, including authentication, session management, security, and load balancing. We may also use limited analytics or performance technologies to understand and improve the Services. Where required by law, we obtain consent for non-essential cookies and provide controls to manage them. You can also control cookies through your browser settings; disabling strictly necessary cookies may prevent the Services from functioning.

12. Your rights and choices

Depending on your jurisdiction and your relationship with us, you may have rights to access, correct, update, delete, restrict, or object to certain processing of your personal data, to data portability, and to withdraw consent. You may also have the right to lodge a complaint with a supervisory authority.

How to exercise rights:

• If you are an end user / covered user whose data is processed because your Organization deployed the Services, your rights are generally exercised through your Organization, which controls that data. Please contact your Organization's administrator. We will support our Customers in responding to such requests as required by the applicable agreement and law, and we will refer requests we receive directly to the relevant Customer where appropriate.
• If you are a Customer administrator or website visitor, you may contact us using the details in Section 16.

We will respond to verifiable requests within the timeframes required by applicable law. We may need to verify your identity before acting on a request, and we may decline requests where an exception or legal obligation applies.

For California residents: We do not sell or share personal information as those terms are defined under California law, and we do not use or disclose sensitive personal information for purposes that would require a right to limit. You will not be discriminated against for exercising your privacy rights.

13. Children's privacy

The Services are intended solely for use by businesses and their authorized personnel and are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will take appropriate steps to delete it.

14. Security

We implement administrative, technical, and organizational measures designed to protect information appropriate to its sensitivity, including: encryption of connector credentials at rest (AES-GCM), hashing of sensor tokens, encryption in transit (TLS/HTTPS), strict multi-tenant isolation enforced at the data layer, least-privilege access controls, masked-by-design handling of DLP and finding evidence, rate limiting, and audit logging. The sensor stores its local credential with restricted (0600) file permissions.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for safeguarding your account credentials and for configuring the Services appropriately for your environment. If we become aware of a security incident affecting personal data, we will notify affected Customers and, where required, individuals and regulators, in accordance with applicable law and the applicable agreement.

15. Third-party services and links

The Services integrate with and link to third-party platforms and may contain links to third-party websites. We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy policies. Use of a third-party connector is subject to that platform's terms and the authorization granted by the Organization.

16. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice (for example, through the console or by email to Customer administrators). Changes are effective when posted unless otherwise stated. Your continued use of the Services after an update constitutes acceptance of the revised Policy to the extent permitted by law.

17. Contact us

For questions, requests, or concerns about this Policy or our data practices, contact us at:

• Bounded Security
• Website: https://bounded-security.com
• Platform: https://platform.bounded-security.com
• Contact: contact@bounded-security.com

If you are an end user covered by an Organization's deployment of the Services, please first contact your Organization's administrator, who controls the relevant data.

This document describes the privacy practices of the Bounded Security brand and Services. It is provided for transparency and does not, by itself, create rights or obligations beyond those required by applicable law or agreed in a written contract between Bounded and a Customer.