Bounded Security

Bounded Security Terms of Service

Last updated: May 30, 2026
Effective date: May 30, 2026

These Terms of Service ("Terms") govern access to and use of the Bounded Security ("Bounded," "we," "us," or "our") AI-security platform, including the website at bounded-security.com, the security console at platform.bounded-security.com, the Bounded browser extension, the Bounded desktop sensor, the Bounded backend services, and any related applications, APIs, integrations, connectors, documentation, and binaries (collectively, the "Services").

By accessing, installing, or using the Services - or by clicking "I agree," accepting an invitation, activating a sensor, deploying the extension, or otherwise indicating assent - you ("you," "Customer," or "Organization") agree to be bound by these Terms. If you are entering into these Terms on behalf of an organization, you represent that you have authority to bind that organization, and "you" refers to that organization. If you do not agree, do not access or use the Services.

Brand notice. "Bounded Security" is a product and brand name. As of the effective date of these Terms, Bounded Security is operated as an unincorporated venture and is not a registered legal entity. References to "Bounded," "we," "us," or "our" refer to the operators of the Bounded Security brand and the Services. Nothing in these Terms shall be construed as a representation that any specific corporate entity exists. These Terms will be updated to identify the operating legal entity if and when one is formed, and any such entity shall be entitled to all rights, releases, disclaimers, and limitations set out herein.

1. The Services

Bounded provides a software-as-a-service security product that discovers, monitors, scores, and helps enforce policy over AI-related assets - including browser extensions, desktop AI agents, MCP servers, code dependencies and repositories, and connected SaaS applications - operating within a Customer's environment. The Services include risk scoring, vulnerability matching against public intelligence feeds, data-loss-prevention (DLP) detection, findings, dashboards, reporting, and related administrative tooling.

The Services are an informational and risk-management tool only. They assist with - but do not guarantee - the detection, prevention, or remediation of security risks. You remain solely responsible for your own security program, decisions, and outcomes. See Sections 9 and 10.

We may add, modify, suspend, or discontinue any feature, component, or portion of the Services at any time, with or without notice. We are not liable to you or any third party for any modification, suspension, or discontinuation of the Services.

2. Eligibility and accounts

The Services are intended solely for use by businesses and their authorized personnel, and only by individuals aged 16 or older. You must provide accurate registration and licensing information and keep it current.

You are responsible for: (a) all activity occurring under your accounts, licenses, sensors, connectors, and API credentials; (b) maintaining the confidentiality and security of all credentials, tokens, activation codes, and license keys; and (c) promptly notifying us of any unauthorized use or suspected compromise. We are not liable for any loss or damage arising from your failure to safeguard credentials or from any unauthorized use of your accounts.

3. Licenses, ordering, and term

Access to the Services is provisioned through license keys, assignments, plans, seats, or order forms ("Orders"). Subject to your compliance with these Terms and payment of any applicable fees, Bounded grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable right to access and use the Services during the applicable subscription term solely for your internal business security purposes.

Unless an Order states otherwise, subscription terms and seat counts are as configured in the console or the applicable Order. Free, trial, beta, evaluation, or preview access may be provided at our discretion and may be modified or terminated at any time. Where the Services are provided without charge, they are provided strictly "as is" with no commitments of any kind.

4. Acceptable use

You agree that you will not, and will not permit any user or third party to:

  1. use the Services other than for lawful, authorized security and risk-management purposes within an environment you own or are expressly authorized to monitor;
  2. deploy sensors, the extension, connectors, or scanning on any device, account, system, repository, or network without proper authorization and all legally required notices and consents;
  3. access or attempt to access any data, organization, or tenant other than your own, or circumvent or probe multi-tenant isolation, authentication, rate limits, or other security or access controls;
  4. reverse engineer, decompile, disassemble, or attempt to derive source code from the Services, except to the limited extent such restriction is prohibited by applicable law;
  5. copy, modify, distribute, sell, resell, sublicense, lease, or create derivative works of the Services, or use the Services to build or train a competing product or service;
  6. introduce malware, conduct denial-of-service attacks, or otherwise interfere with or disrupt the integrity, security, or performance of the Services or any underlying infrastructure;
  7. use the Services in violation of any applicable law, regulation, export control, sanctions regime, or third-party right, or in any manner that exceeds the rights granted in these Terms;
  8. submit to the Services any data you are not authorized to submit, or any data whose collection, processing, or transmission would violate applicable law or any agreement to which you are subject;
  9. misrepresent findings, risk scores, or outputs of the Services to any third party as warranties or certifications by Bounded; or
  10. remove, obscure, or alter any proprietary notices in the Services.

We may investigate suspected violations and may suspend or terminate access immediately to protect the Services, our users, or third parties. You are responsible for your users' compliance with these Terms.

5. Customer responsibilities; authorization to monitor

You acknowledge that the Services perform process inspection, inventory, scanning, and DLP detection on devices, browsers, repositories, and connected applications that you direct them to monitor. You are solely responsible for: (a) obtaining all rights, authorizations, consents, and approvals, and providing all notices, required under applicable law (including employment, privacy, surveillance, wiretapping, and data-protection laws) before deploying or operating the Services in any environment; (b) configuring the Services, policies, retention windows, and connectors appropriately for your legal and operational requirements; and (c) your decisions and actions taken in response to findings.

You represent and warrant that you have, and will maintain, all such rights and authorizations. You will defend, indemnify, and hold harmless Bounded from and against any claim, demand, loss, liability, fine, penalty, cost, or expense (including reasonable legal fees) arising out of or related to (i) your deployment, configuration, or use of the Services; (ii) your data or content; (iii) your violation of these Terms or applicable law; or (iv) any claim by your personnel, customers, or any third party relating to your monitoring, scanning, or data processing.

6. Customer data and content

"Customer Data" means data and content submitted to, collected by, or generated through the Services on your behalf, including findings, events, telemetry, configurations, and connector data. As between the parties, you retain all rights in Customer Data. You grant Bounded a worldwide, non-exclusive license to host, process, transmit, display, and otherwise use Customer Data as necessary to provide, secure, maintain, and improve the Services and as otherwise permitted in the Privacy Policy.

You are solely responsible for the accuracy, quality, legality, and your right to use Customer Data. Our handling of personal data is described in the Privacy Policy (available at bounded-security.com/privacy-policy/), which is incorporated into these Terms by reference. Where Bounded processes personal data on your behalf, it does so as a processor/service provider subject to the Privacy Policy and any applicable data processing agreement.

We may collect, generate, and use aggregated, anonymized, or de-identified data derived from operation of the Services (including statistical and threat-intelligence data) for any lawful business purpose, provided it does not identify you or any individual.

7. Third-party services, connectors, and intelligence feeds

The Services integrate with third-party platforms (for example, GitHub, GitLab, Slack, Zendesk, Jira, Confluence, Salesforce, Notion, and Google Drive) and ingest public vulnerability intelligence (for example, CISA, NIST NVD, and MITRE feeds). Your use of any third-party platform is governed by that third party's own terms and policies, and you are responsible for complying with them and for any authorizations you grant.

Bounded does not control and is not responsible for third-party platforms, their availability, or the accuracy, completeness, timeliness, or fitness of any third-party data or intelligence feed. Vulnerability matches, risk scores, and DLP detections are derived from such sources and from heuristic logic and may contain false positives, false negatives, errors, or omissions. You must independently verify findings before relying on them.

8. Intellectual property; feedback

The Services, including all software, models, scanners, catalogs, scoring logic, designs, documentation, and all related intellectual property, are and remain the exclusive property of Bounded and its licensors. Except for the limited rights expressly granted in these Terms, no rights are granted to you, by implication, estoppel, or otherwise. All rights not expressly granted are reserved.

If you provide suggestions, ideas, or feedback regarding the Services, you grant Bounded a perpetual, irrevocable, worldwide, royalty-free, fully sublicensable license to use and exploit such feedback for any purpose without any obligation or compensation to you.

9. Disclaimers

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE," WITH ALL FAULTS AND WITHOUT WARRANTY OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY LAW, BOUNDED AND ITS OPERATORS, SUPPLIERS, AND LICENSORS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE.

WITHOUT LIMITING THE FOREGOING, BOUNDED DOES NOT WARRANT THAT: (a) THE SERVICES WILL BE UNINTERRUPTED, SECURE, ERROR-FREE, OR FREE OF HARMFUL COMPONENTS; (b) ANY FINDING, RISK SCORE, VULNERABILITY MATCH, OR DLP DETECTION WILL BE ACCURATE, COMPLETE, TIMELY, OR FREE OF FALSE POSITIVES OR FALSE NEGATIVES; (c) THE SERVICES WILL DETECT, PREVENT, OR REMEDIATE ANY PARTICULAR THREAT, VULNERABILITY, BREACH, DATA LOSS, OR SECURITY INCIDENT; OR (d) ANY ERRORS WILL BE CORRECTED.

THE SERVICES ARE A RISK-MANAGEMENT AID AND ARE NOT A SUBSTITUTE FOR YOUR OWN SECURITY PROGRAM, JUDGMENT, OR PROFESSIONAL ADVICE. YOU ASSUME ALL RISK ARISING FROM YOUR USE OF, OR RELIANCE ON, THE SERVICES AND THEIR OUTPUTS. Some jurisdictions do not allow the exclusion of certain warranties; in such cases, the above exclusions apply to the fullest extent permitted by law.

10. Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

(a) IN NO EVENT WILL BOUNDED OR ITS OPERATORS, SUPPLIERS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, GOODWILL, BUSINESS, DATA, OR SECURITY, OR FOR ANY COST OF SUBSTITUTE PRODUCTS OR SERVICES, OR FOR ANY DAMAGES ARISING FROM A SECURITY INCIDENT, BREACH, DATA LOSS, UNDETECTED VULNERABILITY, FALSE POSITIVE, OR FALSE NEGATIVE, IN EACH CASE WHETHER BASED ON CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER THEORY, AND EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

(b) THE TOTAL AGGREGATE LIABILITY OF BOUNDED AND ITS OPERATORS, SUPPLIERS, AND LICENSORS ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICES WILL NOT EXCEED THE GREATER OF (i) THE TOTAL AMOUNTS YOU ACTUALLY PAID TO BOUNDED FOR THE SERVICES IN THE THREE (3) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR (ii) ONE HUNDRED U.S. DOLLARS (US$100). WHERE THE SERVICES ARE PROVIDED WITHOUT CHARGE, BOUNDED'S TOTAL LIABILITY WILL NOT EXCEED US$100.

(c) THE LIMITATIONS AND EXCLUSIONS IN THIS SECTION APPLY REGARDLESS OF WHETHER ANY LIMITED REMEDY FAILS OF ITS ESSENTIAL PURPOSE, AND ARE A FUNDAMENTAL BASIS OF THE BARGAIN BETWEEN THE PARTIES. THESE LIMITATIONS APPLY IN THE AGGREGATE, NOT PER INCIDENT. Some jurisdictions do not allow certain limitations; in such cases, liability is limited to the maximum extent permitted by law.

11. Indemnification

You will defend, indemnify, and hold harmless Bounded and its operators, personnel, suppliers, and licensors from and against any and all third-party claims, demands, suits, proceedings, and all resulting losses, damages, liabilities, fines, penalties, settlements, costs, and expenses (including reasonable attorneys' fees) arising out of or related to: (a) your use or misuse of the Services; (b) Customer Data or your content; (c) your deployment, configuration, monitoring, or scanning activities, including any failure to obtain required authorizations, consents, or notices; (d) your violation of these Terms, the Acceptable Use restrictions, or applicable law; or (e) your infringement or misappropriation of any third-party right. Bounded may participate in the defense with counsel of its choice at its own expense, and you will not settle any claim in a manner that imposes any obligation or admission on Bounded without its prior written consent.

12. Suspension and termination

We may suspend or terminate your access to the Services, in whole or in part, immediately and without liability, if: (a) you breach these Terms or the Acceptable Use restrictions; (b) your use poses a security, legal, or operational risk to the Services, us, or any third party; (c) required by law or a third-party provider; or (d) any fees are overdue.

You may stop using the Services at any time. Upon termination or expiration: (i) all rights and licenses granted to you cease; (ii) you must cease all use of the Services and uninstall the extension and sensors; and (iii) we may delete or de-identify Customer Data in accordance with the Privacy Policy and our retention practices, except as required by law. Sections that by their nature should survive termination (including Sections 5, 6, 8, 9, 10, 11, 13, and 14) survive.

13. Governing law and dispute resolution

These Terms are governed by the laws applicable to commercial agreements without regard to conflict-of-laws principles, and excluding the U.N. Convention on Contracts for the International Sale of Goods. To the extent a specific governing law and venue are agreed in an Order, those control; otherwise, the parties submit to the exclusive jurisdiction of the courts of competent jurisdiction at Bounded's principal place of operation, and you consent to personal jurisdiction there.

Informal resolution first. Before bringing any formal claim, you agree to contact us at contact@bounded-security.com and attempt in good faith to resolve the dispute for at least thirty (30) days.

Time limit. To the extent permitted by law, any claim arising out of or relating to the Services or these Terms must be brought within one (1) year after the claim accrues, or it is permanently barred.

Class-action waiver. To the extent permitted by law, disputes will be resolved only on an individual basis, and you waive any right to participate in a class, collective, or representative action.

14. Changes to these Terms

We may modify these Terms from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice (for example, through the console or by email to administrators). Changes are effective when posted unless otherwise stated. Your continued access to or use of the Services after changes take effect constitutes acceptance of the revised Terms. If you do not agree to the revised Terms, you must stop using the Services.

15. General

16. Contact us

These Terms describe the conditions of use for the Bounded Security brand and Services. To the maximum extent permitted by law, the Services are provided without warranty and Bounded's liability is limited as set out above.