Last updated: [September 27, 2025]
1. Introduction
This Privacy Policy explains how Bound Technologies Inc. ("Company", "we", "us", "our") collects, uses, processes, and protects your personal information when you use Bound.work ("Service", "Platform").We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.
By using our Service, you consent to the data practices described in this Privacy Policy.
2. Information We Collect
2.1 Personal Information You Provide
We collect personal information you voluntarily provide when you:
- Account Registration: Name, email address, company name, job title
- Business Profile: Company information, industry, value propositions, target markets, competitive positioning
- Ideal Customer Profiles (ICPs): Customer persona definitions, qualification criteria, messaging strategies
- Contact Data: Prospect names, email addresses, job titles, company information you manually enter
- Email Signatures: Custom signatures, logos (stored as base64 encoded images), branding materials
- Email Connections: OAuth tokens for connected email accounts (Gmail, Outlook, IMAP)
- Payment Information: Billing address, payment method details (processed by Stripe)
- Communications: Messages, feedback, support requests, email conversations
2.2 Automatically Collected Information
We automatically collect certain technical information:
- Technical Data: IP address, browser type, device information, operating system
- Usage Data: Pages visited, features used, time spent on platform, click patterns
- Token Usage: AI token consumption per email generation, token balance, transaction history
- Email Activity: Email sending timestamps, delivery status, reply tracking (when applicable)
- Performance Data: Error logs, response times, system performance metrics
- Cookies and Tracking: Session cookies, authentication tokens, preference cookies
2.3 Connected Email Accounts
When you connect your email accounts to our service, we receive:
- OAuth Access Tokens: Secure tokens that allow us to send emails on your behalf (never your password)
- Email Metadata: Sender name, email address, signature information from your connected accounts
- Delivery Status: Information about email sending success/failure for tracking purposes
Important: We never read your existing emails or access your email inbox content. We only use the connection to send emails you generate and approve through our platform.
3. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
- Contractual Necessity: Processing required to provide our services and fulfill our contract with you
- Consent: Where you have given explicit consent for specific processing activities
- Legitimate Interests: For business operations, security, analytics, and service improvement
- Legal Obligation: To comply with applicable laws and regulations
- Vital Interests: To protect the safety and security of our users and platform
4. How We Use Your Information
4.1 Service Delivery
- Create and manage your account and business profiles
- Generate personalized emails using AI (Claude 3.5 Haiku)
- Send emails directly from your connected email accounts
- Manage Ideal Customer Profiles (ICPs) and contact data
- Track token usage and process subscription billing
- Create and store custom email signatures with logos
- Provide email conversation management and reply tracking
- Process payments through Stripe and manage subscriptions
- Deliver customer support and respond to inquiries
- Send transactional emails and service notifications
4.2 Service Improvement and Analytics
- Analyze usage patterns to improve our platform
- Develop new features and optimize existing ones
- Conduct research and analytics for business insights
- Monitor platform performance and troubleshoot issues
4.3 Security and Compliance
- Protect against fraud, abuse, and security threats
- Enforce our Terms of Service and policies
- Comply with legal obligations and regulatory requirements
- Conduct security monitoring and incident response
4.4 Marketing (With Consent)
- Send product updates and feature announcements
- Share educational content and best practices
- Conduct surveys and collect feedback
- Provide personalized recommendations
5. Data Sharing and Disclosure
5.1 Service Providers
We share data with trusted third-party service providers who help us operate our business:
- Cloud Infrastructure: DigitalOcean (hosting), Supabase (database and authentication)AI Processing: Anthropic (Claude 3.5 Haiku for email generation)
- Email Services: Nylas (email connectivity and sending via your connected accounts)
- Payment Processing: Stripe (subscription billing and payment processing)
- Authentication: Google (OAuth for account connection and user authentication)
Note: We do not use data enrichment services like Clearbit or ZoomInfo. All contact data is manually entered by you or imported with your explicit consent.
5.2 Legal Requirements
We may disclose personal information when required by law, court order, or government request, or when necessary to protect our rights, property, or safety.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the business transaction.
6. International Data Transfers
Your personal information may be processed and stored in countries outside your residence, including the United States. We implement appropriate safeguards to protect your data during international transfers, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions for certain jurisdictions
- Other legally recognized transfer mechanisms
7. Data Security
We implement comprehensive security measures to protect your personal information:
- Encryption: Data encrypted in transit and at rest using industry-standard protocols
- Access Controls: Role-based access controls and multi-factor authentication
- Network Security: Firewalls, intrusion detection systems, and regular security assessments
- Employee Training: Regular privacy and security training for all staff
- Third-Party Security: Due diligence and contractual security requirements for vendors
8. Data Retention
We retain personal information for as long as necessary to:
- Provide our services and maintain your account
- Comply with legal and regulatory obligations
- Resolve disputes and enforce our agreements
- Improve our services and conduct analytics
Generally, we retain account data for the duration of your subscription plus 3 years for business records. Analytics data is typically retained for 2 years in aggregated form.
9. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information:
9.1 GDPR Rights (EU Residents)
- Access: Request access to your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your personal data
- Restriction: Limit how we process your data
- Portability: Receive your data in a portable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent for consent-based processing9.2 CCPA Rights (California Residents)
- Know: Know what personal information is collected and how it's used
- Delete: Request deletion of personal information
- Opt-Out: Opt-out of the sale of personal information (we don't sell data)
- Non-Discrimination: Not be discriminated against for exercising these rights
9.3 How to Exercise Your Rights
To exercise your privacy rights, contact us at privacy@bound.work or use the privacy controls in your account settings. We will respond to requests within the timeframes required by applicable law.
10. Cookies and Tracking Technologies
We use cookies and similar technologies for:
- Essential Cookies: Required for basic platform functionality
- Analytics Cookies: To understand how users interact with our platform
- Preference Cookies: To remember your settings and preferences
- Security Cookies: To protect against fraud and security threats
You can manage cookie preferences through your browser settings, but disabling certain cookies may affect platform functionality.
11. Children's Privacy
Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.
12. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes via email or through our platform and update the "Last Updated" date at the top of this policy.
13. Contact Information
If you have questions about this Privacy Policy or our data practices, please contact us:
Data Protection Officer
Bound Technologies Inc.
Email: privacy@bound.work
Website: https://bound.work/privacyEU Representative
If you are in the European Union and have concerns about our data practices, you may also contact your local data protection authority.