Legal
Privacy Policy
DRAFT v0.1 · 2026-07-15 · takes effect at public launch · under legal review — changes will be publicWhat we collect
- Account data: your email address, plan, and credit ledger.
- Usage records: endpoint, credits, timestamps, and a salted hash of your IP (we can rate-limit an address without storing it).
- Waitlist: email and the source tag of the link you used.
- Queried identifiers: processed to answer the query; bulk-job inputs and results are retained so you can download them, and deleted on request.
What we don't do
- No sale or sharing of your data or your queries — to anyone, for anything.
- No building of marketable datasets from customer queries.
- No third-party trackers: the site sets no analytics cookies, loads no external scripts, and self-hosts its fonts.
Where it lives
Infrastructure runs on Cloudflare's global network — requests are processed at the edge near you, wherever you are, and primary data stores run on Cloudflare D1 (Asia-Pacific primary region). Transactional email will be delivered via Resend (US) once launched. Those are the only subprocessors; the list stays current on this page, and cross-border transfers are covered by our processors' standard contractual clauses.
Retention and your rights
Account data lives while the account does; usage records are kept for billing integrity; health-probe history is pruned at 90 days. Ask and we'll export or delete what we hold about you — including waitlist entries — within 30 days. We serve users worldwide: Australian Privacy Principles apply as our home regime, and EU/UK users (GDPR), California residents (CCPA/CPRA) and everyone else exercise the same rights by the same channel — one request, no residency quiz.
Contact
privacy@boundstone.io (live at launch; pre-launch, reply to any email we send you).