Last updated: May 27, 2026
Privacy Policy
This Privacy Policy describes how bondingAI collects, uses, discloses, and safeguards personal information when you visit bondingai.io or interact with our services. bondingAI is committed to protecting your privacy and handling personal data with transparency and care.
Information We Collect
a. Personal Information
bondingAI may collect the following personal information you voluntarily provide:
- Name
- Email address
- Phone number
- Company name
- Any information you voluntarily submit via forms or direct communications
b. Automatically Collected Information
- IP address
- Browser type and version
- Device information and operating system
- Pages visited, session duration, and navigation patterns
- Cookies and similar tracking technologies
How We Use Your Information
bondingAI uses the information it collects for the following purposes:
- Provide, operate, and maintain our services and platform
- Improve website performance and user experience
- Communicate with you, including marketing communications where you have provided consent or where permitted by applicable law
- Respond to inquiries and customer support requests
- Comply with applicable legal obligations
- Analyze usage patterns to inform product development and service improvements
AI and Automated Processing
bondingAI is an AI operating system company. The following disclosures apply specifically to how personal and enterprise data interacts with our AI platform:
Model training
bondingAI does not use website visitor data, inquiry data, or enterprise customer data to train, fine-tune, or improve foundational AI models without explicit consent. Enterprise customers govern their own data under the terms of their executed Data Processing Agreement.
Automated decision-making
bondingAI's platform may perform automated processing of data in connection with services delivered to enterprise customers. Where automated processing produces decisions with legal or significant effects on individuals, those individuals retain rights under applicable law, including the right to request human review under GDPR Article 22.
Data isolation
Enterprise customer data is logically isolated within the bondingAI platform. Customer data is not shared across tenant environments or commingled with other customers' data.
Cookies and Tracking Technologies
bondingAI uses cookies and similar technologies to operate and improve our website. The following categories of cookies are in use:
Strictly Necessary
Required for core website functionality. These cannot be disabled.
Functional
Enable enhanced functionality and personalization. Disabling these may affect user experience.
Analytics / Performance
Allow bondingAI to understand how visitors interact with the website. Data collected is aggregated and does not identify individual visitors. Activated based on your consent or our legitimate interest, depending on applicable law.
Marketing / Targeting
Used to deliver relevant content and measure campaign effectiveness. Only activated with your explicit consent where required by law.
You can manage cookie preferences through your browser settings or through the cookie consent banner available on our website. Withdrawing consent does not affect the lawfulness of processing carried out prior to withdrawal.
Sharing of Information
bondingAI may share personal information with the following categories of recipients:
- Service providers (including hosting, analytics, and CRM platforms)
- Legal authorities, where required by applicable law or valid legal process
- Business partners, only to the extent necessary to deliver contracted services
bondingAI does not sell, rent, or trade personal information to third parties for monetary or other valuable consideration. This commitment applies unconditionally.
Your Privacy Rights – U.S. Residents (All Applicable States)
Depending on your state of residence, you may have rights under applicable state privacy law, including the CCPA/CPRA, VCDPA, CPA, TDPSA, CTDPA, and other applicable state frameworks. These rights may include:
- Request access to the personal data bondingAI holds about you
- Request correction of inaccurate personal data
- Request deletion of your personal data, subject to applicable exceptions
- Request a portable copy of your personal data
- Opt out of the sale or sharing of personal data (bondingAI does not sell personal data)
- Opt out of targeted advertising or profiling in furtherance of decisions with legal or similarly significant effects, where applicable
To exercise any of these rights, contact us at privacy@bondingai.io. bondingAI will respond within the timeframe required by applicable state law and will not discriminate against you for exercising any privacy right.
GDPR and International Privacy Rights
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) or equivalent legislation applies to the processing of your personal data.
Lawful Basis for Processing
- Legitimate interests: Website analytics, security monitoring, and fraud prevention
- Consent: Marketing communications and non-essential cookies
- Contract performance: Processing necessary to respond to inquiries or deliver contracted services
- Legal obligation: Processing required to comply with applicable law or regulatory requirements
Data Subject Rights (GDPR Articles 15–22)
- Access your personal data (Article 15)
- Rectify inaccurate personal data (Article 16)
- Request erasure of personal data, where grounds apply (Article 17)
- Restrict processing in defined circumstances (Article 18)
- Receive your data in a portable format (Article 20)
- Object to processing based on legitimate interests (Article 21)
- Request human review of decisions made solely by automated processing (Article 22)
You have the right to lodge a complaint with the supervisory authority in your country of residence. To exercise any GDPR right, contact: privacy@bondingai.io. bondingAI will respond within 30 days of receiving a verifiable request.
International Data Transfers
bondingAI is headquartered in the United States. If you access our website or services from outside the United States, your personal data may be transferred to and processed in the United States or other countries where bondingAI or its service providers operate.
For transfers from the EEA, UK, or Switzerland to the United States, bondingAI relies on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms recognized under applicable data protection law. Enterprise customers may request a copy of applicable transfer mechanisms at privacy@bondingai.io.
Data Security
bondingAI adopts commercially reasonable technical, administrative, organizational, and security measures designed to protect personal data against unauthorized access, disclosure, alteration, misuse, or destruction.
Security practices include access controls, authentication measures, encryption mechanisms, monitoring systems, internal governance processes, vendor assessments, and other compatible safeguards. bondingAI is actively pursuing formal security attestation. Enterprise customers may request information about bondingAI's security program at privacy@bondingai.io.
Although bondingAI seeks to apply industry-appropriate security standards, no method of electronic transmission or storage is completely secure.
Data Breach Notification
In the event of a confirmed personal data breach that is likely to result in risk to the rights and freedoms of individuals, bondingAI will:
- Notify affected individuals within the timeframe required by applicable law
- Notify the relevant supervisory authority within 72 hours of confirmed awareness, where required under GDPR or equivalent legislation
- Notify enterprise customers in accordance with the timelines specified in their executed Data Processing Agreement
Notification will be delivered via email to the address on record, or via prominent notice on the bondingAI website where direct notification is not practicable.
Data Retention
bondingAI retains personal information only for as long as necessary to fulfill the purposes for which it was collected, support legitimate business operations, comply with contractual obligations, and satisfy applicable legal requirements. The following retention schedule applies as a general framework:
- Website inquiries and contact form submissions: up to 2 years after the last interaction
- Website analytics and usage data: up to 13 months, consistent with standard analytics platform defaults
- Contractual and customer relationship records: for the duration of the customer relationship and for an additional period not to exceed 7 years
- Marketing communication and consent records: for the duration of the relationship or until consent is withdrawn
Enterprise customer data is retained and deleted in accordance with the timelines specified in the executed Data Processing Agreement. Where no DPA-specific timeline exists, enterprise customer data is deleted or returned within 90 days of contract termination, unless a longer period is required by applicable law.
Individuals may request deletion of personal data by contacting privacy@bondingai.io, subject to applicable legal exceptions.
Enterprise Customer Data and Data Processing Agreements
bondingAI provides AI operating system services to enterprise customers. In the course of delivering those services, bondingAI may process personal data belonging to enterprise customers' employees, end users, or other individuals in its capacity as a data processor.
The processing of enterprise customer data is governed by the Data Processing Agreement (DPA) executed between bondingAI and each enterprise customer. The DPA addresses:
- Scope and purpose of processing
- Sub-processor lists and notification obligations
- Security requirements and audit rights
- Breach notification timelines specific to the customer engagement
- Data deletion and return obligations upon contract termination
Enterprise customers who require a Data Processing Agreement should contact: privacy@bondingai.io.
Third-Party Links
The bondingAI website may contain links to third-party websites. bondingAI is not responsible for the privacy practices or content of those sites. Visitors should review the privacy policies of any third-party sites they access.
Children's Privacy
bondingAI services are not intended for individuals under 18 years of age. bondingAI does not knowingly collect personal information from children under 13 years of age as defined under COPPA, or from individuals under the applicable age threshold in their jurisdiction. If bondingAI becomes aware that personal information has been collected from a child without verifiable parental consent, that information will be deleted promptly.
Changes to This Privacy Policy
bondingAI may update this Privacy Policy from time to time as legal requirements evolve or our services change. Updates will be posted on this page with a revised "Last Updated" date. For material changes, bondingAI will provide notice through the website or via email where required by applicable law. Continued use of the bondingAI website following the posting of changes constitutes acceptance of those changes.
Contact Us
For questions, requests, or concerns regarding this Privacy Policy or bondingAI's data practices, contact us at:
bondingAI Privacy
privacy@bondingai.ioEnterprise customers with data processing questions should reference their executed Data Processing Agreement or contact their account representative directly.
