Our Commitment to GDPR
ZeroBounce AI is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Union. This page outlines how we meet GDPR requirements and respect your data protection rights.
Legal Basis for Processing
We process personal data under the following legal bases:
Contract Performance
- Processing necessary to provide our email verification services
- Managing your account and billing
- Delivering customer support
Legitimate Interests
- Improving our AI algorithms and services
- Detecting and preventing fraud
- Ensuring network and information security
- Analytics and service optimization
Consent
- Marketing communications (you can opt-out anytime)
- Non-essential cookies
Legal Obligation
- Compliance with tax and accounting regulations
- Responding to lawful requests from authorities
Your GDPR Rights
As a data subject under GDPR, you have the following rights:
Right to Access
You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format.
Right to Rectification
You can request correction of inaccurate or incomplete personal data. You can update most information directly in your account settings.
Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data when:
- The data is no longer necessary for the purposes it was collected
- You withdraw consent (where consent was the legal basis)
- You object to processing and there are no overriding legitimate grounds
- The data was unlawfully processed
Right to Restriction of Processing
You can request that we limit how we use your data in certain circumstances, such as when you contest the accuracy of the data.
Right to Data Portability
You can request your data in a portable format and have it transmitted to another controller where technically feasible.
Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.
Rights Related to Automated Decision-Making
While our AI processes email addresses, we do not make automated decisions that significantly affect you. Our AI provides verification results that you can choose to act upon.
How to Exercise Your Rights
To exercise any of your GDPR rights:
We will respond to your request within 30 days. If we need more time, we will inform you and explain why.
Data Processing Details
What Data We Collect
- Account Data: Name, email, company name, billing address
- Verification Data: Email addresses submitted for verification (processed temporarily)
- Usage Data: API calls, feature usage, timestamps
- Technical Data: IP address, browser type, device information
How Long We Keep Data
- Account Data: While account is active + 90 days after deletion
- Verification Data: Not stored permanently (processed in real-time)
- Billing Records: 7 years (legal requirement)
- Usage Logs: 12 months
Where We Store Data
- Primary servers located in EU-compliant data centers
- Backups stored in encrypted, geographically distributed locations
- All international transfers protected by Standard Contractual Clauses (SCCs)
International Data Transfers
When we transfer personal data outside the EEA, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs): EU-approved contracts with data processors
- Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
- Additional Safeguards: Encryption, access controls, and security measures
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee GDPR compliance:
- Email: dpo@zerobounceai.com
- Role: Monitoring compliance, advising on data protection, and serving as contact point
Data Processing Agreements
If you are a controller using our services to process personal data, we act as your data processor. We offer Data Processing Agreements (DPAs) that include:
- Description of processing activities
- Security measures and safeguards
- Sub-processor information
- Data subject rights assistance
- Data breach notification procedures
- Audit rights
Enterprise customers can request a DPA by contacting legal@zerobounceai.com
Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms:
- We will notify the relevant supervisory authority within 72 hours
- We will notify affected individuals without undue delay
- Notification will include nature of breach, likely consequences, and mitigation measures
Cookies and Tracking
We use cookies in compliance with GDPR requirements:
- Essential Cookies: No consent required (necessary for service functionality)
- Analytics Cookies: Consent requested via cookie banner
- Marketing Cookies: Consent requested via cookie banner
You can manage cookie preferences in your browser settings or through our cookie consent tool.
Children's Privacy
Our services are not directed at children under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe we have violated GDPR. You can contact your local data protection authority or:
GDPR Compliance Measures
We maintain GDPR compliance through:
- Privacy by Design: Data protection built into all systems and processes
- Privacy by Default: Strictest privacy settings applied by default
- Data Minimization: Only collecting necessary data
- Regular Audits: Quarterly GDPR compliance reviews
- Staff Training: All employees trained on GDPR requirements
- Documentation: Comprehensive records of processing activities
- Impact Assessments: DPIAs conducted for high-risk processing
Updates to This Page
We may update this GDPR compliance page to reflect changes in our practices or legal requirements. Material changes will be communicated via email or prominent notice on our website.
Contact Us
For GDPR-related questions or requests: