Privacy Policy

We collect the minimum personal data needed to operate the service: account identifiers (name, email, workspace), authentication metadata, and product telemetry necessary for security, billing, and uptime.

Customer model artifacts, datasets, and inference payloads are processed under your instruction. We do not use them to train Rebound models without explicit, written consent.

We use personal data to provision and operate the service, secure it against abuse, comply with legal obligations, and communicate about your account. Aggregated, de-identified telemetry may be used to improve the platform.

We share personal data only with subprocessors under written DPAs (cloud infrastructure, billing, observability) and only as needed. The current subprocessor list is published and updated at least 30 days before any material change.

Pulse and Command tenants can pin data residency to us-east-1, eu-west-1, or uk-south-1. Fortress customers operate in their own enclaves; we never see the data.

Under GDPR, UK GDPR, and CCPA you have rights of access, rectification, erasure, restriction, and portability. Send requests to privacy@Rebound.ai and we will respond within 30 days.

Account data is retained for the life of the contract plus 90 days. Audit ledger entries are retained per the customer's compliance posture (default: 7 years for regulated tiers).

Data Protection Officer · dpo@Rebound.ai · Rebound AI, Inc., New York, NY · EU representative on file in Munich.