Privacy Policy | bndries

What we collect

Beta Waitlist (right now):

• Your email address when you join the waitlist
• The date you signed up

When you use bndries (after beta launch):

• Your account email address
• The boundaries you set (what privacy practices you care about and your comfort level with each)
• The services you choose to analyze or monitor
• Your notification preferences and account settings

We do NOT collect:

• Your browsing history outside of bndries
• Personal information from the services you monitor (we only analyze their publicly available policies)
• Your passwords or login credentials for other services (we analyze public policies only, we never access your accounts)
• Any data unrelated to how you use bndries

How we use your data

Waitlist emails:

We use your email to send you updates about beta access, launch announcements, and important product updates. We won't spam you or share your email with anyone.

Product functionality:

We use the boundaries you set to analyze privacy policies and show you which services cross your lines. We analyze publicly available privacy policies and terms of service—we never access your accounts or personal data from other services. We store your boundaries and monitoring preferences so they're saved for your next visit.

Service improvement:

We analyze how people use bndries to improve our policy analysis accuracy and make the product better. This is done with aggregated, anonymized data.

Legal basis for processing (GDPR Article 6):

Waitlist emails: Consent (Article 6(1)(a)) - You provide explicit consent when you sign up for the waitlist

Service delivery: Contract performance (Article 6(1)(b)) - Processing necessary to provide you with privacy monitoring services

Analytics & improvements: Legitimate interests (Article 6(1)(f)) - We have a legitimate interest in improving our service, balanced against your privacy rights through anonymization

Who we share your data with

Short answer: Nobody. We don't sell, rent, or share your personal data with third parties.

Service providers we use:

We work with a few trusted services that process data on our behalf. They're contractually obligated to protect your data and can't use it for their own purposes.

Brevo

Email marketing platform that sends waitlist updates, beta invitations, product announcements, and privacy alerts. Your email is stored on Brevo's servers (located in the EU and US). You can unsubscribe from our emails anytime using the link in any email we send.

Plausible Analytics

Privacy-friendly website analytics that helps us understand how people use our site. Plausible doesn't use cookies, doesn't collect personal data, and is fully GDPR compliant.

After beta launch:

We'll add database hosting and infrastructure services. When we do, we'll update this policy with details about those providers and notify you at least 30 days before adding any new service provider.

Legal requirements:

We may disclose your information if required by law or to protect our rights, but we'll notify you unless legally prohibited from doing so.

Where your data is stored

Your data is stored on servers in the United States and, in the case of Brevo, also in the European Union. All data is encrypted in transit and at rest.

For international users:

If you're located in the EU, UK, or other regions with data protection laws (like GDPR), you have specific rights including access, correction, deletion, data portability, and the right to object to processing. Contact us at privacy@bndries.com to exercise these rights.

How long we keep your data

Waitlist emails:

We keep your email until you unsubscribe or until 6 months after beta launches (if you don't create an account). You can request deletion anytime.

Account data:

We keep your boundaries, preferences, and account information as long as your account is active. If you delete your account, we permanently delete all your personal data within 30 days.

Privacy policy analyses:

We store our interpretations of privacy policies indefinitely to track changes over time and serve results to all users. These analyses don't contain your personal data.

Inactive accounts:

If you don't log in for 1 year, we'll send you an email asking if you want to keep your account. If we don't hear back within 30 days, we'll delete your account and data.

Email communications

What we'll email you:

• Beta access invitations and onboarding guides
• Alerts when services cross your boundaries (only after you set up monitoring)
• Important product updates or changes to this privacy policy
• Occasional updates about new features (you can opt out of these)

Unsubscribe anytime:

Every email includes an unsubscribe link. You'll stop receiving marketing emails immediately (we'll still send critical account-related emails if you're a user, like password resets).

Cookies and tracking

We don't use cookies for tracking or advertising. Here's what we do use:

Essential cookies:

After beta launch, we'll use a session cookie to keep you logged in. This is deleted when you close your browser.

Analytics:

Plausible Analytics doesn't use cookies at all. It collects anonymous usage data without identifying individual users.

No third-party tracking:

We don't use Google Analytics, Facebook Pixel, or any other tracking tools that follow you around the web.

Your rights and choices

You have the right to:

Access your data: Request a copy of all data we have about you
Correct your data: Update any inaccurate information
Delete your data: Request complete deletion of your account and data
Export your data: Download your boundaries and settings in a portable format
Unsubscribe: Stop receiving emails anytime (click the link in any email)
Object to processing: Ask us to stop processing your data for specific purposes

To exercise any of these rights, email privacy@bndries.com. We'll respond within 48 hours for most requests, or within 30 days for more complex requests (as required by GDPR).

Security

We take security seriously. All data is encrypted in transit (using HTTPS) and at rest. We use industry-standard security practices and regularly review our security measures. However, no method of transmission over the internet is 100% secure, so we can't guarantee absolute security.

Children's privacy

bndries is not intended for users under 13. We don't knowingly collect data from children. If you believe a child has provided us with personal information, please contact us and we'll delete it immediately.

Important Disclaimers

Not Legal Advice

bndries does not provide legal advice. We are not lawyers, and nothing in our Service should be construed as legal advice or a substitute for consultation with a qualified attorney. If you need legal advice regarding privacy policies or data protection, please consult with a licensed attorney.

Personal Preferences, Not Legal Standards

The "boundaries" you set in bndries are your personal privacy preferences. When we notify you that a privacy policy change has "crossed your boundaries," this means the policy changed in a way that conflicts with your stated preferences—it does not mean a legal violation has occurred or that the company is breaking any laws. Privacy policy changes can be perfectly legal while still being something you personally disagree with.

Jurisdiction

bndries is operated from Texas, United States. This Privacy Policy is governed by and construed in accordance with the laws of the State of Texas. For more information about dispute resolution and governing law, please see our Terms of Service.

Changes to this policy

We may update this privacy policy as bndries evolves. When we make changes, we'll update the "Last updated" date at the top. For significant changes, we'll email you at least 30 days before they take effect. Your continued use of bndries after changes go into effect means you accept the updated policy.