← Back to Home

Privacy Policy

Last updated: 2026-02-23

This Privacy Policy explains how personal data is processed when using our online services.

I. Basic Information

This Privacy Policy provides information about the processing of personal data when using our online presence. It applies to our website and our profiles in social networks.

Personal data means all data that can be related to you personally, such as your name, email address, IP address, or user behavior.

With regard to terms such as "processing", "controller", or "data subject", reference is made to the definitions in Art. 4 GDPR.

"Personal data" means any information relating to an identified or identifiable natural person (the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (Art. 4(1) GDPR).

"Processing" means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction (Art. 4(2) GDPR).

"Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (Art. 4(7) GDPR).

"Processor" means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller (Art. 4(8) GDPR).

In particular, the terms "processing" and "personal data" are interpreted broadly, so almost any handling of data can fall within this scope.

II. Data Protection Contact

We are not legally required to appoint a named data protection officer at this time. For all questions about data processing, you can contact us at any time at:
privacy@unboundlabs.ai

III. Who is Affected by Processing?

If you visit our website as an interested party, customer, service provider, or other visitor, your personal data may be processed within the legal framework and this policy. For readability, all visitors are referred to as "users".

IV. What Data We Process, Purposes, and Legal Bases

A) Website visit without registration or active submission

If you visit our website without registering or otherwise sending us information, only the personal data that your browser transmits to our server is processed. To the best of our knowledge, this includes in particular the following data, which is technically required to display the website and ensure stability and security:

  • IP address of the requesting device
  • Date and time of request
  • Name and URL of the requested file
  • Access status / HTTP status code
  • Transferred data volume
  • Website from which the request originated (referrer URL)
  • Browser used
  • Operating system

Processing of this data in log files is necessary to display our website and ensure its stability and security.

B) Additional data you provide

If you submit personal data to us (for example through account registration, support communication, or other service interactions), we may additionally process the following categories, depending on your input:

  • Master data (for example account identity data)
  • Contact data (for example email address)
  • Content data (for example text inputs, uploaded media)
  • Usage data (for example accessed pages, access times)
  • Communication and metadata (for example device information, IP addresses)
  • Contract data (for example service package, runtime, customer identifiers)
  • Payment data (for example payment status and transaction history)

C) Purposes of processing

  • Providing functions and content of our online offering
  • Ensuring reliable connection to our website and services
  • Ensuring comfortable use of our website
  • Evaluating and ensuring system security and stability as well as general security measures
  • Responding to requests and communicating with users
  • Administrative purposes
  • Performance of contractual services
  • Customer service and support

D) Legal bases (Art. 6 GDPR)

  • Art. 6(1)(a) GDPR for consent-based processing
  • Art. 6(1)(b) GDPR for contract performance and pre-contractual measures
  • Art. 6(1)(c) GDPR for legal obligations
  • Art. 6(1)(d) GDPR where vital interests apply in exceptional cases
  • Art. 6(1)(f) GDPR for legitimate interests (for example security and fraud prevention)

Where we disclose personal data to third parties, transfer it, or otherwise grant access, this is done only on a legal basis, with your consent, where legally required, or based on legitimate interests.

If service providers process data on our behalf, this is based on processor agreements in accordance with Art. 28 GDPR.

V. Recipients and Processors

We regularly work with recipients such as:

  • Shipping and delivery service providers (where applicable)
  • Credit institutions and payment service providers
  • Email hosting providers
  • Web hosting and infrastructure providers
  • Technical service providers and cloud providers

We select external providers carefully. In case of processing on behalf (Art. 28 GDPR), providers are bound by contractual obligations and data protection requirements.

In case of joint controllership (Art. 26 GDPR), corresponding contractual arrangements are in place.

VI. Transfers to Third Countries

Transfers of personal data to countries outside the EU/EEA or to international organizations occur only in specific cases where legally permitted.

If personal data is processed in third countries, this is done only under the requirements of Arts. 44 et seq. GDPR, for example based on adequacy decisions, Standard Contractual Clauses, or another legally recognized safeguard.

VII. Retention Periods

Personal data is generally stored only as long as necessary for the relevant purpose, contractual performance, legal retention obligations, and legitimate interests.

Specific retention obligations may apply under applicable law, including, in particular:

  • Commercial law retention periods (depending on document type, e.g. 6, 8, or 10 years)
  • Tax law retention periods (typically 10 years for tax-relevant documents)
  • Further retention periods where required by applicable law

Unless otherwise stated in this policy, data is routinely deleted after expiry of the relevant period if no longer required for contract performance, contract initiation, legitimate interests, or based on your consent for longer storage.

VIII. Your Rights

You may have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectify inaccurate data (Art. 16 GDPR)
  • Request erasure (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Receive data portability where applicable (Art. 20 GDPR)
  • Object to processing under Art. 21 GDPR
  • Withdraw consent at any time with future effect (Art. 7(3) GDPR)
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

The rights to object and withdraw consent are additionally explained in sections IX and X.

IX. Right to Object (Art. 21 GDPR)

If we process your personal data based on legitimate interests (Art. 6(1)(f) GDPR), you can object at any time for reasons arising from your particular situation. You can also object at any time to processing for direct marketing purposes.

To object, send a message to privacy@unboundlabs.ai.

X. Withdrawal of Consent

If processing is based on your consent, you may withdraw consent at any time with effect for the future. Withdrawal does not affect the lawfulness of processing before withdrawal.

To withdraw consent, send a message to privacy@unboundlabs.ai.

XI. Requirement to Provide Data

Providing personal data may be legally required in some cases, or necessary for contractual and pre- contractual measures. If required data is not provided, we may be unable to conclude or perform a contract, or we may be unable to process your request.

Depending on the case, required data may include:

  • Name details
  • Email address
  • Account-related data (where applicable)
  • Text inputs and uploaded content necessary for service execution
  • Further communication data where needed to answer support requests

Unless otherwise stated in this Privacy Policy, all other data is voluntary.

XII. Automated Decision-Making

We do not carry out solely automated decisions with legal or similarly significant effects within the meaning of Art. 22 GDPR.

XIII. Contact and Support Communications

You can contact us by email. If you contact us, we process the data you provide to handle your request and communicate with you.

Contact email: info@unboundlabs.ai

XIV. Security Measures

We implement appropriate technical and organizational measures to protect confidentiality, integrity, and availability of personal data, taking into account the state of the art and risk profile (Art. 32 GDPR).

Data transmission is protected using transport encryption (HTTPS/TLS).

XV. Cookie and Tracking Notice

Cookies are small text files stored by your browser. We use cookies and similar technologies to operate core features, maintain security, and improve service reliability.

Cookie types may include:

  • Session cookies (deleted when your browser session ends)
  • Persistent cookies (stored for a defined period)
  • First-party cookies (set by UnboundLabs)
  • Third-party cookies (set by integrated service providers, where applicable)

You can configure browser settings to delete cookies or block certain cookie categories. Blocking essential cookies may affect functionality.

We currently rely primarily on technically necessary cookies for core functionality (for example, authentication and session continuity). If non-essential cookies are used, consent is obtained where required.

For signup attribution, we may store a first-touch referrer cookie (the first external URL that led you to our site) and an anonymous attribution identifier before registration. When you sign up, this attribution data may be linked to your account profile and used for internal analytics and referral performance reporting.

We may also store referrer touch-history events (including landing page and optional UTM parameters) for abuse prevention, attribution analysis, and service optimization, subject to retention limits and access controls.

You can also find opt-out information for online advertising preferences on common industry pages, such as:
https://www.aboutads.info/choices
https://www.youronlinechoices.com

Please note that if you broadly disable cookies, not all functions of our website may be available.

XVI. Social Media Profiles

Where we maintain social media profiles, processing on those platforms is also subject to the policies and terms of the respective platform providers. If you contact us there, we process your data to respond to your communication.

We process data in social media only to the extent users interact with us there, for example by posting on our profile pages or sending direct messages.