Boundless Intelligence Labs, Inc. ("Boundless," "we," "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use https://boundlessapi.com, our dashboard, API, and support channels (collectively, the "Service").
By using the Service, you agree to this Privacy Policy and our Terms of Service.
1. Scope
This policy applies to personal data we process as a controller (account, billing, website). When you send personal data inside API prompts, you are typically the controller and Boundless acts as a processor — see our Data Processing Agreement and Data Policy.
2. Information We Collect
2.1 Information You Provide
- Account data: Email, name (optional), OAuth identifiers (Google, GitHub), organization name
- Billing data: Payment history, invoices, billing address, tax IDs (processed by Stripe; we do not store full card numbers)
- Support communications: Emails, tickets, survey responses
- Settings: Privacy preferences, spend limits, opt-in logging choices
2.2 Information Collected Automatically
- Device and log data: IP address, browser type, OS, timestamps, pages viewed
- API metadata: Model used, token counts, latency, error codes, API key ID (not the key itself)
- Cookies and analytics: See Cookie Policy
2.3 API Prompts and Completions
By default, we do not store prompts or completions (zero data retention). We only process them transiently to route your request and return a response.
If you opt in to request logging, we store prompts/completions per your settings. See Data Policy.
2.4 Information from Third Parties
- OAuth providers (profile basics)
- Stripe (payment confirmation)
- Fraud prevention services
3. How We Use Information
We use personal data to:
- Provide, operate, and secure the Service
- Process payments and manage credits
- Send transactional emails (receipts, security alerts, policy updates)
- Respond to support requests
- Detect fraud, abuse, and Terms violations
- Analyze aggregated, de-identified usage to improve routing and reliability
- Comply with legal obligations
We do not use your API prompts or completions to train Boundless or third-party models unless you explicitly opt in.
4. How We Share Information
We may share personal data with:
| Recipient | Purpose |
|---|---|
| Model Providers | To fulfill API requests (prompts/completions per provider policy) |
| Stripe | Payment processing |
| Cloud infrastructure providers | Hosting and operations (US regions) |
| OAuth providers | Authentication |
| Analytics (if enabled) | Product analytics — see Cookie Policy |
| Legal authorities | When required by law or to protect rights and safety |
We do not sell personal data for money. We do not share personal data for cross-context behavioral advertising.
5. Data Retention
| Data Type | Retention |
|---|---|
| Account data | While account is active + up to 90 days after deletion |
| Billing records | 7 years (tax/accounting requirements) |
| API metadata | Up to 13 months |
| Opt-in request logs | Per your settings; deletable on request |
| Prompts/completions (default) | Not retained |
| Support tickets | Up to 3 years |
6. Security
We use industry-standard safeguards including TLS 1.2+ in transit, encryption at rest for sensitive data, access controls, and monitoring. No method is 100% secure. Report concerns to security@boundlessapi.com.
7. International Transfers
Boundless is based in the United States. If you access the Service from outside the U.S., your data may be processed in the U.S. and other countries where our providers operate. We use appropriate safeguards (e.g., Standard Contractual Clauses) where required.
US inference routing: API requests from US accounts are routed through US-region infrastructure where supported. See Data Policy.
8. Your Rights
8.1 All Users
You may access, correct, or delete your account via dashboard settings or by emailing privacy@boundlessapi.com.
8.2 EEA/UK (GDPR)
If GDPR applies, you may have rights to access, rectify, erase, restrict, port, and object to processing. Contact privacy@boundlessapi.com. You may lodge a complaint with your supervisory authority.
Legal bases: Contract performance, legitimate interests (security, fraud prevention, product improvement), consent (marketing, optional logging), legal obligation.
8.3 California (CCPA/CPRA)
California residents have rights to:
- Know what personal information we collect and how it is used
- Delete personal information (subject to exceptions)
- Correct inaccurate personal information
- Opt out of sale/sharing (we do not sell or share for cross-context advertising)
- Limit use of sensitive personal information (we do not use sensitive PI beyond providing the Service)
- Non-discrimination for exercising rights
Submit requests to privacy@boundlessapi.com or via dashboard. We verify requests before responding.
8.4 Shine the Light (California)
California residents may request information about disclosures to third parties for direct marketing (we do not make such disclosures).
9. Children
The Service is not directed to children under 13. We do not knowingly collect data from children under 13. Contact privacy@boundlessapi.com if you believe we have.
10. Cookies and Tracking
See our Cookie Policy. You can manage cookies via browser settings and our cookie banner.
11. Marketing Communications
You may opt out of marketing emails via the unsubscribe link. Transactional emails (billing, security) will still be sent.
12. Changes
We may update this policy. Material changes will be notified via email or prominent notice at least 15 days before taking effect. Continued use constitutes acceptance.
13. Contact
Boundless Intelligence Labs, Inc.
Nathan Wang
2261 Market Street
#99956
San Francisco, CA 94114
United States
Privacy inquiries: privacy@boundlessapi.com
Support: support@boundlessapi.com
Phone: +1 (513) 686-0066