UNBOUNDED

Unbounded AB Website Privacy Policy

Version 1.2 - Last Updated: January 20, 2026

Introduction

Unbounded AB ("Unbounded," "we," "us," or "our") values your privacy. This Website Privacy Policy outlines how we collect, use, store, and share personal data from visitors to our website www.unboundedsource.com and from current and prospective clients that use our technology.

This Website Privacy Policy outlines the types of information we collect, how we use it, and your rights related to that information.

What Personal Data We Collect

Automatically Collected Data (Technical and Usage Data)

We automatically collect the following types of information:

  • IP address: Your IP address and other network identifiers. We use IP addresses for communication, inference of approximate geolocation (e.g., country, region, or city level location), and fraud prevention.

  • Device and software information: Device model, OS version, language, time zone, screen resolution.

  • Location information: Approximate location based on your IP address, or precise location information when you consent to collecting such information.

  • Cookies and similar technologies: Used for preferences, analytics, and fraud detection. Where required by law, we obtain consent before setting non-essential cookies and require our partners to do the same.

Information from Website Visitors

When you visit our website, we may collect the following types of information:

  • Usage data: IP address, browser type, visited pages, timestamps, time spent on each page, and referral sources. This helps us ensure that the website operates securely, analyze trends, and improve site performance.

  • Cookies & analytics: We use cookies and third-party analytics (e.g., Google Analytics) to track site usage and improve user experience. You can manage cookies via browser settings or our cookie tool.

  • Communications and form submissions: If you fill out a form (e.g., contact request, demo signup, newsletter), we collect any personal data included in your submitted details, in order to respond to inquiries or provide requested services.

Information You Provide

If you contact us, or enter an agreement with us as a client, supplier, or in any other way interact with us for business-related purposes, we may collect the following types of information:

  • Contact information: Name, email, phone number, job title, and company details.

  • Account credentials: When we provide a client portal or online account, we collect login credentials such as a username, password and any security information needed to access the account.

  • Business details: Billing address, tax ID, industry, and service preferences.

  • Communications: Personal data included by you in correspondence related to inquiries, support, or feedback to assist in managing our relationship.

Information from Third Parties

We may gather publicly available data (e.g., LinkedIn, industry databases) or use lead generation providers to verify, augment, or update information we already have about individuals.

How We Use the Personal Data We Collect

We process personal data from clients, prospective business contacts, and visitors to our websites for the following purposes:

  • Providing and managing services: We set up accounts, provide our services, and manage contractual relationships. This processing is necessary for the performance of the services and for fulfilling our agreement with you.

  • Billing and payments: We process transactions, issue invoices, receive payments, and manage renewals or subscriptions. Financial and contact information is used for invoicing, payment processing, and maintaining financial records. The processing is necessary for the performance of the applicable agreement with you and for compliance with legal obligations we are subject to, such as retaining certain accounting information.

  • Client support and communication: We communicate with you regarding service usage, respond to inquiries, provide support or training, and share important updates (e.g., platform changes or security notices). This processing is necessary for the performance of the services and for fulfilling our agreement with you.

  • Marketing and outreach: We may send marketing communications about our products, services, events, and resources, including newsletters and industry insights. Personal data may be used to personalize these messages. This processing is based on our legitimate interest to maintain and develop our business relationships.

  • Site operation and performance: Ensuring our website functions properly, loads quickly, and displays correctly on your device. This includes using necessary cookies and scripts for core functionality, such as navigation and cookie consent preferences. In some jurisdictions, this processing is based on our legitimate interests to provide a functioning website.

  • Analytics and improvement: Monitoring visitor behavior to enhance our site. Aggregated or pseudonymized data helps us understand traffic patterns, popular pages, and areas for improvement. We only collect this data if you consent to such tracking through cookies on the website.

  • Responding to inquiries: If you provide your contact details, we use that information to reply to questions or requests submitted. This processing is based on our legitimate interests to provide a response to your inquiries.

  • Legal and financial compliance and risk management: We process personal data to comply with legal obligations, enforce contracts, and protect the rights and property of Unbounded and others. This may include retaining records, responding to legal requests, and ensuring regulatory compliance. This processing is based on our legitimate interest to operate and protect our business, as well as for compliance with legal obligations.

  • Fraud prevention and security: We process personal data to help detect fraud and maintain system security. This processing is based on our legitimate interests to protect our services.

We generally do not collect information that is considered “sensitive” under European and/or U.S. state privacy laws and we do not use or share sensitive personal data for the purpose of inferring characteristics about you.

How We Share Your Information

We share personal data in the following scenarios:

  • Vendors and service providers (including processors): We make personal data available to our vendors, service providers, contractors, and consultants who perform services on our behalf, such as companies that assist us with cloud hosting, analytics, email, payments, and support. They process data on our behalf under strict confidentiality and data protection agreements.

  • Professional advisors: We share personal data with our legal, financial, insurance, and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.

  • Within our corporate group: We may share personal data with affiliates, subsidiaries, or a parent company to operate our services and provide support (e.g., if an affiliate handles customer support or data analysis).

  • Legal compliance and protection: We may disclose personal data when necessary to comply with laws, legal processes, or government requests (e.g., court orders or subpoenas), enforce our agreements (such as involving legal counsel or debt collection for contract breaches), prevent fraud or security risks (e.g., sharing info with fraud prevention agencies), or protect the rights, safety, and property of Unbounded, our employees, users, our clients, or the public (including cybersecurity measures or alerting authorities in case of imminent threats).

  • Business transfers: In the event of a merger, acquisition, restructuring, or similar transaction, personal data may be transferred as part of the business assets. If ownership changes materially, we will notify you (e.g., via our website or email) and inform you of any choices available.

  • With your consent or at your direction: We make personal data available to third parties when we have your consent or you intentionally direct us to do so.

We also share aggregated or de-identified information that cannot reasonably be used to identify you. We maintain and use this information only in a de-identified fashion and will not attempt to re-identify such information, except as permitted by law.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and for other business purposes explained in this Website Privacy Policy, or as long as required by applicable laws and legitimate business needs. This means retention periods can vary depending on the type of data and context. We strive to define retention periods that are no longer than necessary. Below is a general outline of how we approach data retention:

  • Clients’ Data: We retain client and business contact information for the duration of our business relationship and as needed thereafter for legitimate purposes and as spelled out in our contracts. If you are a client, your account data and project data will typically be kept as long as your account is active or as needed to provide services. After you cease being a client, we may archive your account and project records for a certain period (for example, to have a history of our engagements and in case you return or have questions about past work). Billing records, invoices, and payment history are retained in accordance with financial record-keeping laws (which often require retention for 5-7 years or more). Correspondence and support tickets might be kept for a few years in case of later reference. We also maintain minimal information to avoid contacting you if you’ve opted out of marketing or to honor other restrictions you’ve requested. In summary, we won’t keep your full client profile forever if you are no longer active, but we will keep what’s necessary for our internal records and legal compliance.
  • Website and Analytics Data: Data collected via our website (e.g., web analytics logs) is typically retained for a relatively short period unless required for security. Analytics data (which is often aggregated) might be retained for up to 24 months to allow us to observe year-over-year usage patterns, unless a shorter period is sufficient. If you filled out a contact form or signed up for a newsletter, we will retain that information until we have fulfilled your request (and for a short period afterward, in case you have follow-up questions), or until you unsubscribe from the newsletter or withdraw your consent.
  • Legal and Compliance: In certain cases, we may need to retain data for longer periods if required by law or if needed to resolve disputes. For instance, if we receive a legal hold notice related to data (perhaps because of litigation), we will preserve relevant information until the hold is lifted. We also must abide by laws like tax regulations, which may mandate that we keep transaction records and associated identifiers for a minimum number of years. Additionally, if you exercise a right to erasure, we may keep a minimal record of your request and the data we erased to demonstrate compliance, and to ensure we don’t inadvertently re-contact you or reprocess your data (this minimal record might include, for example, your email address and a note that you requested deletion).
  • Anonymized and Aggregated Data: If we have transformed personal data into an anonymized format (such that it can no longer be linked to you), we may keep this data for a longer period since it is no longer personal data. Anonymized data helps us to understand trends and improve our services over time without compromising individual privacy.

Your Rights

We respect your rights to control your personal data. Depending on your jurisdiction and the applicable law, you may have some or all of the following rights regarding the personal data we hold about you. We have processes in place to allow you to exercise these rights. Please note that these rights are not absolute and may be subject to certain conditions or exemptions under the law.

Under the laws applicable to you, you may have the following rights:

  • Right to access: You have the right to request confirmation of whether we are processing your personal data, and if so, to receive a copy of the personal data we hold about you, along with certain information about how we use it. This is sometimes called a “Data Subject Access Request.” We will provide the first copy of your data free of charge, but as permitted by law, we may charge a reasonable fee or refuse repetitive, excessive requests.
  • Right to rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you. If any of your information has changed or you discover it’s incorrect, please let us know so we can correct it. For example, if you are a client and your email address changes, you can update it in your account or ask us to update our records.
  • Right to erasure (deletion): You have the right to request the deletion of your personal data in certain circumstances. This right, also known as the “right to be forgotten,” applies, for instance, if the data is no longer necessary for the purposes it was collected, you withdraw consent (and no other legal basis applies), or you object to processing and we have no overriding legitimate grounds to continue. We will evaluate and, if appropriate, honor such requests in accordance with the law. Keep in mind there are exceptions – we may retain data if needed for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims. If we cannot delete data you requested, we will inform you of the reason (unless legally prevented from doing so).
  • Right to restrict processing: You have the right to request that we limit the processing of your personal data under certain scenarios. This might occur if you contest the accuracy of the data (for a period enabling us to verify it), or if you object to our processing based on legitimate interests (pending our assessment of whose interests prevail), or if processing is unlawful but you prefer restriction over deletion. When processing is restricted, such data will only be processed with your consent or for specific reasons like legal claims or protecting others’ rights, except for continued storage. We will inform you before lifting any such restriction.
  • Right to object: You have the right to object to our processing of your personal data when the processing is based on legitimate interests, and you have grounds relating to your particular situation. We will then re-evaluate our reasons for processing and will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims. Importantly, you have an absolute right to object to direct marketing at any time. If we ever send you marketing communications, you can opt out and we will cease further marketing to you without question.
  • Right to data portability: When legally applicable, you have the right to receive your personal data that you provided to us in a structured, commonly used, machine-readable format, and to have that data transmitted to another controller (for example, another service provider) where technically feasible. This right applies when the processing is based on your consent or on a contract with you, and the processing is carried out by automated means. For example, if you provided us with a set of profile data and then want to transfer it to a similar service, we will assist in providing it in a portable format if the conditions are met.
  • Right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw consent for marketing emails, you can simply click the unsubscribe link in the footer of any email or contact us. For other consent withdrawals, contacting us directly is the best approach.
  • Right to information and transparent communication: You have the right to be informed about how we collect and use your data (which is the purpose of this Website Privacy Policy). If you have questions about any of the content in this Policy or how your data is handled, you also have the right to an understandable and transparent response. We aim to provide that, and you can always reach out to us for further explanation.
  • Right to lodge a complaint: If you believe we have not complied with applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. For individuals in the EEA, this typically means your country’s data protection authority; for example, Sweden’s Integritetsskyddsmyndigheten (IMY) if you reside in Sweden.

To exercise your rights, please contact us (see "Contact Us"). We may ask for additional information in order to verify your identity. If we process your data on behalf of a client, we may refer you to them. We respond within legal timeframes. Requests are free unless excessive. If we cannot fully comply, we will explain why. If you disagree with a decision, you may request a review or appeal where applicable.

Additional Information for Residents of Europe

If you are a resident of the European Economic Area (EEA), this section applies to you.

Legal Basis for Processing

As described above, we rely on various lawful bases to process your personal data. These include:

  • Consent: For example, when you submit your information via our contact form, you consent to us using it to respond to your inquiry.

  • Legitimate interests: We may retain submitted inquiries to evaluate interest in our services and improve our communication processes.

Your Rights

As a resident of the EEA, you have the rights described above, and may exercise them by contacting us at privacy@unboundedsource.com.

Data Transfers

Unbounded AB is based in Sweden. We primarily store and process data on servers located within the European Union (EU). We might store and process data in other locations depending upon the location of clients and end users. However, the global nature of our services means that your personal data may be transferred to, or accessed by, entities outside of your home country, including outside the EEA. We take appropriate measures to ensure that such international data transfers comply with applicable data protection laws and that your data remains protected as it travels. When we transfer personal data from the EEA to countries not deemed to have “adequate” data protection laws (for example, transfers to the United States or other countries), we rely on approved safeguards under the GDPR. The primary mechanism we use is the European Commission’s Standard Contractual Clauses (“SCCs”). We have SCCs in place with our service providers outside the EU/EEA as required. In some cases, we may also rely on an adequacy decision (if the country has been approved by the EU as having essentially equivalent protections).

You can contact us at privacy@unboundedsource.com if you would like more information about international data transfers or to obtain a copy of the relevant transfer agreements (such as SCCs) we use. We will provide as much information as we are able to, although we may need to redact certain contractual details for confidentiality reasons.

Data Controller

Unbounded AB acts as the data controller for the personal data we collect. Our contact information is as follows:

Unbounded AB
Tre Liljor 3
113 44 Stockholm
Sweden

Email: privacy@unboundedsource.com

If you are unsatisfied with our response to any request to exercise your rights, you also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at https://www.imy.se.

TCF Compliance

In connection with our advertising and research services, Unbounded AB participates in the IAB Europe Transparency and Consent Framework (TCF) and complies with its Policies and Technical Specifications.

Our TCF Vendor ID is 1413, and we operate under the legal bases declared in the IAB Global Vendor List (GVL).

We honor the consent and preferences signaled by users through the TCF framework and ensure that our systems respect those choices in all personal data processing activities governed by the TCF.

Additional Information for Residents of the United States

Depending on where you reside, you may have the rights described above, and may exercise them as described in the “Your Rights” section above. You have the right not to be discriminated against for exercising any of your privacy rights. If you have a concern about our processing of personal data, we encourage you to contact us in the first instance.

Appeals

If we deny your rights request, you may appeal our decision by contacting us. If you have concerns about the result of an appeal, or if we are unable to resolve your concerns about our processing of your personal data, you may contact the attorney general in the state where you reside.

Authorized Agents

Depending on where you reside, you may designate an authorized agent to submit an access, deletion, or correction request on your behalf. We may ask authorized agents to submit proof of their authority to make a request, such as a valid power of attorney or proof that they have signed permission from the consumer who is the subject of the request. In some cases, we may contact the individual who is the subject of the request to verify their own identity or confirm the authorized agent has permission to submit the request. If you are an authorized agent seeking to make an access, correction, or deletion request on behalf of a consumer, please contact us via email at privacy@unboundedsource.com.

Updates to this Website Privacy Policy

We may update this policy to reflect changes in practices, laws, or technology. The “Last Updated” date will be revised accordingly. Significant changes may be highlighted through notices or emails. Continued use of our services after updates implies acceptance, as permitted by law.

Contact Us

If you have any questions, concerns, or requests regarding this Website Privacy Policy or how Unbounded AB handles your personal data, please do not hesitate to contact us:

Unbounded AB
Tre Liljor 3
113 44 Stockholm
Sweden

Email: privacy@unboundedsource.com

Revision History

Version 1.0 - Last Updated: March 11, 2025

Version 1.1 - Last Updated: April 14, 2025

Version 1.2 - Last Updated: January 20, 2026