Skip to main content

Privacy Policy

Last updated: May 12, 2026 Draft - legal review required. This Privacy Policy is a working draft for Bounty and has not yet been reviewed by legal counsel. It is provided as a non-binding indication of Bounty’s intended privacy practices only. It is not an operative privacy notice and does not create binding obligations unless and until it is reviewed, approved, and accepted through an authorized agreement process.

Who We Are

Bounty provides a B2B SaaS analytics and growth operations product. Bounty helps teams connect marketing and business data, define metrics, inspect paid performance, analyze campaigns, manage growth actions, run agents, and ask questions through AI chat. For privacy or security questions, contact arran@bountygrowth.com.

Scope

This Privacy Policy describes how Bounty collects, uses, shares, and protects personal data when you:
  • Visit Bounty websites and public documentation.
  • Use the Bounty app at app.bountygrowth.com.
  • Use Bounty CLI or agent workflows.
  • Act as a customer administrator or authorized user.
  • Communicate with us as a prospect, customer, partner, vendor, or other business contact.
This policy does not control how a Bounty customer collects, uses, or discloses personal data from its own systems. When Bounty processes Customer Personal Data on behalf of a customer through the service, Bounty generally acts as a processor or subprocessor, and the customer is responsible for its own notices, permissions, and lawful basis.

Personal Data We Collect

We may collect the following categories of personal data:
  • Account and profile data, such as name, business email address, organization, role, workspace membership, and login details.
  • Authentication and session data, such as browser login approvals, one-time authorization codes, local CLI session status, and user permission information.
  • Customer administration data, such as organization settings, user permissions, connector access, connection configuration, billing, and subscription details.
  • Communications data, such as support requests, sales communications, feedback, and meeting notes.
  • Product usage data, such as pages viewed, actions taken, features used, date ranges queried, generated actions reviewed, and agent workflows run.
  • Device, network, and log data, such as IP address, browser type, device identifiers, operating system, request metadata, diagnostic logs, and error logs.
  • Cookie and similar technology data.
  • Integration metadata, such as connector type, table names, field names, schema metadata, sync status, and configuration details.
  • Customer-provided content, prompts, queries, files, outputs, and other information submitted to the service or generated through the service.

Product And Customer Data

Bounty is designed to work with customer-authorized marketing and business data sources. Customer-configured sources may include advertising platforms, analytics tools, CRM systems, lifecycle messaging tools, customer warehouses, and other business systems. Bounty product workflows may involve campaign, ad, creative, action, metric, driver tree, agent, and chat data. The CLI can request Bounty product data using the logged-in user’s permissions, including campaigns, ads, creative analytics, generated actions, agent definitions, and campaign analysis tools.

Analytics, Session Recording, And Logging

We may use analytics, session recording, and logging tools to understand product usage, troubleshoot issues, improve the service, and protect security. These tools may collect product events, page interactions, device information, browser metadata, errors, logs, and session replay data. Where session recording is used, Bounty configures the tool to reduce unnecessary collection of sensitive content and may disable recording for specific workflows or customers where required.

Cookies And Similar Technologies

We may use cookies, local storage, and similar technologies for authentication, session management, security, preferences, analytics, and service performance.

How We Use Personal Data

We use personal data to:
  • Provide, operate, secure, and support the Bounty service.
  • Authenticate users and enforce organization permissions.
  • Connect to customer-authorized data sources and make configured data available for analysis, agents, actions, and chat.
  • Process customer prompts, queries, workflows, and generated outputs.
  • Monitor service performance, troubleshoot errors, and prevent abuse.
  • Communicate about accounts, security, support, product updates, billing, and administrative matters.
  • Improve the service, including by understanding aggregate usage patterns.
  • Comply with legal obligations and enforce agreements.
Where GDPR or similar laws apply, our legal bases may include:
  • Contract: to provide the service to customers and authorized users.
  • Legitimate interests: to secure, maintain, troubleshoot, and improve the service; respond to business communications; and prevent misuse.
  • Consent: for optional cookies, marketing communications, or other processing where consent is required.
  • Legal obligation: to comply with applicable law, tax, accounting, and regulatory obligations.

How We Share Personal Data

We may share personal data:
  • With service providers and subprocessors that help us host, operate, secure, monitor, analyze, and support the service.
  • With customer-authorized integration providers when a customer connects a data source or destination.
  • Within a customer’s Bounty workspace according to that customer’s user permissions.
  • With professional advisers, auditors, insurers, or legal authorities where necessary.
  • In connection with a merger, financing, acquisition, reorganization, or sale of assets, subject to appropriate protections.
Our subprocessor list is available at Subprocessors.

Sale Or Sharing Of Personal Information

Bounty does not sell personal information. Bounty also does not share personal information for cross-context behavioral advertising.

California Privacy Rights

If California privacy law applies to your personal information, you may have rights to:
  • Know or access the personal information collected about you.
  • Request deletion of personal information.
  • Request correction of inaccurate personal information.
  • Opt out of the sale or sharing of personal information.
  • Limit certain uses or disclosures of sensitive personal information.
  • Not be discriminated against for exercising privacy rights.

GDPR And Similar Privacy Rights

Depending on where you live, you may have rights to:
  • Access your personal data.
  • Correct inaccurate or incomplete personal data.
  • Delete your personal data.
  • Object to certain processing.
  • Restrict certain processing.
  • Port your personal data.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority.
These rights may be limited by law, by security requirements, or by Bounty’s role as a processor for customer-controlled data. If your request relates to data controlled by a Bounty customer, we may direct you to that customer or assist the customer as required by our agreement.

Retention And Deletion

We retain personal data for as long as needed to provide the service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and meet legitimate business needs. Customers may request deletion or export of Customer Data as described in their agreement with Bounty and supported by the service.

Security

Bounty uses authenticated access and user permissions to limit access to product data. Bounty CLI requests run with the logged-in user’s Bounty permissions, and the CLI does not require database credentials, warehouse credentials, ad platform credentials, infrastructure secrets, or local environment files for normal workflows. The CLI also accepts secure remote backend URLs and local development URLs, and rejects insecure non-local HTTP URLs. Additional security information is available at Security Controls.

International Transfers

Bounty and its vendors may process personal data in countries other than the country where you are located. Where required, Bounty uses appropriate safeguards for international transfers.

How To Make A Privacy Request

To make a privacy request, contact arran@bountygrowth.com. We may need information to verify your identity and process your request. If your request relates to a Bounty customer workspace, we may ask you to contact the customer directly or may coordinate with the customer, depending on Bounty’s legal role for that data.

Children’s Data

Bounty is a B2B service and is not directed to children. We do not knowingly collect personal data from children.

Changes To This Policy

We may update this Privacy Policy from time to time. The “Last updated” date above shows when it was last changed.