ZeroBounce Logo

Docs

Language Icon
  • Sign In
  • Sign Up Free

Languages

ZeroBounce ImageGetting Started
ZeroBounce ImageEmail List Validation
ZeroBounce ImageA.I. Email Scoring
ZeroBounce ImageEmail Finder
ZeroBounce ImageDomain Search
ZeroBounce ImageActivity Data
ZeroBounce ImageMulti-file upload
ZeroBounce ImageIntegrations
ZeroBounce ImageUsage Reports
ZeroBounce ImageYour ZeroBounce Account
ZeroBounce ImageEmail Validation API
ZeroBounce ImageEmail Finder API
ZeroBounce ImageDomain Search API
ZeroBounce ImageA.I. Scoring API
ZeroBounce ImageActivity Data API
ZeroBounce ImageList Evaluator API
ZeroBounce ImageApi Dashboard
ZeroBounce ImageAPI Wrappers
ZeroBounce ImageAPI Migration
ZeroBounce ImageFAQ
ZeroBounce ImageSecuring Your Account
ZeroBounce ImageAbout ZeroBounce
ZeroBounce ImageAI Security
ZeroBounce ImageLeader in Email Validations
ZeroBounce ImageData Protection
ZeroBounce ImagePrivacy Policy
ZeroBounce ImageTerms and Conditions
ZeroBounce ImageAnti Abuse Policy
ZeroBounce ImageData Processing Agreement
ZeroBounce ImageUK Data Processing Agreement
ZeroBounce ImageEnterprise Plans
ZeroBounce ImageCertifications and Accreditations
ZeroBounce ImageSub-Processors and Service Providers
ZeroBounce ImageDeliverability Tools
ZeroBounce ImageStatus Page
  • Email Validation Homepage
  • Separator
  • Docs
  • Separator
  • About ZeroBounce
  • Separator
  • AI Security
About ZeroBounce

AI Security at ZeroBounce

At ZeroBounce, we take a proactive and transparent approach to securing our AI systems. Our commitment is grounded in real-time monitoring, strict adherence to company-wide policies, and a rigorous validation process.

Post-Deployment Monitoring & Governance

All AI deployments are continuously monitored in real time. User inputs are retained for 30 days in accordance with our global data policy, after which they are securely deleted. Systems for appeal, override, decommissioning, incident response, and change management follow established company-wide security protocols.

Content Validation & Bias Mitigation

We ensure our AI generates accurate and responsible content by restricting input data to thoroughly vetted public sources—namely, our website and official documentation. Each AI release undergoes rigorous validation to mitigate risks like bias or hallucination.

Intrusion Detection & Security Controls

ZeroBounce AI systems are engineered with strong defenses against prompt injection, prompt priming, and model tampering. Our architecture prevents any unauthorized access or modification of prompts or models.

Transparency & Explainability

A built-in debug mode provides insights into the AI’s decision-making process, offering visibility into the data reviewed and increasing trust through explainability.

Data Handling & Protection

We do not ingest private or user-submitted datasets into our AI systems—only public data is used. Sensitive company data remains protected behind corporate firewalls and VPNs. Data deletion follows the same 30-day retention rule as the rest of the organization.

Threat Resistance & Risk Management

Threats like data poisoning or model inversion are not considered relevant due to the nature of our public data sources. However, all identified risks are documented and regularly assessed by our Quality Assurance team to ensure continued safety.

In-House AI Infrastructure

All AI models and infrastructure are developed and maintained in-house. We do not rely on third-party vendors, eliminating external exposure and ensuring full control over our AI ecosystem.

zb_list

What is a Sub-Processor?

A sub-processor is a third party engaged by a data processor to perform specific processing activities on behalf of a data controller. In the context of data protection and privacy regulations, such as the General Data Protection Regulation (GDPR), the following roles are defined:

  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Data Processor: The entity that processes personal data on behalf of the data controller.
  • Sub-Processor: Any third party that the data processor uses to assist in processing the personal data.

In our case, in connection with ZeroBounce’s services such as email validationⓘ and list cleaning, a ZeroBounce customer (who acts as a data controller) outsources its data processing to a service provider (data processor - ZeroBounce). The service provider then hires another company (sub-processor) to perform some specialized task, like data storage. That third company becomes a sub-processor.

Under laws like the GDPR, data processors are required to obtain the controller's authorization before engaging sub-processors. Also, they must ensure that sub-processors adhere to the same data protection obligations as the original processor.

Due Diligence

ZeroBounce is committed to conducting thorough due diligence when engaging with third parties, ensuring that they are assessed prior to onboarding and as part of our annual risk management program.

We hold our service providers to strict contractual obligations, requiring them to process personal data solely for the purpose of delivering services to ZeroBounce. These contracts ensure that service providers comply with our commitments to ZeroBounce customers and adhere to applicable data protection laws.

List of Sub-processors

Sub-processors involved in processing customer registration data

  • Name
    Exchanged data
    Purpose
  • LinkedIn Ads
    Email address and cookie tracking data
    Ad placement
  • Google Ads
    Email address and cookie tracking data
    Ad placement
  • Microsoft
    Email address and cookie tracking data
    Ad placement
  • Meta
    Email address and cookie tracking data
    Ad placement
  • Outbrain
    Email address and cookie tracking data
    Ad placement
  • Taboola
    Email address and cookie tracking data
    Ad placement
  • Quantcast
    Email address and cookie tracking data
    Ad placement
  • Reddit
    Email address and cookie tracking data
    Ad placement
  • Quora
    Email address and cookie tracking data
    Ad placement
  • Hubspot
    Email address
    Marketing aggregator
  • Zendesk
    Email address
    Customer service ticketing and communication; also used in the limited instance where a customer submits a request for support using our chat function/form.
  • OpenAI
    name, email address, purchase details, payment details and customer behaviour
    Used to generate analytical reports and insights on ad performance, payment activity, subscription churn, and customer support interactions by processing pseudonymized operational data to identify trends, improve decision-making, and enhance user experience.
  • Mailchimp
    Email address
    Used as a backup provider to send transactional emails by processing recipient email addresses, message content, and delivery metadata to ensure reliable communication delivery.
  • TrustPilot
    Email address
    To send review invitations and collect genuine user feedback about our services.
  • G2
    Email address
    To send review invitations and collect genuine user feedback about our services.

Sub-processors involved in the email validationⓘ process

  • Name
    Exchanged data
    Purpose
  • Cloudflare
    Email address
    Perimeter security, Web application firewall (WAF). Customer email addresses will be logged only in the case of API validation calls if the customer exceeds the technical recommendation of product usage (e.g., sending request limits, IP violations, etc.)

Cloudflare - email address, purpose: perimeter security, web application firewall. Customer email address will be logged only in case of API calls validation if the client exceeds technical recommendation of product usage (e.g., sending request limits, IP violations etc.).

List of Service Providers

ZeroBounce works with the service providers listed below for email validationⓘ service delivery.

  • Name
    Purpose of processing
    Exchanged data
    Entity country
  • Okta
    Identity management provider
    Email address
    US
  • Stripe
    Payment gateway
    Cardholder data
    US
  • PayPal
    Payment gateway
    Cardholder data
    US
  • M247
    Infrastructure hosting & internet provider
    none
    EU
  • DigitalRealty
    Colocation hosting provider
    none
    US
  • Equinix
    Colocation hosting provider
    none
    US
  • Cogent
    Internet provider
    none
    US
  • NTT
    Internet provider
    none
    US
  • Cloudflare
    Internet provider
    none
    US
  • Atlassian
    Project management
    Limited email address
    US
  • DocuSign
    Electronic Signatures
    Business User Data
    US
  • Calendly
    Meeting Organizer
    Business User Data
    US
  • Qwilr
    Quote Tool
    Business User Data
    US
  • Slack
    Communication Tool
    Limited email address
    US

Updates to this page

Given the global scope of our business and the large number of customers we serve, our business needs and service providers may change periodically.

For instance, we may discontinue a service provider to streamline and reduce the number of providers we use or add a new service provider if it improves our ability to deliver our email validationⓘ service.

We will regularly update this page to reflect any changes, including the addition or removal of service providers or sub-processors.