ABOUT ZEROBOUNCE

AI Security at ZeroBounce

At ZeroBounce, we take a proactive and transparent approach to securing our AI systems. Our commitment is grounded in real-time monitoring, strict adherence to company-wide policies, and a rigorous validation process.

Post-Deployment Monitoring & Governance

All AI deployments are continuously monitored in real time. User inputs are retained for 30 days in accordance with our global data policy, after which they are securely deleted. Systems for appeal, override, decommissioning, incident response, and change management follow established company-wide security protocols.

Content Validation & Bias Mitigation

We ensure our AI generates accurate and responsible content by restricting input data to thoroughly vetted public sources—namely, our website and official documentation. Each AI release undergoes rigorous validation to mitigate risks like bias or hallucination.

Intrusion Detection & Security Controls

ZeroBounce AI systems are engineered with strong defenses against prompt injection, prompt priming, and model tampering. Our architecture prevents any unauthorized access or modification of prompts or models.

Transparency & Explainability

A built-in debug mode provides insights into the AI’s decision-making process, offering visibility into the data reviewed and increasing trust through explainability.

Data Handling & Protection

We do not ingest private or user-submitted datasets into our AI systems—only public data is used. Sensitive company data remains protected behind corporate firewalls and VPNs. Data deletion follows the same 30-day retention rule as the rest of the organization.

Threat Resistance & Risk Management

Threats like data poisoning or model inversion are not considered relevant due to the nature of our public data sources. However, all identified risks are documented and regularly assessed by our Quality Assurance team to ensure continued safety.

In-House AI Infrastructure

All AI models and infrastructure are developed and maintained in-house. We do not rely on third-party vendors, eliminating external exposure and ensuring full control over our AI ecosystem.

Leader in Email Validations

ZeroBounce is a leading online email validation system created to ensure that companies sending complex and high volume emails avoid deliverability issues. The system works by reducing and eliminating invalid, abuse, complaint, inactive, and spam-trap email addresses. These are email addresses that will either bounce or contribute to ruining your sending reputation. ZeroBounce also provides IP address validation and verification of key recipient demographics and has the ability to add missing information on certain emails, such as the name, gender and location of the owner.

We created a guide to help you navigate everything you need to be aware of when sending emails. It's the most comprehensive guide you'll find on the internet and we offer it for free, without any restrictions. You can read it here: THE COMPLETE GUIDE TO IMPROVE INBOX AND DELIVERABILITY

ZeroBounce is the most secure email validation system you can find. For us, the protection of your data comes first, so we don't cut cost in keeping it safe. We are registered with the BBB and approved for the EU Data Privacy Framework (DPF). We maintain enterprise contracts with all of our vendors, we operate our own data center and own our servers and hardware. We don't use third-party services, like Amazon, Azure, and other cloud services providers, to store your data.

GETTING STARTED

We'll get you up and validating with us really fast! Simply click this link for a walk-through on our validation service:
Validation Process

ZEROBOUNCE

California: 10 E Yanonali St, Santa Barbara, CA, 93101, US

Sales: 1-888-500-9521 (9-5 PST)

Email: office@zerobounce.net

Technical Support 24/7 (only via email): support@zerobounce.net

Support Options: /contact-us

ZeroBounce List of Sub-processors and Service Providers

What is a Sub-Processor?

A sub-processor is a third party engaged by a data processor to perform specific processing activities on behalf of a data controller. In the context of data protection and privacy regulations, such as the General Data Protection Regulation (GDPR), the following roles are defined:

  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Data Processor: The entity that processes personal data on behalf of the data controller.
  • Sub-Processor: Any third party that the data processor uses to assist in processing the personal data.

In our case, in connection with ZeroBounce’s services such as email validation and list cleaning, a ZeroBounce customer (who acts as a data controller) outsources its data processing to a service provider (data processor - ZeroBounce). The service provider then hires another company (sub-processor) to perform some specialized task, like data storage. That third company becomes a sub-processor.

Under laws like the GDPR, data processors are required to obtain the controller's authorization before engaging sub-processors. Also, they must ensure that sub-processors adhere to the same data protection obligations as the original processor.

Due Diligence

ZeroBounce is committed to conducting thorough due diligence when engaging with third parties, ensuring that they are assessed prior to onboarding and as part of our annual risk management program.

We hold our service providers to strict contractual obligations, requiring them to process personal data solely for the purpose of delivering services to ZeroBounce. These contracts ensure that service providers comply with our commitments to ZeroBounce customers and adhere to applicable data protection laws.

List of Sub-processors

Sub-processors involved in processing customer registration data

NameExchanged dataPurpose
LinkedIn Ads

Email address and cookie tracking data

Ad placement

Google Ads

Email address and cookie tracking data

Ad placement

Microsoft

Email address and cookie tracking data

Ad placement

Meta

Email address and cookie tracking data

Ad placement

Outbrain

Email address and cookie tracking data

Ad placement

Taboola

Email address and cookie tracking data

Ad placement

Quantcast

Email address and cookie tracking data

Ad placement

Reddit

Email address and cookie tracking data

Ad placement

Quora

Email address and cookie tracking data

Ad placement

Hubspot

Email address

Marketing aggregator

Zendesk

Email address

Customer service ticketing and communication; also used in the limited instance where a customer submits a request for support using our chat function/form.

OpenAI

name, email address, purchase details, payment details and customer behaviour

Used to generate analytical reports and insights on ad performance, payment activity, subscription churn, and customer support interactions by processing pseudonymized operational data to identify trends, improve decision-making, and enhance user experience.

Mailchimp

Email address

Used as a backup provider to send transactional emails by processing recipient email addresses, message content, and delivery metadata to ensure reliable communication delivery.

TrustPilot

Email address

To send review invitations and collect genuine user feedback about our services.

G2

Email address

To send review invitations and collect genuine user feedback about our services.

Sub-processors involved in the email validation process

NameExchanged dataPurpose
Cloudflare

Email address

Perimeter security, Web application firewall (WAF). Customer email addresses will be logged only in the case of API validation calls if the customer exceeds the technical recommendation of product usage (e.g., sending request limits, IP violations, etc.)

Cloudflare - email address, purpose: perimeter security, web application firewall. Customer email address will be logged only in case of API calls validation if the client exceeds technical recommendation of product usage (e.g., sending request limits, IP violations etc.).

List of Service Providers

ZeroBounce works with the service providers listed below for email validation service delivery.

NamePurpose of processingExchanged dataEntity country
Okta

Identity management provider

Email address

US

Stripe

Payment gateway

Cardholder data

US

PayPal

Payment gateway

Cardholder data

US

M247

Infrastructure hosting & internet provider

none

EU

DigitalRealty

Colocation hosting provider

none

US

Equinix

Colocation hosting provider

none

US

Cogent

Internet provider

none

US

NTT

Internet provider

none

US

Cloudflare

Internet provider

none

US

Atlassian

Project management

Limited email address

US

DocuSign

Electronic Signatures

Business User Data

US

Calendly

Meeting Organizer

Business User Data

US

Qwilr

Quote Tool

Business User Data

US

Slack

Communication Tool

Limited email address

US

Updates to this page

Given the global scope of our business and the large number of customers we serve, our business needs and service providers may change periodically.

For instance, we may discontinue a service provider to streamline and reduce the number of providers we use or add a new service provider if it improves our ability to deliver our email validation service.

We will regularly update this page to reflect any changes, including the addition or removal of service providers or sub-processors.