UNBOUNDED

Unbounded AB Services Privacy Policy

Version 1.2 - Last Updated: January 20, 2026

Introduction

Unbounded AB ("Unbounded," "we," "us," or "our") values your privacy. This Services Privacy Policy outlines how we collect, use, store, and share personal data in compliance with relevant law in your jurisdiction including, for example, the EU/EEA General Data Protection Regulation (“GDPR”).

We operate a user and market data research service, a personalized content and advertising network, as well as a marketplace that connects survey providers with survey respondents, typically by way of surveys placed within ads. Our services include helping our clients to conduct market and brand research, product surveys, opinion polls, and other types of surveys through a demand side platform and a mobile SDK advertising network. This policy collectively refers to these technologies and services as our “Services.” This Services Privacy Policy outlines how we collect, use, store, and share personal data from end users of apps, games, websites, and TVs to provide our Services.

This Services Privacy Policy governs your interactions with our ads, surveys, and mobile SDKs. If you click on an ad or link that directs you to our corporate website (www.unboundedsource.com), your visit will instead be governed by our separate Website Privacy Policy. We encourage you to review that policy upon arrival to understand how we collect data from website visitors.

By using our Services or providing personal information, you acknowledge that you have reviewed this Services Privacy Policy. Where required by law, we obtain your explicit consent before processing your data. In other cases, we may rely on other legal bases, as outlined below.

What Personal Data We Collect

Automatically Collected Data (Technical and Usage Data)

Our Services collect information in two broad ways:

  • Demand Side Platform (DSP): Our DSP is a system that helps us place ads on apps, websites, and connected devices that you use. When there's an opportunity to display an ad, these services or their partners may send us information about that opportunity in order to participate in a real-time auction to bid for that space. These auctions happen instantly as you load content. If our bid wins, we show you an ad, which might include surveys you can optionally and voluntarily choose to take part in.

  • Mobile Software Development Kit (SDK): Our SDK integrates with third-party apps, games, and websites, which allows us to deliver ads, content, and surveys directly within these platforms. Sometimes, we collaborate with other advertising networks to determine which ads are shown. How ads are displayed is effectively the same as what is written under DSP.

Through these methods, we automatically collect the following types of information:

  • Device identifiers: Advertising IDs (e.g., AAID, IDFA, IDFV, etc) and other unique identifiers that are broadcast by your device, including probabilistic identifiers built up from device information.

  • IP address: Your IP address and other network identifiers. We use IP addresses for communication, inference of approximate geolocation (e.g., country, region, or city level location), probabilistic identification, and fraud prevention.

  • Device and software information: Device model, OS version, language, time zone, screen resolution, and network provider.

  • Location information: Approximate location based on your IP address, or precise location information when you consent to an app, device, or website collecting such information.

  • Application information: Details about the apps, games, or websites you are using that deliver our Services.

  • Usage data & response metadata: This includes information such as survey progress, timestamps, and engagement patterns.

  • Cookies and similar technologies: Used for preferences, analytics, and fraud detection. Where required by law, we obtain consent before setting non-essential cookies and require our partners to do the same.

Information You Provide

We serve interactive content to you through our DSP and SDK, including ads and content, and these typically contain surveys. Surveys are questionnaires or interactive prompts that invite you to share your personal data, opinions, preferences, and/or feedback on various topics. When you provide information in response to our ads, content, and/or surveys, we may collect:

  • Profile and demographic data: When selecting or qualifying you for a survey, we might collect profile or demographic data (such as your age; location and residence(s); language preferences; household or financial characteristics; interests; etc.).

  • Survey responses: We collect any information you voluntarily provide in response to one of our surveys.

  • Sensitive survey responses: Some surveys may include questions about sensitive topics (e.g., special categories of personal data under GDPR Article 9). We only collect and process answers to such questions if you provide explicit consent at the time. For details, see our Sensitive Data Consent Policy.

  • Identity & authentication: We may ask you to provide contact details such as your name and email address on occasion, for example if you fill out a form or sign up for a newsletter.

Information from Clients, Suppliers and other Business Contacts

If you contact us, or enter an agreement with us as a Client, Supplier or in any other way interact with us for business-related purposes, we may collect the following types of information:

  • Contact information: Name, email, phone number, job title, and company details when you inquire about our Services, create an account with us, or enter an agreement.

  • Account credentials: When we provide a client portal or online account, we collect login credentials such as a username, password and any security information needed to access the account.

  • Business details: Billing address, tax ID, industry, and service preferences.

  • Communications: Personal data included by you in correspondence related to inquiries, support, or feedback to assist in managing our relationship.

Information from Third Parties

We may also obtain personal data about you from third-party sources in certain situations:

  • Publishing partners: When you interact with interactive content on platforms, publishers or their partners (e.g., ad networks) may share personal data like device ID, IP addresses, and basic profile attributes through the advertising request process. We contractually require these partners to have lawful rights to share your data with us.

  • Public sources: We may gather publicly available data (e.g., LinkedIn, industry databases) or use lead generation providers to verify, augment, or update information we already have about individuals.

  • Data enrichment: To improve the relevance of our services and advertising, we may enrich the data you provide to us by combining it with information such as demographics, interests, location, or device/usage attributes from trusted third-party sources. This process, known as “data enrichment,” helps us better understand your preferences, demographics, or interests based on identifiers such as your device or application usage. We do not enrich, infer, or create audience segments based on sensitive survey answers or special category data without explicit consent, and sensitive survey answers are handled under our Sensitive Data Consent Policy.

How We Use the Personal Data We Collect

Use of Users’ Data

We process personal data collected through our Services for the following purposes:

  • Providing the Services: To present surveys or research content to you, record your responses, and manage your participation. This includes using device and usage data to deliver the survey in a compatible format and to validate your responses. This processing may be necessary to fulfil our contract with you (if part of a research panel), or be based on your consent.

  • Show targeted ads and content to you: We use the information we collect to select what ads, content, and surveys to display to you on our Services, including on our partners’ websites, apps, and other properties and on our own. This processing is typically based on your consent. We do not use your answers to sensitive survey questions (e.g., where you have provided explicit Article 9 consent) for advertising, profiling, or targeting.

  • Research analysis and insights: Survey responses are analyzed to generate insights and reports for our clients. This data is typically aggregated or anonymized to produce statistical reports. When doing so, we ensure that individual respondents are not identifiable in the outputs provided to clients, unless you have expressly consented to the sharing of identifiable information. In some jurisdictions, this processing is based on our legitimate interests to provide meaningful aggregated data to our clients.

  • Personalization and qualification: We ask you certain profiling questions or use cookies/IDs to determine which ads, content, or surveys might be relevant to you. This processing is typically based on your consent. We do not use your answers to sensitive survey questions (e.g., where you have provided explicit Article 9 consent) to build advertising profiles or target ads; they are used only for research and analysis as described in our Sensitive Data Consent Policy.

  • Service improvement and development: Survey interactions help us enhance usability, refine methodologies, and develop better research models. In some jurisdictions, this processing is based on our legitimate interest to improve and develop our Services. In some cases, we may seek consent for specific feedback or research activities beyond the original survey.

  • Fraud prevention and security: Device and usage data help detect fraud, prevent duplicate entries, and maintain system security. In some jurisdictions, this processing is based on our legitimate interests to protect research integrity and ensure a fair environment.

  • Communication with you: If you share contact details with us, we may contact you for survey-related updates, support or follow-up invitations. In some jurisdictions, this processing is based on our legitimate interest to provide customer support.

  • Marketing: With your consent, we may send messages to invite you to execute future surveys.

We may collect information that is considered “sensitive” under U.S. state privacy laws, but we do not use or share sensitive personal data for the purpose of inferring characteristics about you.

We do not use your personal data for unrelated automated decisions (e.g., credit scoring, employment eligibility) without consent. Profiling is solely for research targeting, not for legal or financial decision-making.

Use of Clients’ Personal Data

We collect and use personal data from clients, prospective business contacts, for the following purposes:

  • Providing and managing services: We set up accounts, provide our Services and manage contractual relationships. This processing is necessary for the performance of the Services and for fulfilling our agreement with you.

  • Billing and payments: We process transactions, issue invoices, receive payments, and manage renewals or subscriptions. Financial and contact information is used for invoicing, payment processing, and maintaining financial records. The processing is necessary for the performance of the applicable agreement with you and for compliance with legal obligations we are subject to, such as retaining certain accounting information.

  • Client support and communication: We communicate with you regarding service usage, respond to inquiries, provide support or training, and share important updates (e.g., platform changes or security notices). This processing is necessary for the performance of the Services and for fulfilling our agreement with you.

  • Marketing and outreach: We may send marketing communications about our products, Services, events, and resources, including newsletters and industry insights. Personal data may be used to personalize these messages. In some jurisdictions, this processing is based on our legitimate interest to maintain and develop our business relationships.

  • Service Improvement and Business Optimization: We analyze how clients use our services to enhance features, gather feedback, and refine our offerings. This helps improve user experience, product development, and business strategy. In some jurisdictions, this processing is based on our legitimate interest to improve and develop our Services.

  • Legal Compliance and Risk Management: We process personal data to comply with legal obligations, prevent fraud, enforce contracts, and protect rights. This may include retaining records, responding to legal requests, and ensuring regulatory compliance. In some jurisdictions, this processing is based on our legitimate interest to operate and protect our business, as well as for compliance with legal obligations.

Use of Website Visitors’ Personal Data

For individuals visiting our website, we may process your personal data for the following purposes:

  • Site operation and performance: Ensuring our website functions properly, loads quickly, and displays correctly on your device. This includes using necessary cookies and scripts for core functionality, such as navigation and cookie consent preferences. In some jurisdictions, this processing is based on our legitimate interests to provide a functioning website.

  • Responding to inquiries: Using provided contact details to reply to questions or requests submitted through our website. In some jurisdictions, this processing is based on our legitimate interests to provide a response to your inquiries.

How We Share Your Information

We share personal data in the following scenarios:

  • Vendors and service providers (including processors): We make personal data available to our vendors, service providers, contractors, and consultants who perform services on our behalf, such as companies that assist us with cloud hosting, analytics, email, payments, and support. They process data on our behalf under strict confidentiality and data protection agreements.

  • Clients and partners: Unbounded has client organizations using our Services to conduct surveys and receive analytical insights or research, including businesses, government agencies, NGOs, educational institutions, and consulting firms. We may share survey results with the commissioning client, typically in aggregated or anonymized form (e.g., “60% of users in the 18-24 age group like Product X”). If individual responses are shared, we ensure they are either non-identifiable or clearly disclosed at collection. Clients must use respondent data as agreed and comply with privacy laws. Contact details are only shared if explicitly collected for that purpose (e.g., follow-up interviews).

  • Advertising and publishing partners: To reach you we work with advertising networks, exchanges, and app/website publishers to display survey invitations (e.g., in-app ads or web pop-ups). This involves a limited exchange of data: publishers send us device data and context to determine if a survey should be shown, and we may send back event data (e.g., survey completion). This process uses secure, automated channels.

  • Professional advisors: We share personal data with our legal, financial, insurance, and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.

  • Within our corporate group: We may share personal data with affiliates, subsidiaries, or a parent company to operate our services and provide support (e.g., if an affiliate handles customer support or data analysis).

  • Legal compliance and protection: We may disclose personal data when necessary to comply with laws, legal processes, or government requests (e.g., court orders or subpoenas), enforce our agreements (such as involving legal counsel or debt collection for contract breaches), prevent fraud or security risks (e.g., sharing info with fraud prevention agencies), or protect the rights, safety, and property of Unbounded, our employees, users, our clients, or the public (including cybersecurity measures or alerting authorities in case of imminent threats).

  • Business transfers: In the event of a merger, acquisition, restructuring, or similar transaction, personal data may be transferred as part of the business assets. If ownership changes materially, we will notify you (e.g., via our website or email) and inform you of any choices available.

  • With your consent or at your direction: We make personal data available to third parties when we have your consent or you intentionally direct us to do so.

We also share aggregated or de-identified information that cannot reasonably be used to identify you. We maintain and use this information only in a de-identified fashion and will not attempt to re-identify such information, except as permitted by law.

In the context of our Services, we allow our clients to collect user responses in two ways:

  • Exclusive surveys: If a client requests exclusive access, we provide them with aggregated or de-identified survey responses that are not shared with other clients.

  • Non-exclusive surveys (default option): Unless a client opts for exclusivity, the aggregated or de-identified survey responses may be shared with all other present and future clients.

Importantly, we design shared results to be aggregated or de-identified to reduce the risk of identifying individuals. We retain survey data internally for quality control, analytics, and improving our services. If our data sharing practices change, we will update this policy accordingly.

Third-Party Privacy Practices: When we share data with third parties (such as our clients or partners). Our partners and clients have their own privacy policies governing how they handle shared data. While we require them to protect personal data, their practices are their responsibility. For example, if you access our service via a third-party app, its privacy policy may explain how it shares data with us. We recommend reviewing third-party privacy policies for more details.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and for other business purposes explained in this Services Privacy Policy, or as long as required by applicable laws and legitimate business needs. This means retention periods can vary depending on the type of data and context. We strive to define retention periods that are no longer than necessary. Below is a general outline of how we approach data retention:

  • Users’ Data: We retain survey response data and related respondent information for as long as it remains useful for research, analytics, quality control, verification, and the development and improvement of our Services. This includes reuse of pseudonymized survey data in future studies, comparative analysis, and longitudinal research, where permitted by law. In many cases, individual response data is retained in a pseudonymized form (for example, associated with a device or survey identifier rather than a direct identifier) to support research integrity, avoid duplicate participation, and improve analytical models. When personal data is no longer necessary or legally permissible to retain, we will delete it or transform it into de-identified or aggregated form. We also retain information necessary to honor opt-out or withdraw requests (e.g., if you decline further participation, we keep a record of that decision). If you consent to sensitive survey topics, additional rules apply to how we handle and retain those answers; see our Sensitive Data Consent Policy.

  • Clients’ Data: We retain client and business contact information for the duration of our business relationship and as needed thereafter for legitimate purposes and as spelled out in our contracts. If you are a client, your account data and project data will typically be kept as long as your account is active or as needed to provide services. After you cease being a client, we may archive your account and project records for a certain period (for example, to have a history of our engagements and in case you return or have questions about past work). Billing records, invoices, and payment history are retained in accordance with financial record-keeping laws (which often require retention for 5-7 years or more). Correspondence and support tickets might be kept for a few years in case of later reference. We also maintain minimal information to avoid contacting you if you’ve opted out of marketing or to honor other restrictions you’ve requested. In summary, we won’t keep your full client profile forever if you are no longer active, but we will keep what’s necessary for our internal records and legal compliance.

  • Legal and Compliance: In certain cases, we may need to retain data for longer periods if required by law or if needed to resolve disputes. For instance, if we receive a legal hold notice related to data (perhaps because of litigation), we will preserve relevant information until the hold is lifted. We also must abide by laws like tax regulations, which may mandate that we keep transaction records and associated identifiers for a minimum number of years. Additionally, if you exercise a right to erasure, we may keep a minimal record of your request and the data we erased to demonstrate compliance, and to ensure we don’t inadvertently re-contact you or reprocess your data (this minimal record might include, for example, your email address and a note that you requested deletion).

  • De-Identified and/or Aggregated Data: If we have transformed personal data into a de-identified and/or aggregated format, we may keep this data for a longer period since it is no longer personal data. Such data helps us to understand trends and improve our services over time without compromising individual privacy. For example, we might keep de-identified and/or aggregated survey responses and results or statistical models indefinitely, as they contain no personal identifiers.

In all cases, when personal data reaches the end of its retention period, we will either delete it securely or de-identify it.

If you have specific questions about our retention practices for a particular type of data, please feel free to contact us for more detailed information.

Your Privacy Rights (Overview)

We respect your rights to control your personal data. Depending on your jurisdiction and the applicable law, privacy laws may grant you certain rights regarding your personal data. We have processes in place to allow you to exercise these rights. Please note that these rights are not absolute and may be subject to certain conditions or exemptions under the law.

The sections below explain how these rights apply to you depending on your location and how you can exercise them in practice.

Security Measures to Protect Your Data

We take the security of personal data seriously and have implemented a variety of technical and organizational measures to protect against unauthorized access, alteration, disclosure, or destruction of your information. While no method of transmission over the internet or electronic storage is 100% secure, we strive to use commercially acceptable means and industry best practices to protect your personal data. We maintain a security policy that is available upon request.

We remind you that you also play a role in protecting your information. Never provide personal data to us if you do not want to share it. For clients with accounts, please choose strong passwords and keep them confidential. If you suspect any unauthorized access or encounter any security issues with our service, notify us immediately so we can take appropriate action.

Children’s Privacy

Our Services are available worldwide. The age at which a user can consent to provide their personal data varies by jurisdiction. Our Services, including ads, content, surveys, emails/invitations, client services (including our client portal), and website content, are not directed to children under the age of 16 (or a higher minimum age in your jurisdiction), and we do not knowingly collect personal data from children under 16 (or a higher minimum age in your jurisdiction). If you are under 16 (or a higher minimum age in your jurisdiction), please do not provide personal data to us or use our Services. We may request age information to verify eligibility. If a user indicates they are under 16, we immediately delete this data and restrict further participation in the Services.

If we become aware that we have inadvertently collected personal data from a child under the age of 16 (or a higher minimum age in your jurisdiction) without proper consent, we will take steps to delete that information as soon as possible. Parents or guardians who believe that we might have information about their child can contact us (see Contact Us below), and we will promptly investigate and remove any data we may have.

Additional Information for Residents of Europe

If you are a resident of the European Economic Area (EEA), this section applies to you.

Legal Basis for Processing

As described above, we rely on various following lawful bases to process your personal data. These include:

  • Consent: For activities like collecting personal data or using non-essential cookies.

  • Contract performance: As necessary to deliver on any contractual commitments we make to you, such as fulfilling our Terms of Service.

  • Legitimate interests: For business operations, fraud prevention, and improving our services.

  • Legal obligations: To comply with laws, respond to legal requests, and meet regulatory requirements.

Your Rights

As a resident of the EEA, you have the following rights:

  • Right to access: You have the right to request confirmation of whether we are processing your personal data, and if so, to receive a copy of the personal data we hold about you, along with certain information about how we use it. This is sometimes called a “Data Subject Access Request.” We will provide the first copy of your data free of charge, but as permitted by law, we may charge a reasonable fee or refuse repetitive, excessive requests.

  • Right to rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you. If any of your information has changed or you discover it’s incorrect, please let us know so we can correct it. For example, if you are a client and your email address changes, you can update it in your account or ask us to update our records.

  • Right to erasure (deletion): You have the right to request the deletion of your personal data in certain circumstances. This right, also known as the “right to be forgotten,” applies, for instance, if the data is no longer necessary for the purposes it was collected, you withdraw consent (and no other legal basis applies), or you object to processing and we have no overriding legitimate grounds to continue. We will evaluate and, if appropriate, honor such requests in accordance with the law. Keep in mind there are exceptions – we may retain data if needed for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims. If we cannot delete data you requested, we will inform you of the reason (unless legally prevented from doing so).

  • Right to restrict processing: You have the right to request that we limit the processing of your personal data under certain scenarios. This might occur if you contest the accuracy of the data (for a period enabling us to verify it), or if you object to our processing based on legitimate interests (pending our assessment of whose interests prevail), or if processing is unlawful but you prefer restriction over deletion. When processing is restricted, such data will only be processed with your consent or for specific reasons like legal claims or protecting others’ rights, except for continued storage. We will inform you before lifting any such restriction.

  • Right to object: You have the right to object to our processing of your personal data when the processing is based on legitimate interests, and you have grounds relating to your particular situation. We will then re-evaluate our reasons for processing and will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims. Importantly, you have an absolute right to object to direct marketing at any time. If we ever send you marketing communications, you can opt out and we will cease further marketing to you without question.

  • Right to data portability: When legally applicable, you have the right to receive your personal data that you provided to us in a structured, commonly used, machine-readable format, and to have that data transmitted to another controller (for example, another service provider) where technically feasible. This right applies when the processing is based on your consent or on a contract with you, and the processing is carried out by automated means. For example, if you provided us with a set of profile data and then want to transfer it to a similar service, we will assist in providing it in a portable format if the conditions are met.

  • Right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal. For example, if you consented to participate in a specific survey, you can withdraw during the survey or afterward, and we will stop using your data for that survey (although data already processed in aggregate form may not be retrievable, we would exclude your future participation if that’s your wish). You can withdraw your consent immediately from within surveys that appear in which you provided your consent by pressing the “WITHDRAW CONSENT” button at the bottom of the privacy policy available from the info icon ⓘ inside each ad. To withdraw consent for marketing emails, you can simply click the unsubscribe link in the footer of any email or contact us. For other consent withdrawals, contacting us directly is the best approach.

  • Right to information and transparent communication: You have the right to be informed about how we collect and use your data (which is the purpose of this Services Privacy Policy). If you have questions about any of the content in this Policy or how your data is handled, you also have the right to an understandable and transparent response. We aim to provide that, and you can always reach out to us for further explanation.

  • Right to lodge a complaint: If you believe we have not complied with applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. For individuals in the EEA, this typically means your country’s data protection authority; for example, Sweden’s Integritetsskyddsmyndigheten (IMY) if you reside in Sweden.

How to Exercise Your Rights

To exercise your rights, please contact us (see "Contact Us"). We may ask for additional information in order to verify your identity. If we process your data on behalf of a client, we may refer you to them. We respond within legal timeframes. Requests are free unless excessive. If we cannot fully comply, we will explain why. If you disagree with a decision, you may request a review or appeal where applicable. If you are unsatisfied with our response to any request to exercise your rights, you also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at https://www.imy.se.

TCF Compliance

Unbounded AB participates in the IAB Europe Transparency and Consent Framework (TCF) and complies with its Policies and Technical Specifications.

Our TCF Vendor ID is 1413, and we operate under the legal bases declared in the IAB Global Vendor List (GVL).

We honor the consent and preferences signaled by users through the TCF framework and ensure that our systems respect those choices in all personal data processing activities governed by the TCF.

Sensitive survey topics (e.g., GDPR Article 9) are handled under a separate explicit consent flow and are not inferred from or granted through TCF signals.

Data Transfers

Unbounded AB is based in Sweden. We primarily store and process data on servers located within the European Union (EU). We might store and process data in other locations depending upon the location of clients and end users. However, the global nature of our services means that your personal data may be transferred to, or accessed by, entities outside of your home country, including outside the EEA. We take appropriate measures to ensure that such international data transfers comply with applicable data protection laws and that your data remains protected as it travels. When we transfer personal data from the EEA to countries not deemed to have “adequate” data protection laws (for example, transfers to the United States or other countries), we rely on approved safeguards under the GDPR. The primary mechanism we use is the European Commission’s Standard Contractual Clauses (“SCCs”). We have SCCs in place with our service providers outside the EU/EEA as required. In some cases, we may also rely on an adequacy decision (if the country has been approved by the EU as having essentially equivalent protections).

You can contact us at privacy@unboundedsource.com if you would like more information about international data transfers or to obtain a copy of the relevant transfer agreements (such as SCCs) we use. We will provide as much information as we are able to, although we may need to redact certain contractual details for confidentiality reasons.

Data Controller

Unbounded AB acts as the data controller for the personal data we collect. Our clients are separate controllers for their own analysis. Ad exchanges, ad networks, app/game publishers, and website owners are independent controllers. Our contact information is as follows:

Unbounded AB
Tre Liljor 3
113 44 Stockholm
Sweden

Email: privacy@unboundedsource.com

Additional Information for Residents of the United States

Some U.S. states have enacted privacy laws that grant their residents certain rights and require specific disclosures. If you reside in California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, this section applies to you. This section also serves as our California notice at collection.

Categories of Recipients of Personal Data

We may disclose personal data to the following categories of recipients:

  • Clients and Research Customers: Organizations that commission surveys or research through our Services. Data is typically shared in aggregated or de-identified form.

  • Advertising and Publishing Partners: Including ad exchanges, supply-side platforms, publishers, and app or website operators that enable the delivery of surveys or ads.

  • Service Providers and Vendors: Companies that provide services on our behalf, such as cloud hosting, analytics, fraud prevention, customer support, and security services.

  • Professional Advisors: Such as legal, financial, or compliance advisors where necessary.

  • Affiliates: Entities within our corporate group that support our operations.

  • Authorities and Others as Required by Law: When necessary to comply with legal obligations or protect rights and safety.

Additional Disclosures

Our Privacy Policy explains how we collect, use, and disclose information about you. As required by certain state privacy laws, we use the table below to explain this same information.

Categories of Personal Data We CollectCategories of RecipientsUse of Personal Information
Identifiers such as device advertising identifiers (e.g., IDFA, AAID, IDFV), IP address, online identifiers, and similar pseudonymous identifiers.• Advertising and publishing partners (e.g., ad exchanges, publishers, app or website operators)<br> • Service providers (e.g., cloud hosting, analytics, fraud prevention)<br> • Clients (in aggregated or de-identified form)<br> • Affiliates• Deliver ads and surveys<br> • Enable survey participation and response tracking<br> • Frequency control and avoidance of duplicate surveys<br> • Fraud prevention and security<br> • Measurement and analytics<br> • Research analysis and service improvement
Geolocation data such as the approximate location derived from IP address or device settings (e.g., country, region, or city); we do not collect precise geolocation unless permitted by the app, device, or user.• Advertising and publishing partners<br> • Service providers<br> • Clients (aggregated or de-identified)• Determine eligibility and relevance of surveys<br> • Enforce geographic restrictions<br> • Produce location-based research insights in aggregated form<br> • Fraud prevention and compliance
Internet and other electronic network activity information including interactions with ads or surveys, survey participation events, timestamps, engagement metrics, and technical usage data.• Service providers<br> • Clients (aggregated or de-identified)<br> • Affiliates• Operate and deliver the Services<br> • Measure engagement and survey completion<br> • Generate aggregated research insights<br> • Improve platform performance and reliability<br> • Detect abuse, invalid traffic, or fraud
Survey responses including opinions, preferences, feedback, and answers you provide when participating in surveys• Clients (aggregated or de-identified only, unless otherwise disclosed at collection)<br> • Service providers supporting research operations• Conduct market, product, brand, opinion, and other types of research<br> • Generate aggregated or anonymized research insights<br> • Quality control and validation of responses<br> • Improve research methodologies and services
Demographic and profile information such as age range, language, country of residence, or other non-sensitive attributes voluntarily provided in surveys or used for survey qualification.• Clients (aggregated or de-identified)<br> • Service providers<br> • Affiliates• Qualify respondents for surveys<br> • Analyze survey results and generate research insights<br> • Improve survey design and relevance<br> • Statistical modeling and service improvement
Inferences drawn from survey responses or engagement patterns to support research analysis, survey relevance, and fraud prevention.• Clients (aggregated or de-identified)<br> • Service providers<br> • Affiliates• Research analysis and reporting<br> • Improve survey targeting and relevance<br> • Enhance analytical models and methodologies<br> • Internal service optimization
Sensitive personal data, only when you explicitly consent to provide such information in connection with a specific survey (for example, health-related or political opinion questions); sensitive personal data is not used for advertising, profiling, or cross-context behavioral targeting.• Clients (aggregated or de-identified only)<br> • Service providers supporting research operations• Conduct specific research studies where you have expressly consented<br> • Generate aggregated or anonymized research outputs<br> • Quality control and methodological validation<br>Not used for advertising, profiling, or cross-context behavioral targeting
Other information you choose to provide including free-text responses, comments, or optional information submitted through surveys or interactive content• Clients (aggregated or de-identified only)<br> • Service providers• Conduct research and analysis based on voluntary input<br> • Improve survey quality and research depth<br> • Quality assurance, moderation, and validation<br> • Service improvement and development

Certain disclosures of personal data to advertising and publishing partners may be considered a “sale” or “sharing” of personal data under applicable U.S. state privacy laws. These disclosures occur in connection with delivering ads or survey invitations across different apps, websites, or devices and may involve device identifiers or similar online identifiers.

We do not knowingly sell or share personal data of individuals under the age of 16 (or older in some jurisdictions).

Targeted Advertising, Sales, and Shares

We use the information we collect to show you ads that are targeted to you based on your activity across non-affiliated websites, apps, and other services, and we may share your information with certain partners for these purposes. These activities may be considered “sales,” “shares,” or processing of your information for “targeted advertising” purposes under certain U.S. state privacy laws. You may opt out of these practices through the opt out presented to you in our surveys, by using the settings on your mobile device (“Limit Ad Tracking” on iOS devices and “Opt out of Personalized Ads” on Android devices), or by emailing us at privacy@unboundedsource.com.

Your Rights

Depending on your state of residence, you may have the right to:

  • Request access to personal data we hold about you

  • Request deletion of your personal data

  • Request correction of inaccurate personal data

  • Opt out of the sale or sharing of personal data

  • Limit the use of sensitive personal data

  • Appeal a decision regarding your request, where applicable

How to Exercise Your Rights

Because we generally do not collect direct identifiers such as names or email addresses in connection with our Services, the primary way to exercise your privacy rights is through the in-ad privacy link available in each ad or survey. This mechanism allows you to withdraw consent, opt out, or restrict further processing at the device or identifier level.

We also accept requests by email; however, due to the pseudonymous nature of our data, we may be unable to verify or fulfill certain requests submitted via email without additional information. Because we generally do not maintain account-level identity for end users, we may not be able to fulfill certain requests that cannot be reasonably verified at the device or identifier level. If we cannot reasonably verify your request, we will explain why. You may contact us at privacy@unboundedsource.com.

Global Privacy Control (GPC)

Global Privacy Control (GPC) is a browser or device-level signal that communicates a user’s preference to opt out of the sale or sharing of personal data.

Where required by applicable law (including California, Colorado, Connecticut, Montana, and Oregon), we honor GPC signals as a valid request to opt out of the sale or sharing of personal data. Support for GPC may vary by jurisdiction and technical context.

Data Retention and Pseudonymous Use

We retain personal data for as long as reasonably necessary to support research, analytics, fraud prevention, frequency control, legal compliance, and service improvement. Much of this data is retained in a pseudonymous form, associated with device or survey identifiers rather than directly identifying information.

We may retain records of opt-out, withdrawal, or restriction requests to ensure that your preferences continue to be honored and to comply with legal obligations.

Authorized Agents

Depending on where you reside, you may designate an authorized agent to submit an access, deletion, or correction request on your behalf. We may ask authorized agents to submit proof of their authority to make a request, such as a valid power of attorney or proof that they have signed permission from the consumer who is the subject of the request. In some cases, we may contact the individual who is the subject of the request to verify their own identity or confirm the authorized agent has permission to submit the request. If you are an authorized agent seeking to make an access, correction, or deletion request on behalf of a consumer, please contact us via email at privacy@unboundedsource.com.

Appeals and Non-Discrimination

If we deny your rights request, you may appeal our decision by contacting us. If you have concerns about the result of an appeal, or if we are unable to resolve your concerns about our processing of your personal data, you may contact the attorney general in the state where you reside.

You have the right not to be discriminated against for exercising any of your privacy rights. If you have a concern about our processing of personal data, we encourage you to contact us in the first instance.

Updates to this Services Privacy Policy

We may update this policy to reflect changes in practices, laws, or technology. The “Last Updated” date will be revised accordingly. Significant changes may be highlighted through notices or emails. Continued use of our Services after updates implies acceptance, as permitted by law.

Contact Us

If you have any questions, concerns, or requests regarding this Services Privacy Policy or how Unbounded AB handles your personal data, please do not hesitate to contact us:

Unbounded AB
Tre Liljor 3
113 44 Stockholm
Sweden

Email: privacy@unboundedsource.com

Revision History

Version 1.0 - Last Updated: March 11, 2025

Version 1.1 - Last Updated: April 14, 2025

Version 1.2 - Last Updated: January 20, 2026