Privacy Policy

Last Updated: April 21, 2026

Boundee OÜ ("Company", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect, why we collect it, and how we use it when you access or use our mobile applications (iOS / Android) and web service (the "Service").

By using the Service, you consent to the practices described in this Privacy Policy.

1. Company Information / Data Protection Contact

Boundee OÜ
Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Soo tn 1b/4-43, 10414, Estonia
Email: info@boundee.com

For all privacy-related inquiries, access, correction, or deletion requests, please contact us at the address above. We will respond within 30 days of receiving your request.

2. Information We Collect and Why

We collect only the minimum information necessary to provide our Service.

Data Purpose Retention
Email address Account login and authentication (POST /auth/login) Duration of account + as required by law
Password (hashed) Account authentication. Passwords are never stored in plain text; they are hashed using the bcrypt algorithm. Duration of account
User name and role Profile display and access control (GET /me) Duration of account
User ID (internal integer) Account identification and linking activity within the Service Duration of account
Device push token and platform identifier
(iOS: APNs token, Android: FCM token, and iOS/Android platform label)		 Sending push notifications related to hiring workflow events only (POST /devices). Never used for marketing or advertising. Upon logout, a deletion request is sent to remove the token from our servers and the local credential is cleared (DELETE /devices/{token}). Until logout or app uninstall
Hiring workflow response content Comments entered by the user in response to a hiring Action Request (POST /action-requests/{id}/respond, POST /action-requests/{id}/execute — reason field). Accessible only to authorized hospital hiring staff for work purposes. Duration of contract + as required by law

3. Information We Do NOT Collect

Our mobile applications (iOS and Android) do not collect the following. We state this explicitly:

  • No analytics or crash-reporting SDKs — Firebase Analytics, Crashlytics, Sentry, Mixpanel, Amplitude, and similar tools are not used in the mobile apps.
  • No advertising identifiers — IDFA, GAID, or any App Tracking Transparency tracking is not used.
  • No location, contacts, health/fitness, financial, browsing, or search data are collected.
  • We do not sell your personal data, nor share it with third parties for commercial purposes — all data is processed on our own AWS infrastructure.
  • No marketing or advertising use of any collected data.
  • We do not knowingly collect data from children under 13 (U.S.) or under 16 (EU).

Note: Our website (boundee.com) uses Google Analytics (GA4) for aggregate traffic analysis. This applies to the website only and is not related to the mobile apps. See Section 6 for details.

4. Legal Basis for Processing (GDPR / EU Users)

  • Contractual necessity: Processing required to provide the Service and manage your account.
  • Legitimate interests: Service security and operational integrity.
  • Consent: Push notifications (where you have granted permission in the app).

Biometric data (Face ID / fingerprint): Biometric authentication is processed entirely on-device via Apple and Google platform APIs (Face ID, Touch ID, Android BiometricPrompt). Biometric data is never transmitted to our servers.

5. Data Transfers and Sub-processors

We use the following sub-processors to operate the Service:

  • Amazon Web Services, Inc. (AWS) — Server infrastructure and data storage.
    Primary region: United States (us-east-1 or us-west-2). All data is processed within our own AWS infrastructure.
  • Google LLC — Web font delivery via fonts.googleapis.com (website only).
    Fonts are loaded from Google's CDN on each page visit. Google may log the request IP address per their own privacy policy.

For transfers from the EU/EEA, we rely on Standard Contractual Clauses (SCCs) pursuant to Article 46 of the GDPR. For questions about international data transfers, contact info@boundee.com.

6. Cookies and Web Analytics

Mobile apps: No cookies, local storage tracking, or device fingerprinting.

Website (boundee.com): We use Google Analytics (GA4) to understand aggregate usage patterns such as page visits and session duration. We also set a Laravel session cookie for authentication purposes. You may disable cookies in your browser settings or use a Google Analytics opt-out browser extension.

7. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your personal data (including account deletion).
  • Restriction: Request restriction of certain processing activities.
  • Portability: Request your data in a portable format (GDPR users).
  • Objection: Object to certain processing activities.

To exercise any of these rights, email info@boundee.com. We will respond within 30 days. We may ask you to verify your identity before processing the request. EU residents have the right to lodge a complaint with their local Data Protection Authority (DPA).

California residents (CCPA): You have the right to know what personal information we collect, to request deletion, and to opt out of the sale of personal information. We do not sell personal information. To submit a request, email info@boundee.com.

8. Data Security

We apply the following measures to protect your personal data:

  • HTTPS/TLS encryption in transit
  • Passwords stored using bcrypt hashing (plaintext never stored)
  • Access control and principle of least privilege
  • AWS security infrastructure

9. Changes to This Policy

We may update this Policy to reflect changes in law or our Service. Material changes will be communicated through the Service or by email before taking effect. The updated Policy is effective from the date published on this page.

10. Contact

For questions or to exercise your rights:
Boundee OÜ
Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Soo tn 1b/4-43, 10414, Estonia
Email: info@boundee.com

Cookie Settings

You can review or update your cookie preferences for this website at any time. Manage cookie settings