Legal & Compliance

Privacy Policy

This Privacy Policy explains how LogicBounce Inc. collects, uses, discloses, and protects personal information in connection with our website, the Nexus platform, and our professional services. We take privacy seriously — both as a legal obligation and as a core principle of how we operate.

Effective Date 17 June 2026
Last Updated 17 June 2026
Version 2.0
Jurisdiction Taiwan (with GDPR & CCPA provisions)

01 Who We Are

LogicBounce Inc. (“LogicBounce,” “we,” “us,” or “our”) is a cybersecurity company headquartered in Taiwan. We develop and operate the Nexus autonomous cyber defense platform and provide professional security services including managed detection and response (MDR), SOC as a Service, incident response, digital forensics, breach recovery, threat intelligence, and advisory services.

For the purposes of data protection law, LogicBounce Inc. is the data controller for personal information collected through our website and marketing activities. For personal information processed within our platform on behalf of enterprise customers, LogicBounce acts as a data processor and our customers are the data controllers.

Note on platform data: If you are an employee, contractor, or end user of an organisation that uses the LogicBounce Nexus platform, your personal information is processed under the privacy policy and data processing agreement of that organisation. Please contact your organisation’s security or IT team for information about how your data is handled within the platform.

02 Scope of This Policy

This Privacy Policy applies to:

  • Visitors to www.logicbounce.com and any subdomains
  • Individuals who request information, demos, or quotes through our website or sales team
  • Contacts who subscribe to our threat intelligence publications, newsletters, or research briefings
  • Attendees at LogicBounce-hosted events, webinars, and conference activities
  • Individuals who communicate with us by email, telephone, or through social media
  • Job applicants and candidates who apply for positions at LogicBounce
  • Authorised users of the Nexus client portal and platform (subject to your organisation’s data processing agreement)

This policy does not apply to information LogicBounce processes as a data processor on behalf of our enterprise customers within the Nexus platform. That processing is governed by the Data Processing Agreement (DPA) between LogicBounce and the customer organisation.

03 Information We Collect

3.1 Information You Provide Directly

We collect information you voluntarily provide when you:

ActivityInformation Collected
Request a demo or informationName, work email, job title, company name, phone number, country, message content
Subscribe to publications or researchName, work email, job title, organisation, areas of interest
Register for an event or webinarName, work email, job title, organisation, dietary requirements (in-person events)
Contact us by email or phoneName, contact details, content of communications
Apply for employmentName, contact details, CV/résumé, cover letter, employment history, qualifications, right-to-work information
Access the client portalName, work email, job title, multi-factor authentication credentials, access logs
Report a security vulnerabilityName (optional), contact details, vulnerability details

3.2 Information We Collect Automatically

When you visit our website, we automatically collect certain technical information:

  • Log data: IP address, browser type and version, operating system, referring URLs, pages visited, time and date of visit, time spent on pages
  • Device information: Device type, screen resolution, language settings
  • Cookie data: Session identifiers, preference settings, analytics identifiers (see Section 12 for full cookie details)
  • Usage data: Features accessed within the client portal, search queries, interaction patterns

3.3 Information From Third Parties

We may receive information about you from:

  • Business data providers: Firmographic data (company size, industry, technology stack) to understand your organisation’s context before outreach
  • LinkedIn and professional networks: Publicly available professional information when we engage in B2B outreach
  • Event partners: Contact information from co-hosted events where you have consented to share details with sponsors or co-organisers
  • Referrals: Contact information provided by colleagues or partners who refer you to us
  • Background check providers: For employment candidates who reach the offer stage, subject to applicable law and your consent

3.4 Sensitive Information

As a cybersecurity company, the nature of our professional services means we may process information relating to security incidents, breaches, and vulnerabilities affecting our customers’ organisations. This information is handled under the terms of the relevant DPA and service agreement. We do not collect sensitive personal categories (health data, religious beliefs, political opinions, etc.) through our website or marketing activities.

04 How We Use Your Information

PurposeInformation UsedLegal Basis
Responding to enquiries and demo requestsContact details, company information, message contentLegitimate interests / Contract
Providing and operating the Nexus platformAccount credentials, usage data, access logsContract performance
Sending threat intelligence and research publicationsName, email, areas of interestConsent / Legitimate interests
Marketing communications about our servicesName, email, job title, companyLegitimate interests (B2B) / Consent
Hosting events and webinarsRegistration detailsContract performance / Legitimate interests
Processing employment applicationsCV, application materials, interview notesPre-contractual steps / Legal obligation
Improving our website and servicesUsage data, analytics, feedbackLegitimate interests
Security monitoring of our own systemsAccess logs, IP addresses, session dataLegitimate interests / Legal obligation
Complying with legal obligationsAny relevant personal dataLegal obligation
Enforcing our agreements and protecting rightsAny relevant personal dataLegitimate interests / Legal obligation
We do not sell your personal information. We do not sell, rent, or trade personal data to third parties for their own marketing purposes. We do not use personal data to build advertising profiles or for behavioural advertising targeting.

05 Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information under the following legal bases under the General Data Protection Regulation (GDPR) and equivalent national laws:

  • Contract performance: Processing necessary to enter into or perform a contract with you or your organisation, including providing platform access, delivering services, and fulfilling service agreements.
  • Legitimate interests: Processing in pursuit of our legitimate business interests, including B2B marketing to organisations likely to benefit from our services, security monitoring of our own infrastructure, fraud prevention, and improving our products. We conduct a balancing test to ensure our interests do not override your privacy rights.
  • Legal obligation: Processing required to comply with applicable laws, including financial record-keeping obligations, responding to lawful requests from public authorities, and regulatory compliance requirements.
  • Consent: Where we rely on your consent for specific activities such as newsletter subscriptions or non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Vital interests: In rare circumstances, processing necessary to protect life — relevant to our incident response services where we may encounter information about threats to physical safety.

06 How We Share Your Information

We do not sell personal information. We share personal information only in the following circumstances:

6.1 Service Providers

We engage trusted third-party service providers who process personal data on our behalf under strict data processing agreements. These include:

  • Cloud infrastructure providers (hosting, storage, compute)
  • Customer relationship management (CRM) platforms for managing sales and marketing contacts
  • Email delivery and marketing automation platforms
  • Video conferencing and event platforms for webinars and meetings
  • Analytics providers for website and platform usage analysis
  • Recruitment and applicant tracking platforms for employment applications
  • Legal, accounting, and professional advisors subject to confidentiality obligations

6.2 Business Transfers

If LogicBounce undergoes a merger, acquisition, reorganisation, asset sale, or similar transaction, personal information may be transferred as part of that transaction. We will notify affected individuals as required by applicable law and ensure appropriate protections are in place.

6.3 Legal Requirements and Safety

We may disclose personal information where required to:

  • Comply with a legal obligation, court order, or lawful government request
  • Enforce our Terms of Service or other agreements
  • Protect the rights, property, or safety of LogicBounce, our customers, or others
  • Detect, investigate, or prevent fraud, security incidents, or technical issues

Where permitted by law, we will notify you of such requests. We review all law enforcement and government requests for legal sufficiency before responding.

6.4 With Your Consent

We may share your information with third parties where you have given explicit consent, such as when you choose to share your details with a co-sponsor of an event or webinar.

6.5 Aggregated and De-identified Data

We may share aggregated, anonymised, or de-identified information that cannot reasonably be used to identify you — for example, industry threat statistics, benchmark data, or aggregated platform performance metrics.

07 Security & Data Protection

As a cybersecurity company, the security of personal data is fundamental to how we operate. We apply the same rigour to protecting your personal information as we apply to protecting our customers’ environments.

Technical Measures

  • Encryption in transit using TLS 1.3 for all data transmitted to and from our systems
  • Encryption at rest using AES-256 for all stored personal data
  • Zero-trust network architecture with multi-factor authentication enforced for all internal access
  • Least-privilege access controls — employees access personal data only on a need-to-know basis
  • Continuous security monitoring of our own infrastructure using the Nexus platform
  • Regular penetration testing of our systems by our internal Threat Defense Unit red team
  • Cryptographic isolation between customer data environments

Organisational Measures

  • Privacy and data protection training for all employees who handle personal data
  • Background checks for employees with access to sensitive data
  • Incident response procedures for personal data breaches, with regulatory notification timelines tracked
  • Annual third-party security audits and SOC 2 Type II certification
  • Data processing agreements with all third-party service providers
Data breach notification: In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Article 33. Where the breach is likely to result in a high risk to individuals, we will notify affected individuals directly without undue delay.

No security system is impenetrable. While we implement industry-leading measures, we cannot guarantee absolute security. If you have reason to believe your interaction with us is no longer secure, please contact us immediately at [email protected].

08 Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

Data CategoryRetention PeriodBasis
Website enquiry and contact form data3 years from last contactLegitimate interests (sales pipeline)
Customer account and platform dataDuration of contract + 7 yearsContract / Legal obligation
Marketing contact data (with consent)Until withdrawal of consent or 3 years of inactivityConsent / Legitimate interests
Event registration data2 years after the eventLegitimate interests
Employment application data (unsuccessful)12 months from rejectionLegitimate interests (defence of claims)
Employment application data (successful)Duration of employment + 7 yearsLegal obligation
Incident response and forensic case data7 years from case closureLegal obligation / Contractual
Website analytics data26 months (anonymised after 13 months)Legitimate interests
Security and access logs12 monthsLegitimate interests / Legal obligation
Financial and billing records7 yearsLegal obligation

At the end of the applicable retention period, personal data is securely deleted or anonymised in accordance with our data disposal procedures. Where data is processed under a DPA on behalf of a customer, retention is governed by that agreement.

09 International Data Transfers

LogicBounce is headquartered in the United States. If you are located in the European Economic Area, United Kingdom, or other regions with data transfer restrictions, your personal information may be transferred to and processed in the United States or other countries.

We ensure such transfers are subject to appropriate safeguards:

  • Standard Contractual Clauses (SCCs): For transfers from the EEA and Switzerland, we use the European Commission’s approved Standard Contractual Clauses incorporated into our data processing agreements.
  • UK International Data Transfer Agreements (IDTAs): For transfers from the United Kingdom, we use UK-approved transfer mechanisms.
  • Adequacy decisions: Where the European Commission or UK ICO has issued an adequacy decision for the destination country.
  • Binding Corporate Rules: For intra-group transfers where applicable.

We conduct Transfer Impact Assessments (TIAs) where required to evaluate the legal framework of destination countries and implement supplementary measures where necessary. You may request a copy of the relevant transfer mechanisms by contacting [email protected].

10 Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information. We respond to all valid requests within 30 days (extendable by a further 60 days for complex requests, with notice).

Right of Access

Request a copy of the personal information we hold about you and information about how it is used.

Right to Rectification

Request correction of inaccurate or incomplete personal information we hold about you.

Right to Erasure

Request deletion of your personal information where there is no compelling reason for continued processing.

Right to Restrict Processing

Request that we limit how we use your personal information in certain circumstances.

Right to Data Portability

Receive your personal information in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object

Object to processing based on legitimate interests, including direct marketing. We will stop processing unless we have compelling legitimate grounds.

Rights re: Automated Decisions

Not to be subject to decisions based solely on automated processing that produce significant legal or similar effects, unless you have given explicit consent.

Right to Withdraw Consent

Withdraw consent at any time for processing based on consent, without affecting the lawfulness of prior processing.

How to Exercise Your Rights

Submit a rights request by emailing [email protected] with the subject line “Privacy Rights Request” and describing the right you wish to exercise. We may need to verify your identity before processing your request. We will not charge a fee for reasonable requests.

Right to Lodge a Complaint

If you are in the EEA and believe we have not handled your personal data in compliance with GDPR, you have the right to lodge a complaint with your local supervisory authority. In the UK, the relevant authority is the Information Commissioner’s Office (ICO) at ico.org.uk. We would, however, appreciate the opportunity to address your concerns before you approach a supervisory authority.

11 California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA: identifiers (name, email, IP address), professional and employment information (job title, company), internet and network activity information (browsing activity on our site), and inferences drawn from this information to create a profile about your preferences and interests.

Your California Rights

  • Right to Know: Request disclosure of the categories and specific pieces of personal information collected, the purposes for collection, the categories of third parties with whom we share information, and the categories of sources from which we collected information.
  • Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: We do not sell personal information and do not share personal information for cross-context behavioural advertising.
  • Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined under CPRA for purposes beyond those permitted.
  • Right of Non-Discrimination: We will not discriminate against you for exercising your California privacy rights.

To exercise your California rights, contact us at [email protected] or write to our postal address below. We respond to verified consumer requests within 45 days.

We do not have actual knowledge that we sell or share personal information of consumers under 16 years of age.

12 Cookies & Tracking Technologies

We use cookies and similar tracking technologies on our website. A cookie is a small text file placed on your device when you visit our site.

CategoryPurposeBasisCan Opt Out?
Strictly NecessarySession management, security, authentication, load balancing. The site cannot function without these.Legitimate interests / ContractNo
FunctionalRemembering your preferences (language, cookie consent status).ConsentYes
AnalyticsUnderstanding how visitors use our site to improve content and navigation. We use privacy-preserving analytics configured without cross-site tracking.ConsentYes
MarketingWe do not currently use marketing or advertising cookies on our website.N/AN/A

Managing Cookies

You can manage cookie preferences through our cookie consent banner when you first visit our site, or at any time by clicking “Cookie Settings” in the footer. You can also control cookies through your browser settings — however, disabling strictly necessary cookies may prevent parts of the site from functioning correctly.

Do Not Track

Some browsers offer a “Do Not Track” (DNT) signal. Our website does not currently respond to DNT signals because there is no consistent industry standard. We will update this position if a standard is established.

13 Children’s Privacy

Our website and services are directed at business professionals and enterprises. We do not knowingly collect personal information from individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). If you believe a minor has provided personal information to us, please contact us at [email protected] and we will promptly delete it.

14 Third-Party Links

Our website may contain links to third-party websites, resources, and publications. This Privacy Policy applies only to LogicBounce’s own properties. We are not responsible for the privacy practices of third-party sites and encourage you to review the privacy policies of any external sites you visit. The inclusion of a link does not constitute our endorsement of that site.

Our threat intelligence publications, research reports, and advisory content may reference external sources including government agencies, standards bodies, and industry organisations. Accessing those resources is subject to their respective terms and privacy policies.

15 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational or legal reasons. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this page
  • Post the revised policy at www.logicbounce.com/privacy-policy
  • Notify registered users and active customers by email where changes are material
  • Where required by law, seek fresh consent for materially changed processing activities

We encourage you to review this policy periodically. Your continued use of our website or services after the effective date of an updated policy constitutes your acceptance of the changes, to the extent permitted by applicable law.

Previous versions of this Privacy Policy are available on request by contacting [email protected].

16 Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us through any of the following channels:

Privacy Team

Email: [email protected]
Subject line: “Privacy Enquiry” or “Privacy Rights Request”
Response time: within 5 business days

Security Disclosures

Email: [email protected]
For reporting security vulnerabilities in our systems or potential data breaches

Postal Address

LogicBounce Inc.
Attn: Privacy Officer
1200-282 Shizeng North 2nd Road
Xitun District, Taichung City
Taiwan 407

EU / UK Representative

For GDPR-related enquiries from EEA or UK residents, you may also contact our designated representative at:
[email protected]

Unsubscribe from marketing: To unsubscribe from marketing communications, click the “Unsubscribe” link in any email we send you, or email [email protected] with the subject line “Unsubscribe”. Operational communications related to your active services are not affected by marketing unsubscribes.