search
Ctrlk

Compliance

Bullseye maintains full compliance with major privacy regulations and follows industry-standard security practices. This page outlines our compliance posture and how we handle data.

hashtag
GDPR Compliance

Bullseye is fully compliant with the EU General Data Protection Regulation (GDPR). We:

  • Process data lawfully, fairly, and transparently

  • Collect only data necessary for the purposes of visitor identification

  • Implement appropriate technical and organizational measures to protect personal data

  • Support data subject rights where applicable

  • Maintain records of processing activities

Because Bullseye processes only U.S. web traffic, the volume of EU data subjects is limited. For any applicable processing, we adhere to GDPR requirements.

hashtag
CCPA Compliance

Bullseye is fully compliant with the California Consumer Privacy Act (CCPA). We:

  • Disclose the categories of personal information we collect

  • Provide transparency about how data is used

  • Honor consumer rights to know, delete, and opt out where applicable

  • Do not sell personal information

Our Data Collected documentation provides a comprehensive list of the data we collect per visitor.

hashtag
U.S. Traffic Only

Bullseye processes only U.S. web traffic. This policy ensures:

  • Regulatory alignment — We operate within a consistent regulatory framework

  • Compliance clarity — Reduces complexity around cross-border data transfers

  • Intent focus — U.S. traffic aligns with the typical B2B sales and marketing use case

Visitors from outside the United States are not identified or profiled by Bullseye.

hashtag
Opt-In Respect

Visitor opt-in permissions are respected at all times. We:

  • Honor Do Not Track and similar signals where technically feasible

  • Respect consent management platform (CMP) choices

  • Do not override or bypass user privacy preferences

  • Support integration with your existing consent workflows

If a visitor has opted out of tracking or identification, Bullseye does not process or store their personal data for identification purposes.

hashtag
Secure Data Handling

We follow industry-standard security practices to protect your data and the data of identified visitors.

hashtag
Encryption

  • Data in transit — All API and web traffic uses TLS 1.2 or higher

  • Data at rest — Sensitive data is encrypted using industry-standard encryption

  • Credentials — API keys and authentication tokens are hashed and stored securely

hashtag
Access Control

  • Role-based access controls limit who can access production data

  • Multi-factor authentication is available for account access

  • Audit logging tracks access to sensitive systems

hashtag
Infrastructure

  • Hosting on trusted cloud providers with SOC 2 and related certifications

  • Regular security assessments and monitoring

  • Incident response procedures for potential security events

hashtag
Best Practices

  • Principle of least privilege for data access

  • Secure development practices for application code

  • Regular dependency updates and vulnerability scanning

hashtag
Questions

For questions about compliance or data handling, contact [email protected]envelope or review our Privacy Policyarrow-up-right.

PreviousOverviewNextData Collected

Last updated