# Compliance Bullseye maintains full compliance with major privacy regulations and follows industry-standard security practices. This page outlines our compliance posture and how we handle data. ## GDPR Compliance Bullseye is fully compliant with the EU General Data Protection Regulation (GDPR). We: * Process data lawfully, fairly, and transparently * Collect only data necessary for the purposes of visitor identification * Implement appropriate technical and organizational measures to protect personal data * Support data subject rights where applicable * Maintain records of processing activities Because Bullseye processes only U.S. web traffic, the volume of EU data subjects is limited. For any applicable processing, we adhere to GDPR requirements. ## CCPA Compliance Bullseye is fully compliant with the California Consumer Privacy Act (CCPA). We: * Disclose the categories of personal information we collect * Provide transparency about how data is used * Honor consumer rights to know, delete, and opt out where applicable * Do not sell personal information Our [Data Collected](/data-and-privacy/data-collected.md) documentation provides a comprehensive list of the data we collect per visitor. ## U.S. Traffic Only Bullseye processes only U.S. web traffic. This policy ensures: * **Regulatory alignment** — We operate within a consistent regulatory framework * **Compliance clarity** — Reduces complexity around cross-border data transfers * **Intent focus** — U.S. traffic aligns with the typical B2B sales and marketing use case Visitors from outside the United States are not identified or profiled by Bullseye. ## Opt-In Respect Visitor opt-in permissions are respected at all times. We: * Honor Do Not Track and similar signals where technically feasible * Respect consent management platform (CMP) choices * Do not override or bypass user privacy preferences * Support integration with your existing consent workflows If a visitor has opted out of tracking or identification, Bullseye does not process or store their personal data for identification purposes. ## Secure Data Handling We follow industry-standard security practices to protect your data and the data of identified visitors. ### Encryption * **Data in transit** — All API and web traffic uses TLS 1.2 or higher * **Data at rest** — Sensitive data is encrypted using industry-standard encryption * **Credentials** — API keys and authentication tokens are hashed and stored securely ### Access Control * Role-based access controls limit who can access production data * Multi-factor authentication is available for account access * Audit logging tracks access to sensitive systems ### Infrastructure * Hosting on trusted cloud providers with SOC 2 and related certifications * Regular security assessments and monitoring * Incident response procedures for potential security events ### Best Practices * Principle of least privilege for data access * Secure development practices for application code * Regular dependency updates and vulnerability scanning ## Questions For questions about compliance or data handling, contact or review our [Privacy Policy](https://bullseye.so/privacy). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bullseye.so/data-and-privacy/compliance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.