Last updated: 16 octobre 2025

Latest Update: June the 11th, 2025

This Privacy Policy is intended to provide you with information on how we collect, use, and disclose personal data when you use our web application. It also contains information on your rights regarding your personal data, and how you can exercise them. If you have any questions about this policy, or if you wish to exercise your rights, you can reach out to our Privacy Officer at any time at privacy@trampoline.ai.

Digital Advertising Alliance

As part of our website and other public activities, we use interest-based advertising to promote our Services. These practices involve the use of advertising cookies, but only on our public-facing Site—they are not used within our Services.

See the section OUR USE OF COOKIES for more information about our use of retargeting cookies and MANAGING YOUR PREFERENCE to learn how to manage your cookie preferences.

SCOPE OF THIS POLICY

This Privacy Policy applies to both our public-facing digital activities—including digital marketing and your use of our website (the “Site”)—and to our commercial services, including our web application, APIs, and related features offered through Trampoline AI (collectively, the “Services”).

When we refer to “Public Activities,” we mean your interactions with our Site and other digital channels that are not part of our Services.

When providing our Services, we may process personal data on behalf of our clients, following their specific instructions. In these cases, we act as a data processor, and our clients are responsible for how your personal data is used. For more information on how your personal data is handled in connection with those Services, please consult the privacy notice of the relevant client or organization.

By “personal data,” we mean any information that can directly or indirectly identify an individual, such as a user of Trampoline AI. Please note, however, that not all data described in this policy is protected under applicable data protection laws. As a result, your rights may vary depending on the type of data and the jurisdiction in which you are located.

OUR COLLECTION OF PERSONAL DATA IN OUR PUBLIC ACTIVITIES

When you interact with us through email, social media, or by actions such as booking a demo or submitting your resume, we collect and process the personal data you provide for these specific purposes. If you apply for a job, please note that some roles may require a criminal background check as part of the hiring process. This requirement will be clearly stated in the relevant job listing if it applies.

Our Site uses cookies, including targeting cookies, to support functionality and enhance your experience. For details, see the section on our use of cookies.

In addition, we collect technical data about your visit—such as your IP address, browser type, device information, and operating system—through cookies and similar technologies. We use this information to:

Improve the performance and usability of our Site,
Understand how users interact with our content, and
Optimize how advertising is displayed to you.

This data collection is limited to our public-facing Site and marketing efforts and is kept separate from the services we provide to our clients.

OUR COLLECTION OF PERSONAL DATA IN OUR SERVICES

As part of providing our Services, we process personal data to:

Create and manage user accounts
Ensure the performance, security, and reliability of our Services
Handle and process content as directed by our clients

This information is collected directly from users of our Services in the course of their use.

PURPOSES OF PROCESSING	TYPES OF PERSONAL DATA
To create and secure user accounts	We collect credentials, email addresses, and authentication details to create and manage user accounts.
To process and analyze documents and resume storage	Our platform processes uploaded documents, such as RFPs, resumes, and case studies, to extract insights for efficient retrieval and content organization. These documents generally do not contain personal data; however, if personal data is included, it will be processed accordingly. Our clients determine the inputs used and are responsible for the content they upload.
To enable users to search, retrieve, and manage content	If you create or upload content (e.g., RFP responses, notes, or tagged documents), the data is stored and processed according to your instructions. RFP information may be shared on a per-Board basis, and retention periods can also vary depending on the specific Board’s requirements.
To utilize user interaction data for refining AI capabilities	We collect usage patterns, including search history, interaction logs, and report generation activity, to help improve how the AI reads, understands, and retrieves content from documents. This may include technical metadata, such as device and browser information. This data is used solely to enhance system functionality and does not involve training base AI models. Any improvements made remain isolated from the platform’s performance and are not shared between clients.
To provide technical support and troubleshoot issues	When resolving support tickets, we process account-related data, system logs, device/browser details, and error reports to troubleshoot and enhance platform functionality.
To generate anonymized analytics for service improvement	To support platform improvements, we may process anonymized usage data such as search activity and technical metadata. Identifiers like names and email addresses are removed. Anonymization practices must comply with applicable legal standards, including Quebec law, and can only be applied for lawful purposes. We are confirming with Edouard whether this data is processed in an aggregated and isolated manner per customer to ensure it does not involve cross-client AI training.
To ensure platform security and detect unauthorized access	We monitor login activity, IP addresses, device/browser information, and access logs to detect and prevent unauthorized access, fraudulent activities, or policy violations.
To enhance service performance and optimize platform functionality	We analyze system logs, browser details, and platform usage metrics to enhance the platform’s performance and stability. This analysis helps us identify technical bottlenecks, monitor feature effectiveness, and improve user experience. These logs are not used to train AI algorithms; improvements to AI functionality are made through separate mechanisms that rely on text-based inputs within each customer's environment.

OUR USE OF COOKIES

We use cookies as part of our Public Activities, and as part of our Services. We only use targeting cookies in our Public Activities, such as on our Site. We do not use your customer data to perform real-time advertising.

TYPE	DESCRIPTION
Essential Cookies	These cookies are necessary for the core functionality and security of Trampoline AI’s platform. They enable features such as secure login, session management, navigation, and fraud prevention. They also help detect anomalies, monitor login activity, and enforce security protocols to protect against unauthorized access and other threats.
Performance Cookies	These cookies help us understand how users interact with our platform by collecting aggregated usage data and tracking system performance. They support functions such as remembering user preferences, improving responsiveness, and identifying technical issues. While they do not directly identify users, they enable us to enhance the platform experience through analytics and usability insights.
Analytical Cookies	Analytical cookies are used to generate aggregated statistical data about traffic and behaviour of our users. For instance, we use Segment to count the number of people who visit our Site by tracking if they have visited before.
Advertising Cookies	Advertising cookies are used to deliver advertisements more relevant to the user and their interests. They can also be used to limit the number of times a user sees an advertisement and help measure the effectiveness of advertising campaigns. We do not use advertising cookies as part of our Services. For instance, we allow Reddit to install a cookie on our Site that facilitates interest-based advertising. It can also include cookies used to store your consent.

DIGITAL ADVERTISING

We do not use advertising cookies, nor interest-based advertising, as part of our Services.

We use cookies and similar tracking technologies on our Site to enhance your browsing experience and support our business operations, including analytics and targeted advertising.

Interest-based advertising (sometimes called “online behavioral advertising”) means that you may see ads from us on other websites based on your activity on our Site or elsewhere. This helps ensure that our marketing is relevant to your professional interests rather than random or generic.

To make this possible, we partner with trusted advertising platforms like Beeswax and Microsoft Bing Ads. These platforms may set advertising cookies or tracking pixels in your browser to assign a unique identifier to your session. For example:

Beeswax enables real-time bidding in advertising, allowing us to show ads tailored to your inferred business profile (e.g., industry, company size) based on IP and browsing behaviour. No sensitive personal information is shared or used.
Bing Ads allows us to verify the effectiveness of our advertising (e.g., confirming if someone clicked on an ad after seeing it on a Bing search result) and store a session ID to prevent duplicate click attribution.
Google cookies enable personalized advertising based on data such as your browsing activity, device identifier, location, preferences and contextual factors like your language, device type and content you view. They allow us to expand the reach and targeting precision of our interest-based advertising.
Meta Products cookies enable personalized advertising, ad performance measurement, marketing and analytics services based on your device and activity information. They allow us to expand the reach and targeting precision of our interest-based advertising.

These technologies help us:

Reach professionals who are most likely to benefit from our services;
Limit the number of times you see our ads;
Understand the effectiveness of our outreach;
Ensure relevance in business-to-business contexts.

We do not use these technologies to build consumer profiles or engage in cross-device tracking outside of professional use cases.

Your Choices and the DAA Principles

We adhere to the Digital Advertising Alliance (DAA) Self-Regulatory Principles for Online Behavioural Advertising. You can learn more about interest-based advertising and opt out of targeted ads delivered by participating companies by visiting:

YourAdChoices (DAA)
Network Advertising Initiative (NAI) Opt-Out
For EU users: Your Online Choices (EDAA)

Please note that opting out does not stop ads from being shown, but it means those ads will not be tailored using cookies or other tracking technologies.

MANAGING YOUR PREFERENCE

You can manage your cookie preferences through your browser settings by blocking or uninstalling certain cookies. Click on your browser below for instructions on adjusting cookie settings. You may withdraw your consent to the use of cookies at any time through your preferences. Please note that some essential platform features may require cookies for security and functionality purposes.

● Google Chrome

● Firefox

● Safari

● Microsoft Edge

● Opera

● Brave

We do not sell or share platform data—such as documents, usage logs, or any information processed within our services—with third parties, except for trusted service providers who help us operate our core infrastructure, authentication systems, and security. These providers are contractually required to use your data only as instructed and for specified purposes.

Separately, when you interact with our public-facing content, like our website or marketing materials, we may work with third-party providers (such as analytics or advertising partners). These partners may collect limited technical information—like your IP address or browser type—using cookies or similar technologies, as described in this Policy. This data collection is strictly limited to our public activities and does not involve or affect any data handled in our services.

Service Providers

CATEGORY	OVERVIEW
IT Providers	We partner with cloud providers to host our Services and work with carefully selected suppliers who help us deliver certain features, support functions, and respond to user requests.
AI Providers	Our AI-powered features use models provided by trusted partners, such as OpenAI and Anthropic. When you use these features, the content of your input may be shared with these providers solely for the purpose of generating a response. These providers operate under a zero-data retention policy, meaning your inputs are not stored or used to train their models.
Data Analytics	We use analytics tools to monitor system performance and understand how users interact with our Services. This helps us ensure reliability, identify issues, and improve overall usability. The analytics providers we use are contracted service providers who process data only on our behalf and do not share this information with third parties.

Third Parties

CATEGORY	OVERVIEW
Marketing and Analytics Partners	Our Public Activities use cookies and similar tracking technologies for marketing and analytics purposes. These tools help us understand how visitors use our Site and improve the relevance of our outreach.
Integration Partners	Some clients may choose to connect third-party APIs or platforms to our Services. These integrations are managed independently by the client and may involve the automatic extraction or transfer of data to third parties. We are not responsible for how those third parties handle personal data once it leaves our environment.

In rare situations, we may share personal data if we believe it’s necessary to follow the law or protect our rights, our users, or the public. This may happen in the following cases:

Legal compliance: If we receive a valid legal request—like a court order, subpoena, or official investigation—we may need to share certain information.
Business transitions: If our business is involved in a merger, acquisition, or sale of assets, personal data may be shared under strict confidentiality agreements.

OUR SECURITY MEASURES

We implement reasonable and appropriate security measures to protect personal data in both our Public Activities (such as our website) and our Services. While no system is entirely free of risk, our approach is designed to reduce vulnerabilities and help safeguard the data we process.

Website and Public Activities

For our public-facing website and digital content, we use Cloudflare to enhance security. This includes protection against automated bots, DDoS mitigation, and secure traffic routing to distinguish legitimate users from harmful activity.

Platform and Services

Our Services are hosted in secure, enterprise-grade cloud environments such as GCP, AWS, and Azure, which are managed according to industry best practices for data protection.

We apply the following safeguards:

Encryption of all data in transit and at rest to help ensure confidentiality and integrity.
Cloud-native security features, including:
Cloudflare reverse proxy to protect public endpoints.
Isolated processing environments to ensure client data remains logically separated.
RBAC (Role-Based Access Control) to restrict access to authorized users.
CI/CD-integrated patching cycles, including test plans before deployment.
Automated vulnerability scanning at regular intervals.
Encrypted storage and automated backups managed by our hosting providers.
Secure authentication using a third-party identity provider with token-based access and Multi-Factor Authentication (MFA).
Simulated incident response drills, conducted at least annually, and a five-phase incident response plan to guide coordinated response and recovery actions.

We also ensure that customer environments are fully segregated, meaning that AI models used in our Services do not learn from or share data between clients.

OUR CROSS-BORDER DATA TRANSFER

Our Site is hosted in Canada and in the United States, but we may work with service providers based in other jurisdictions, including those outside the country where you are located.

Our Services are hosted in the location specified in your customer agreement, which will usually be the United States or Canada but may vary depending on your region. In some cases, your personal data may be transferred across borders, for example, when using a feature hosted in a different location, such as the United States.

Before transferring personal data to another jurisdiction, we take steps to ensure the transfer complies with applicable legal requirements. We implement appropriate safeguards—such as contractual protections or recognized transfer mechanisms—to ensure your data remains protected.

We only transfer data when necessary to deliver our Services or specific features and to support the secure and reliable performance of our platform.

OUR DATA RETENTION PRACTICES

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected.

Our website uses both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a set period). For example, we use persistent advertising cookies to help personalize your experience—but you have full control over whether these are used. Click here to learn how to manage your cookie preferences.

For the data processed through our Services:

Client-Controlled Retention: We retain personal data according to our clients’ instructions, including deletion at the end of a subscription term.
Temporary Data: System-generated data, such as logs and caches, follow a predefined deletion schedule to minimize unnecessary retention.

Deletion Mechanisms

On-Demand Deletion: Users can request deletion of their data at any time by contacting us at support@trampoline.ai. Once verified, relevant content is promptly and permanently removed.
Automated Data Purging: Temporary system data—such as cached content, debugging logs, and intermediary outputs—is automatically cleared through scheduled clean-up cycles. These processes help ensure that residual data is retained only as long as necessary for platform performance and reliability.

YOUR RIGHTS

Depending on where you are located, you may have specific rights under applicable data protection laws. These rights can vary based on your jurisdiction and the type of personal data, but typically include the ability to:

Access your personal data
Correct or update inaccurate information
Request a copy of your personal data
Withdraw consent if we rely on it as a legal basis for processing

You can exercise these rights or ask questions about how your personal data is handled by contacting us at privacy@trampoline.ai. To help us process your request, we may ask for additional information to verify your identity.

We respond to all valid requests promptly, and no later than 30 days from receipt. If we’re unable to fulfill your request, we’ll explain why.

If you have concerns about how we process your personal data, we encourage you to contact our Privacy Officer directly. If you’re not satisfied with our response, you also have the right to lodge a complaint with your local data protection authority.

UPDATES & MODIFICATIONS

We continuously improve our services and may update this policy periodically. If you are a registered user, we will notify you of any significant changes. You can always access the latest version of our Privacy Policy on our website. We maintain a record of previous versions, which can be made available upon request. If we make material changes to the policy, we will notify users through our platform or by other appropriate means before the changes take effect. This ensures that you remain informed about how your data is handled.