Legal
Compliance & Subprocessors
Last updated: May 1, 2026
Live list of every third-party service we use to deliver KillBounce, what they do, and where they sit. We'll notify customers 30 days before adding any new subprocessor.
Subprocessors
| Subprocessor | Purpose | Region |
|---|---|---|
| LemonSqueezy | Payment processing & checkout | Global |
| Cloudinary | Avatar/image hosting | Global |
Audit reports
SOC 2 Type II report available under NDA. Email security@killbounce.com with your company name and we'll send a copy.
Standards & regulations
- SOC 2 Type II — annual audit
- GDPR — full compliance, DPA available
- CCPA — full compliance
- HIPAA — not applicable (we do not process PHI)
- ISO 27001 — audit in progress, expected Q4 2026
Vulnerability disclosure
Found a security issue? Email security@killbounce.com. We acknowledge within 24 hours and offer a bounty for valid reports.