Privacy Policy

Effective Date: April 2, 2026
Last Updated: April 2, 2026

Your privacy is important to us. This Privacy Policy explains how PJ3 Labs Inc. dba NullBore ("NullBore," "we," "us," or "our") collects, uses, discloses, and protects personal information in connection with our website, hosted services, applications, APIs, and related products and services, including our hosted SSH tunneling and related infrastructure products (collectively, the "Services").

This Privacy Policy applies to information we collect through https://nullbore.com, our dashboard, APIs, billing and support channels, and other sites or services we own and operate that link to this Privacy Policy.

It does not apply to third-party websites, services, or applications that we do not control, including third-party payment processors or external websites linked from our Services.

By using the Services, you acknowledge that your information may be handled as described in this Privacy Policy.

About NullBore's Role

In most cases, NullBore acts as the controller of personal information we collect about account owners, website visitors, buyers, and prospective customers for our own business purposes, such as account administration, billing, fraud prevention, analytics, support, and security.

In limited cases, depending on how a customer uses the Services, we may also process certain information on a customer's behalf in connection with providing the hosted service. In those cases, the customer is generally responsible for determining whether they have the right to collect and use personal information through the resources, applications, websites, or endpoints they expose using the Services.

Information We Collect

We collect information in the following categories.

1. Information you provide directly

We may collect personal information you knowingly provide to us, including when you:

• create an account;
• request access to the Services;
• contact us by email or through support channels;
• join a waitlist, newsletter, or marketing list;
• respond to surveys or communicate with us;
• purchase a paid plan; or
• otherwise submit information to us.

This information may include:

• name;
• email address;
• company or organization name;
• billing contact information;
• account credentials or authentication-related information;
• support communications and attachments;
• any other information you choose to provide.

2. Service, account, and technical information

When you use the Services, we may collect information necessary to provide, secure, maintain, and improve them. Depending on the feature used, this may include:

• account IDs and profile information;
• API key identifiers and related metadata (for security, we may store API keys in hashed, truncated, encrypted, or otherwise protected form rather than in recoverable plaintext);
• IP addresses;
• authentication events;
• browser and device information;
• operating system and application version information;
• usage statistics;
• error logs, crash data, and diagnostics;
• tunnel configuration metadata, such as tunnel identifiers, ports, protocols, target settings, assigned public URLs, timestamps, connection attempts, duration, request counts, bandwidth consumption, and status events;
• rate-limit, abuse-detection, and fraud-prevention signals; and
• support and operational logs.

3. Payment and transaction information

When you purchase a paid plan, we and our payment providers may collect transaction and billing information. Depending on the payment method, this may include:

• purchase details;
• subscription details;
• billing country and tax-related information;
• invoices and transaction history;
• fraud-prevention and verification signals;
• partial payment instrument details or payment status information supplied by the payment provider.

We generally do not store full payment card numbers. Card and certain payment details are typically collected and processed by our payment providers.

4. Information collected automatically

When you visit our website or use the Services, we may automatically collect information such as:

• IP address;
• browser type and version;
• device type;
• operating system;
• referring URLs;
• pages viewed and features used;
• dates, times, and duration of visits or sessions; and
• information collected through cookies and similar technologies.

5. Information from third parties

We may receive information from third parties, such as:

• payment providers and merchant-of-record providers;
• analytics providers;
• hosting and infrastructure providers;
• fraud-prevention and security vendors;
• communications providers; and
• publicly available sources or business partners, where permitted by law.

How We Use Personal Information

We may collect, use, disclose, and otherwise process personal information for the following purposes:

• to provide, operate, secure, and maintain the Services;
• to authenticate users and administer accounts;
• to create, manage, meter, and enforce plan limits, quotas, and fair use restrictions;
• to process purchases, subscriptions, renewals, taxes, credits, refunds, and related billing matters;
• to provide customer support and respond to inquiries;
• to detect, investigate, prevent, and respond to fraud, abuse, misuse, security incidents, and technical issues;
• to monitor service performance, diagnose errors, and improve reliability;
• to communicate with you about the Services, including service-related announcements, security notices, and administrative messages;
• to send marketing communications where permitted by law and in accordance with your preferences;
• to comply with legal obligations, enforce our terms, protect our rights, and resolve disputes; and
• to develop, improve, and analyze our products, business operations, and user experience.

Tunnel Traffic and Content

NullBore is designed to facilitate network access to resources selected by the customer. We do not describe the Services as a private or anonymous communications service.

As part of operating the hosted service, we may process network traffic, connection information, routing information, and related technical data as needed to deliver, secure, troubleshoot, comply with law, investigate abuse, and enforce our terms.

We may log service metadata and connection events, including tunnel and request metadata, to operate the service, measure usage, investigate abuse, enforce limits, and maintain security.

We do not sell tunnel traffic content. We do not use tunnel traffic content for advertising.

You are responsible for ensuring that you have all necessary rights, notices, and consents related to any personal information you collect, transmit, expose, or otherwise process through resources you make accessible using the Services.

Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve our website and Services, remember settings, understand usage, and support security and analytics. Please refer to our Cookie Policy for more information.

Legal Bases for Processing (where applicable)

Where laws such as the GDPR, UK GDPR, or similar laws apply, we rely on one or more of the following legal bases:

• performance of a contract, such as providing the Services you request;
• legitimate interests, such as securing and improving the Services, preventing fraud and abuse, administering accounts, and communicating about our business;
• consent, where required by law; and
• compliance with legal obligations.

When we rely on legitimate interests, we do so only where those interests are not overridden by your applicable rights and freedoms.

Disclosure of Personal Information

We may disclose personal information to the following categories of recipients where reasonably necessary:

• hosting, cloud, infrastructure, monitoring, and security providers;
• customer support, communications, and email providers;
• analytics providers;
• payment processors and merchant-of-record providers;
• professional advisers, such as lawyers, auditors, insurers, and accountants;
• affiliates, contractors, and service providers that assist in operating our business;
• law enforcement, regulators, courts, and other authorities where required by law or reasonably necessary to protect rights, safety, and security; and
• a buyer, successor, or transferee in connection with a merger, acquisition, financing, reorganization, or sale of all or part of our business or assets.

Third parties we may use can include providers such as analytics vendors, hosting providers, and payment or merchant-of-record providers. The third parties we use may change from time to time.

Payment Providers

If you pay through a third-party provider, that provider may collect and process personal information according to its own privacy notice and contractual terms. Our payment provider may act as merchant of record or otherwise act as an independent payment provider in connection with the transaction.

Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

• provide the Services;
• maintain account history and business records;
• comply with tax, accounting, legal, security, and regulatory obligations;
• resolve disputes; and
• enforce agreements.

Retention periods may vary depending on the category of information, the nature of the customer relationship, legal requirements, and operational needs. When personal information is no longer required, we will delete it, de-identify it, or anonymize it where reasonably practicable.

International Data Transfers

We may store, process, or transfer personal information in Canada, the United States, and other jurisdictions where we or our service providers operate. Those jurisdictions may have data protection laws that differ from those in your place of residence.

Where required by applicable law, we will take steps intended to provide appropriate safeguards for cross-border transfers.

Security

We use commercially reasonable technical, organizational, and administrative measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption or hashing where appropriate, network protections, logging, and internal security practices.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Your Rights and Choices

Depending on your location and applicable law, you may have rights to:

• access personal information we hold about you;
• request correction of inaccurate information;
• request deletion of certain information;
• object to or restrict certain processing;
• request portability of certain information;
• withdraw consent where processing is based on consent; and
• opt out of certain marketing communications.

You may exercise rights by contacting us using the details below. We may need to verify your identity before responding. We may also decline or limit requests where permitted by law.

Marketing Communications

You can opt out of marketing emails at any time by using the unsubscribe link in the message or by contacting us. Even if you opt out of marketing communications, we may still send you transactional or service-related messages.

Children's Privacy

Our Services are not directed to children, and we do not knowingly collect personal information from children under the age at which parental consent is required under applicable law.

Self-Hosted Software

If we make self-hosted software available, this Privacy Policy generally applies to information we collect directly from you in connection with licensing, downloads, billing, support, updates, and our website. It does not automatically govern information processed entirely within your own self-hosted deployment that does not reach NullBore-controlled systems.

If you operate a self-hosted deployment, you are responsible for your own privacy disclosures, security measures, retention practices, and legal compliance with respect to information you collect or process through that deployment.

Data Protection Addendum

For certain business or enterprise customers, we may make available a separate data processing addendum or similar contractual privacy terms where appropriate.

Do Not Track

Some browsers offer a "Do Not Track" setting. Because there is not a universally accepted standard for responding to such signals, our Services may not respond to all Do Not Track signals.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, practices, legal requirements, or for other operational reasons. When we do, we will update the date at the top of this page. If changes are materially significant, we may provide additional notice where appropriate.

Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or our privacy practices, you may contact us at:

PJ3 Labs Inc. dba NullBore
Email: [email protected]