AI Transparency & Safety

A unified compliance, governance, and responsible-AI page (EU AI Act aligned)

Last updated: January 16, 2026

1. Introduction

HeroBounce is an email validation and verification service that uses artificial intelligence to enhance catch-all detection, pattern discovery, and validation accuracy. HeroBounce is classified as a limited-risk AI system under the EU Artificial Intelligence Act.

This page explains how HeroBounce uses AI, how your data is handled, what safety measures we implement, and how we ensure responsible and transparent use of AI technologies for email validation.

2. Transparency: You Are Using an AI-Enhanced Service

HeroBounce uses artificial intelligence models to enhance email validation accuracy.

Some validation features use AI to detect patterns that traditional rule-based systems cannot identify.

When using HeroBounce:

  • You are using an AI-enhanced validation system, not just simple pattern matching
  • AI is used for catch-all detection and advanced pattern analysis
  • Validation results may occasionally contain uncertain classifications
  • AI-enhanced results should be reviewed alongside validation confidence scores
  • Final decisions about which emails to send to must be made by you
  • HeroBounce improves validation accuracy — it does not replace human judgment about email campaigns

3. How HeroBounce AI Works (High-Level Technical Overview)

3.1 Data You Provide

HeroBounce processes:

  • Email addresses you submit for validation
  • Bulk upload files (CSV, Excel, TXT)
  • API validation requests
  • Domain and MX record queries
  • SMTP server responses

Important: No fine-tuning or training is performed on your email addresses. Your data is processed for validation only.

3.2 Processing Workflow

  1. 1. You submit email addresses for validation (single, bulk, or via API)
  2. 2. HeroBounce performs standard validation checks:
    • • Syntax and format validation
    • • Domain and MX record verification
    • • SMTP server connection tests
    • • Disposable email detection
  3. 3. For advanced validation, AI models analyze:
    • • Catch-all domain patterns
    • • Email address structure patterns
    • • Risk indicators and anomalies
    • • Provider-specific behavior patterns
  4. 4. Validation results are returned with:
    • • Status (valid, invalid, risky, unknown)
    • • Confidence score
    • • Detailed validation metadata
    • • Reason codes for classification

3.3 What AI Models We Use

HeroBounce uses AI for pattern detection and catch-all analysis:

  • Large Language Models (LLMs) for pattern analysis and catch-all detection
  • Proprietary ML models for risk scoring and anomaly detection
  • Domain reputation and validation APIs

All models are used only for inference (analyzing patterns), not training.

We will update this page when significant model changes occur.

3.4 Where AI Processing Occurs

Depending on the AI feature and provider, inference may occur in:

  • The United States (third-party AI APIs)
  • The European Union (our core validation infrastructure)
  • Other regions as specified by third-party validation APIs

HeroBounce will publish updates here whenever processing locations or sub-processors change.

4. Data Governance and Safety

4.1 Your Email Data Is Not Used to Train Models

  • HeroBounce never trains or fine-tunes AI models on your submitted email addresses
  • Your email lists and validation results are not used to improve any third-party AI system
  • Our AI providers do not use HeroBounce API data for model training (per enterprise API agreements)
  • Email addresses are processed for validation purposes only

4.2 Data Minimization

We retain only what is required to operate the service:

  • Validation history: Complete history retained while your account is active for access and verification
  • Bulk upload files: CSV files deleted immediately after processing; results stored in validation history
  • Anonymized patterns: Domain email patterns (e.g., format structures) retained without personal data to improve catch-all detection
  • Usage statistics: Credit consumption tracked for billing purposes

Upon account closure, all personal validation data is permanently deleted within 30 days.

You may request early deletion of your validation data at any time through your account settings or by contacting support.

4.3 Anonymization & Pseudonymization

Whenever possible:

  • Email addresses sent to AI providers are processed without user identifiers
  • Internal logs use hashed identifiers instead of actual email addresses
  • Validation data is only accessed by support staff with your permission
  • API keys and credentials are encrypted at rest using AES-256

4.4 Data Security

  • All data in transit is encrypted using TLS 1.3
  • Database connections use SSL/TLS encryption
  • Email addresses are stored with user-level access controls
  • Authentication uses secure JWT tokens
  • Regular security audits are performed on infrastructure
  • Rate limiting prevents abuse and protects against attacks

5. Human Oversight & User Control

The EU AI Act requires that humans remain in control.

HeroBounce ensures this via:

  • You decide which email addresses to validate
  • You control which validation results to trust and act on
  • HeroBounce does not send emails on your behalf
  • Validation results include confidence scores and reason codes
  • You can re-validate addresses if results seem uncertain
  • You can configure AI-enhanced validation on/off based on your preferences

If a validation result seems incorrect or uncertain, you should use additional verification methods or contact support for human review.

6. Limitations of the System

AI-enhanced email validation systems are not perfect. HeroBounce may occasionally produce:

  • False positives (marking valid emails as invalid)
  • False negatives (marking invalid emails as valid)
  • Uncertain classifications for catch-all domains
  • Temporary failures due to email provider rate limits
  • Misclassification of newly created email addresses

HeroBounce should NOT be used as the sole method for:

  • Legal compliance decisions (consult a lawyer about anti-spam laws)
  • High-stakes transactional emails (password resets, receipts) without fallback
  • Medical or emergency notifications
  • Financial account notifications without additional verification

HeroBounce is a validation tool — not a guarantee of deliverability. Always monitor bounce rates and engagement.

7. Risk Management Framework

HeroBounce maintains an internal process to identify, assess, and mitigate risks related to:

• AI model inaccuracies
• False positive/negative rates
• Data privacy breaches
• Service abuse
• API rate limit issues
• Performance degradation

Our mitigation strategies include:

  1. 1. Multi-layer validation (syntax, DNS, SMTP, AI pattern detection)
  2. 2. Confidence scoring (providing uncertainty metrics with each result)
  3. 3. Result caching (avoiding duplicate validations within 24 hours)
  4. 4. Rate limiting (preventing abuse and protecting infrastructure)
  5. 5. Regular accuracy monitoring (tracking false positive/negative rates)
  6. 6. Provider diversity (using multiple validation methods and APIs)
  7. 7. Security audit logs (tracking all authentication and data access)

8. Monitoring, Logging & Incident Response

What We Log:

  • System performance metrics (API response times, validation speeds)
  • Error events (failed validations, timeouts)
  • Security events (authentication failures, suspicious activity)
  • High-level usage metadata (API calls, credit consumption)

What We Do NOT Log:

  • The actual email addresses in plain text (only hashed for analytics)
  • Personal information from email addresses (names, companies)
  • The contents of your bulk upload files

Incident Response:

  • Security incidents are reviewed immediately
  • Affected users are notified within 72 hours when applicable
  • Systems and models are patched promptly
  • Logs are retained for 30 days (performance) or 90 days (security)

9. User Rights Under the EU AI Act

As a user, you have the right to:

  • Know that you are using an AI-enhanced validation system
  • Request human review of validation results you believe are incorrect
  • Challenge or re-validate results that seem inaccurate
  • Request deletion of your validation history and stored data
  • Request information about how specific emails were validated
  • Disable AI-enhanced validation features (use standard validation only)
  • Export your validation results in CSV or JSON format

To exercise any of these rights, contact:

We respond within 30 days, as required by EU regulations.

10. Contact & Redress Mechanisms

If you believe HeroBounce has produced incorrect, biased, or unfair validation results, you can:

  1. 1. Request an explanation (via in-app support or email)
  2. 2. Request re-validation (validate the same email again)
  3. 3. Request human review (escalate to our support team)
  4. 4. File a complaint via email
  5. 5. Request data deletion (GDPR Right to Erasure)

We review AI-related issues within 5–10 business days.

11. AI Model Change Log (Public)

We will update this section whenever major model or provider changes occur.

DateChange
December 2025Initial publication of the AI Transparency & Safety page
December 2025LLM-based catch-all detection and pattern analysis deployed
January 2026Updated provider information for competitive confidentiality
Future model updates will be listed here

12. Provider Information

AI Providers:

TypePurposeData Processing Region
Large Language Model APICatch-all detection, pattern analysisUnited States
Proprietary ML ModelsRisk scoring, anomaly detectionEuropean Union

Specific provider names are withheld for competitive and security reasons. Contact us for GDPR-required sub-processor details.

Non-AI Third-Party Services:

ServicePurposeData Processing Region
SerpAPIGoogle Search API for domain reputation checksUnited States

Sub-processors are subject to their respective privacy policies. For a complete list of sub-processors and their privacy policies, please contact support@herobounce.com.

13. Summary

This page serves as HeroBounce's unified transparency, governance, and responsible-AI declaration under the EU Artificial Intelligence Act for limited-risk AI systems.

HeroBounce is designed to:

  • Protect your email data
  • Enhance validation accuracy with AI
  • Keep you in full control of your email campaigns
  • Operate transparently and safely
  • Comply with EU regulatory expectations

For additional questions, please contact:

support@herobounce.com

This document is maintained in compliance with the EU Artificial Intelligence Act (2024) and GDPR. It may be updated as regulations evolve or as our AI systems change.