All apps

Is Abnormal Security safe with your data?

F
Abnormal Security icon

Abnormal Security

Abnormal AI

34/100

Poor disclosure · low confidence

Abnormal Security earns an F (34/100) because it discloses little about its data practices.

Dealbreaker flag

  • D1.4: you grant us a perpetual, non-exclusive, fully paid, royalty-free, irrevocable, sublicenseable, worldwide license and right to display, use, perform, reproduce, modify, distribute and create derivative works

#169

of 211 apps ranked

34

score · Security & compliance avg 52

-18

vs category average

Grade scaleA · 70–100B · 60–69C · 48–59D · 35–47F · 0–34

Abnormal Security's global privacy policy is largely silent on data minimization and rights disclosure, with a problematic perpetual sublicensable license on user submissions and no explicit training opt-out mentioned.

What Abnormal Security's privacy policy and terms of service say about your data

Fabricated training opt-out quote

D1.1 claims "unless you opt out of training through your account settings" , this exact phrase does not appear anywhere in Abnormal Security's policy. The policy is completely silent on whether user inputs train models.

Adverse sublicensable license on submissions

Terms of Use Section 'Submissions' (line 239): "you grant us a perpetual, non-exclusive, fully paid, royalty-free, irrevocable, sublicenseable, worldwide license and right to display, use, perform, reproduce, modify, distribute and create derivative works..." This is an explicit sublicensable clause, making D1.4 adverse.

Jurisdiction-conditional rights (not global)

Lines 159 and 165 state "Depending upon your place of residence...you may have rights..." The global policy does NOT affirm access, deletion, correction, or portability as universal rights, only conditional on jurisdiction.

Silent on security controls

The policy mentions a "Security Hub" and "Security Exhibit" but does not name any technical controls (TLS, AES-256, RBAC, etc.). D7.1 quote 'We implement appropriate technical and organizational security measures' does not appear in this policy.

What the policy is silent or vague on

  • Not stated: keeping user inputs out of model training
  • Not stated: whether training use differs by plan
  • Not stated: your ownership of generated outputs
  • Not stated: a right to access your data

Abnormal Security privacy rating

Training-data use0 of 4 disclosed
Keeps user inputs out of model training, or makes training opt-inSilent
Names a way to opt out of or into trainingPartial
Says whether training use differs by plan or tierSilent
Lets the user keep ownership of generated outputsAdverse
Data-subject rights0 of 5 disclosed
Grants a right to access your dataSilent
Grants a right to delete your dataPartial
Offers data portability in a usable formatPartial
Grants a right to correct your dataPartial
Grants a way to object to or opt out of processingPartial
Retention and deletion0 of 4 disclosed
States a retention period for your dataSilent
States a deletion timeline after closure or requestSilent
Sets a shorter retention for AI conversation logsSilent
Commits to collecting only the data it needsPartial
Third-party sharing2 of 5 disclosed
Lists the categories of third parties it shares withDisclosed
References a sub-processor list or data processing agreementDisclosed
Does not sell or share data for advertising, or offers opt-outSilent
Names a safeguard for international data transfersPartial
States a standard for government and law-enforcement accessPartial
Transparency1 of 4 disclosed
Discloses that you are interacting with AIPartial
Marks AI-generated or synthetic outputNot applicable
Enumerates the categories of data it collectsDisclosed
Maps processing purposes to legal basesPartial
Is versioned and dated, with change noticePartial
Sensitive data and children2 of 3 disclosed
Discloses automated decisions and a human-review pathDisclosed
Limits the use of special-category dataSilent
Governs biometric data specificallyNot applicable
States protections for children's dataDisclosed
Security and accountability0 of 3 disclosed
Describes its security safeguardsSilent
Commits to breach notificationSilent
Names a certification or a privacy contactSilent
DisclosedPartialSilentAdverseNot applicable

Details

Category
Security & compliance
Modalities
text
Processes biometrics
No
Policy last updated
2025-07-03
Region scored
Global / US-default
Last assessed
2026-07-08

Documents examined

Other security & compliance apps

Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.

Is Abnormal Security safe with your data? Grade F | AI App Trust & Transparency Index