Is Abnormal Security safe with your data?
Abnormal Security
Abnormal AI
Poor disclosure · low confidence
Abnormal Security earns an F (34/100) because it discloses little about its data practices.
Dealbreaker flag
- D1.4: you grant us a perpetual, non-exclusive, fully paid, royalty-free, irrevocable, sublicenseable, worldwide license and right to display, use, perform, reproduce, modify, distribute and create derivative works
#169
of 211 apps ranked
34
score · Security & compliance avg 52
-18
vs category average
Abnormal Security's global privacy policy is largely silent on data minimization and rights disclosure, with a problematic perpetual sublicensable license on user submissions and no explicit training opt-out mentioned.
What Abnormal Security's privacy policy and terms of service say about your data
Fabricated training opt-out quote
D1.1 claims "unless you opt out of training through your account settings" , this exact phrase does not appear anywhere in Abnormal Security's policy. The policy is completely silent on whether user inputs train models.
Adverse sublicensable license on submissions
Terms of Use Section 'Submissions' (line 239): "you grant us a perpetual, non-exclusive, fully paid, royalty-free, irrevocable, sublicenseable, worldwide license and right to display, use, perform, reproduce, modify, distribute and create derivative works..." This is an explicit sublicensable clause, making D1.4 adverse.
Jurisdiction-conditional rights (not global)
Lines 159 and 165 state "Depending upon your place of residence...you may have rights..." The global policy does NOT affirm access, deletion, correction, or portability as universal rights, only conditional on jurisdiction.
Silent on security controls
The policy mentions a "Security Hub" and "Security Exhibit" but does not name any technical controls (TLS, AES-256, RBAC, etc.). D7.1 quote 'We implement appropriate technical and organizational security measures' does not appear in this policy.
What the policy is silent or vague on
- Not stated: keeping user inputs out of model training
- Not stated: whether training use differs by plan
- Not stated: your ownership of generated outputs
- Not stated: a right to access your data
Abnormal Security privacy rating
Details
- Category
- Security & compliance
- Modalities
- text
- Processes biometrics
- No
- Policy last updated
- 2025-07-03
- Region scored
- Global / US-default
- Last assessed
- 2026-07-08
Documents examined
Other security & compliance apps
Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.