← Back to Home

Privacy Policy

Last Updated: December 08, 2025

1. Introduction

Welcome to Bump ("we", "our", or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how Bump Task Pty Ltd (ACN 683 993 341) collects, uses, discloses, and safeguards your information when you use our mobile application and web dashboard.

By using Bump, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us:

  • Account Information: Email address, username, and password when you create an account
  • Profile Information: Display name and profile picture (optional)
  • Task Content: Screenshots you capture, extracted task information, and any manual edits you make
  • Integration Data: OAuth tokens and connection details for third-party services (Apple Reminders, Google Calendar, Notion, etc.)

2.2 Information Collected Automatically

When you use our service, we automatically collect:

  • Usage Data: Features used, capture frequency, integration usage patterns
  • Device Information: Device type, operating system version, unique device identifiers
  • Log Data: IP address, access times, pages viewed, app crashes
  • Analytics: Aggregated usage statistics to improve our service

2.3 Information from Third Parties

If you sign in with a social login provider (Google, Apple, Facebook), we receive:

  • Profile information (name, email)
  • Profile picture
  • OAuth access tokens

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: Process screenshots, extract tasks using AI, sync with your connected apps
  • Account Management: Create and manage your account, authenticate your identity
  • Product Improvement: Analyze usage patterns to improve features and user experience
  • Communication: Send service updates, security alerts, and support responses
  • Payment Processing: Process subscription payments through RevenueCat and Stripe
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: Comply with legal obligations and enforce our terms

4. AI Processing and Data Handling

Bump uses artificial intelligence to extract tasks from your screenshots. Here's how we handle this:

  • AI Providers: We use Google Cloud AI, OpenAI, and Anthropic Claude for text extraction and task processing
  • Data Transmission: Screenshots are sent to AI providers' servers for processing
  • Data Retention: AI providers do not retain your data for training purposes (per our enterprise agreements)
  • Processing Location: AI processing occurs on servers in the United States and Europe
  • Security: All data transmissions are encrypted using industry-standard protocols (TLS 1.3)

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share data with trusted third-party service providers:

  • Supabase: Database hosting and authentication (United States)
  • Google Cloud AI, OpenAI, Anthropic: AI-powered task extraction
  • RevenueCat & Stripe: Payment processing
  • Vercel: Web hosting and deployment
  • PostHog: Analytics and product insights

5.2 Integration Partners

When you connect third-party services, we share task data with:

  • Apple (for Apple Reminders and Calendar)
  • Google (for Google Tasks and Calendar)
  • Microsoft (for Microsoft To Do and Outlook Calendar)
  • Notion (for Notion databases)

5.3 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to:

  • Comply with legal obligations
  • Protect our rights, privacy, safety, or property
  • Investigate potential violations of our Terms of Service
  • Respond to court orders, subpoenas, or regulatory requests

6. Data Storage and Security

We take data security seriously and implement industry-standard measures:

6.1 Security Measures

  • Encryption: All data in transit uses TLS 1.3 encryption
  • Database Security: Encrypted at rest with AES-256 encryption
  • Authentication: Password hashing using bcrypt, OAuth 2.0 for social logins
  • Access Controls: Role-based access control (RBAC) for internal team members
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Backups: Daily encrypted backups with 30-day retention

6.2 Data Retention

  • Active Accounts: We retain your data as long as your account is active
  • Deleted Accounts: Data is permanently deleted within 30 days of account deletion
  • Legal Requirements: Some data may be retained longer to comply with legal obligations
  • Backups: Backup data is purged according to our retention schedule (30 days)

7. International Data Transfers

Bump operates globally, and your information may be transferred to and processed in countries other than your own:

  • Primary Storage: United States (Supabase, AWS infrastructure)
  • AI Processing: United States and Europe (Google, OpenAI, Anthropic)
  • Safeguards: We use Standard Contractual Clauses (SCCs) for GDPR compliance
  • Data Protection: All transfers comply with applicable data protection laws

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 GDPR Rights (European Users)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for data processing at any time

8.2 CCPA Rights (California Users)

  • Know: Request disclosure of data collection and sharing practices
  • Delete: Request deletion of personal information
  • Opt-Out: Opt out of sale of personal information (we do not sell data)
  • Non-Discrimination: Equal service regardless of privacy rights exercise

8.3 Other US State Privacy Laws

If you reside in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), or other states with privacy laws, you have similar rights to access, delete, correct, and obtain a copy of your data.

8.4 How to Exercise Your Rights

To exercise any of these rights, contact us at:

We will respond to your request within 30 days (or as required by applicable law).

9. Children's Privacy

Bump is not intended for use by children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children.

If we discover that a child has provided us with personal information, we will delete such information immediately. If you believe a child has provided us with personal information, please contact us at support@getbump.app.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience:

  • Authentication Cookies: Keep you signed in to your account
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Understand how you use our service (PostHog)
  • Security Cookies: Detect and prevent fraudulent activity

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect functionality.

11. Third-Party Links and Services

Our service may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to third-party services.

We recommend reviewing the privacy policies of any third-party services you interact with through Bump, including:

  • Apple (Apple Reminders, iCloud)
  • Google (Google Tasks, Google Calendar)
  • Microsoft (Microsoft To Do, Outlook)
  • Notion

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • Material changes will be communicated via email or in-app notification
  • Continued use of Bump after changes constitutes acceptance

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

13. Data Protection Officer

For data protection inquiries, you can contact our Data Protection Officer at:

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Bump Task Pty Ltd

ACN 683 993 341

Email: support@getbump.app

Web: https://getbump.app

Dashboard: https://web.getbump.app

15. Supervisory Authority

If you are located in the European Economic Area or the United Kingdom, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated data protection laws.

← Back to Home