Privacy Policy

Last updated: December 26, 2024

Introduction

Bümpis ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital business card platform and services.

Please read this Privacy Policy carefully. By using Bümpis, you agree to the collection and use of information in accordance with this policy.

What Data We Collect

Account Information

When you create an account, we collect:

  • Name: Your full name as provided during registration
  • Email address: Used for account authentication and communications
  • Authentication data: OAuth tokens from Google or Microsoft if you sign in with those providers

Profile Information

Information you add to your digital business card:

  • Phone number: Optional contact number you choose to display
  • Company name: Your organization or employer
  • Job title: Your professional title or role
  • Biography: A personal or professional description
  • Profile photo: An image you upload to represent yourself
  • Social media links: URLs to your LinkedIn, Twitter, Instagram, and other profiles
  • Website URLs: Links to your personal or professional websites

Analytics Data

When someone views your profile, we collect:

  • IP address: Used to derive approximate location (city/region level only)
  • Timestamp: When the profile was viewed
  • Referrer: How the viewer arrived at your profile (NFC tap, QR code, or direct link)

Contact Form Submissions

When someone submits their information through your profile's contact form (lead capture), we collect on your behalf:

  • Name: The contact's name
  • Email: Their email address (optional)
  • Phone: Their phone number (optional)
  • Message: Any message they include (optional)

Why We Collect This Data

We collect and use your information for the following purposes:

DataPurpose
Name, EmailAccount creation, authentication, and communication
Profile informationDisplay on your digital business card when shared
Profile photoVisual identification on your card
Analytics dataProvide you with view statistics and insights
Contact submissionsEnable lead capture for your networking

We do not use your data for advertising purposes or sell it to third parties for marketing.

How Long We Keep Your Data

Data TypeRetention Period
Account informationUntil you delete your account
Profile informationUntil you delete your account or remove the data
Profile photosUntil you delete or replace them
Analytics data24 months from collection date
Contact submissionsUntil you delete them or your account
Server logs30 days

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, regulatory, or security purposes.

Who We Share Your Data With

We do not sell your personal information. We share data only with the following service providers who help us operate our platform:

Supabase

Database hosting and file storage (profile photos)

Data stored: All account and profile data, uploaded images

Location: United States

Supabase Privacy Policy

Vercel

Application hosting and edge network

Data stored: Server logs, request metadata

Location: Global edge network

Vercel Privacy Policy

Google OAuth

Authentication provider (if you sign in with Google)

Data shared: Email address, name, profile picture

Google Privacy Policy

Microsoft Azure AD

Authentication provider (if you sign in with Microsoft)

Data shared: Email address, name, profile picture

Microsoft Privacy Statement

Stripe (Future)

Payment processing for subscriptions and card purchases

Data shared: Name, email, payment details

Note: We never store your full credit card number

Stripe Privacy Policy

We may also share data when required by law, to protect our rights, or in connection with a business transfer (merger, acquisition, or sale of assets).

Team Plans: If you are part of an organization's team plan, your organization's administrators may have access to your profile information and analytics.

Your Rights and How to Exercise Them

You have the following rights regarding your personal information:

Right to Access

Request a copy of all personal data we hold about you.

How to exercise: Email privacy@bumpis.com with subject "Data Access Request"

Right to Correction

Request correction of inaccurate or incomplete information.

How to exercise: Edit directly in your profile settings, or email privacy@bumpis.com

Right to Deletion

Request deletion of your personal information and account.

How to exercise: Delete your account in settings, or email privacy@bumpis.com with subject "Account Deletion Request"

Right to Data Portability

Request your data in a machine-readable format (JSON or CSV).

How to exercise: Email privacy@bumpis.com with subject "Data Export Request"

Right to Opt-Out

Unsubscribe from marketing emails at any time.

How to exercise: Click "Unsubscribe" in any marketing email, or adjust preferences in account settings

We will respond to all requests within 30 days. You may be asked to verify your identity before we process your request.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

  • All data transmitted between your browser and our servers is encrypted using TLS 1.3
  • Database encryption at rest
  • Regular security assessments and monitoring
  • Access controls and authentication for internal systems
  • Secure OAuth-based authentication (no passwords stored for social logins)

However, no method of transmission over the Internet is 100% secure. If you discover a security vulnerability, please report it to security@bumpis.com.

Mobile App Data Collection

Our mobile app (available on iOS and Android) collects additional information to provide its features:

Device Permissions

Camera

Used to scan QR codes and business cards

Images are processed locally or sent to our servers for AI analysis (business card scanning only). We do not store photos unless you explicitly upload them as your profile picture.

NFC (Near Field Communication)

Used to read and program NFC business cards and tags

NFC data is processed locally on your device. We do not collect or store NFC interaction data.

Contacts

Used to save scanned contacts to your phone's address book

We only write to your contacts when you explicitly tap "Save to Phone." We do not read or upload your existing contacts.

Local Storage

The app stores the following data locally on your device:

  • Authentication tokens: Securely stored using iOS Keychain / Android Keystore to keep you signed in
  • Cached data: Your cards and contacts are cached locally for offline viewing

Third-Party Services (Mobile)

Anthropic (Claude AI)

Used for business card scanning and text extraction

When you scan a business card, the image is sent to Claude's vision API to extract contact information. Images are not stored by Anthropic after processing.

Anthropic Privacy Policy

Expo / EAS

App distribution and over-the-air updates

We use Expo's services to build and distribute the app. Basic device information may be collected for crash reporting and update delivery.

Expo Privacy Policy

Cookies and Tracking

We use the following types of cookies:

  • Essential cookies: Required for authentication and basic functionality (cannot be disabled)
  • Analytics cookies: Help us understand how you use our platform to improve it

You can control non-essential cookies through your browser settings. Disabling cookies may affect some features of our platform.

International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place to protect your information in compliance with applicable data protection laws, including GDPR where applicable.

Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will take steps to delete it promptly. If you believe a child has provided us with their information, please contact us at privacy@bumpis.com.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email (to the address associated with your account) and by posting the new policy on this page with an updated "Last updated" date. Your continued use of our services after any changes indicates your acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your rights, please contact us:

Bümpis

Privacy inquiries: privacy@bumpis.com

Security issues: security@bumpis.com

General support: support@bumpis.com