PRIVACY POLICY

Effective Date: October 16, 2025
Last Updated: October 16, 2025

INTRODUCTION

This Privacy Policy describes how BUMPIn ("we," "us," "our," or "the Service") collects, uses, stores, and shares your personal information when you use our speed-dating platform.

By using BUMPIn, you consent to the data practices described in this Privacy Policy.

DISCLAIMER: This document is a template and does not constitute legal advice. This should be reviewed and customized by a licensed attorney licensed in your jurisdiction before use.

1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

Account Information:

Full name or preferred name
Gender (female, male, nonbinary, unspecified)
Email address (for permanent accounts only)
Password (hashed and encrypted, for permanent accounts only)

Profile Content:

Selfie photograph (captured via webcam)
Introduction video (5-60 seconds, captured via webcam with audio)
Social media handles (optional: Instagram, Snapchat, TikTok, Twitter, Discord, Phone number)

Payment Information:

We do not store credit card details
Payment processing is handled by Stripe (a third-party processor)
We receive confirmation of payment status only

Referral Information:

Referral codes you generate
Referral links you use to join
User IDs of people you refer or are referred by

Report Information:

Reports you submit about other users
Optional reasons for reports

1.2 Information Collected Automatically

Usage Data:

Pages visited within the Service
Features used (matchmaking, video chat, history, settings)
Time spent on the platform
Actions taken (invites sent, calls completed)

Call History:

Users you've connected with
Duration of video calls
Timestamps of calls
Call completion status

We DO NOT record, store, or access the actual video/audio content of your calls. All video communication is peer-to-peer via WebRTC and not routed through our servers.

Technical Information:

IP address(es)
Browser type and version
Operating system
Device type (desktop, mobile, tablet)
Screen resolution
Referring website
Internet Service Provider (ISP)

Cookies and Tracking:

Session tokens for authentication
Local storage for user preferences
Analytics cookies (see Section 10)

1.3 Information from Third Parties

Stripe Payment Data:

Payment confirmation
Transaction ID
Payment timestamp
No credit card details are shared with us

Twilio TURN Server Logs:

WebRTC connection metadata (for debugging only)
No call content is accessible

2. HOW WE USE YOUR INFORMATION

We use your personal information for the following purposes:

2.1 Service Operation

Create and manage your account
Authenticate your identity
Facilitate matchmaking between users
Enable video chat functionality
Display your profile to potential matches
Track call history for your records
Process payments and verify access

2.2 Platform Safety

Enforce Terms of Service
Investigate reports and violations
Implement bans when necessary
Track IP addresses for ban enforcement
Prevent fraud, abuse, and spam
Maintain public blacklist

2.3 Communication

Send service-related notifications
Respond to support inquiries
Notify you of policy changes
Send security alerts

2.4 Improvement and Analytics

Analyze usage patterns
Improve matchmaking algorithms
Fix bugs and technical issues
Develop new features
Understand user demographics

2.5 Legal Compliance

Comply with legal obligations
Respond to law enforcement requests
Protect our rights and property
Enforce our policies

3. LEGAL BASIS FOR PROCESSING (GDPR)

If you are in the European Economic Area (EEA), our legal bases for processing your data are:

Contractual Necessity: To provide the Service you've requested
Legitimate Interests: Platform safety, fraud prevention, analytics
Consent: For optional features like social media sharing
Legal Obligation: Compliance with laws and regulations

4. HOW WE SHARE YOUR INFORMATION

4.1 With Other Users

Your Profile is Visible to:

All active users in the matchmaking queue
Users who receive your referral link

Information Shared:

Name
Gender
Selfie photograph
Introduction video
"Introduced by" badge (if you joined via referral)

Information NOT Shared:

Email address
Password
IP address
Payment information
Social media handles (unless you share them directly in chat)

4.2 Public Blacklist

If you are permanently banned, the following information becomes publicly accessible on our blacklist website:

Your name
Your selfie photograph
Your introduction video
Ban reason (general description)
Number of reports received
Date of ban

This is disclosed to maintain transparency and community safety. By using the Service, you consent to this potential disclosure.

4.3 Third-Party Service Providers

We share limited information with trusted service providers who help us operate the platform:

Stripe (Payment Processing):

Name
Email (if provided)
Payment amount
See Stripe Privacy Policy

Twilio (WebRTC TURN Servers):

Connection metadata for call routing
No personal information or call content
See Twilio Privacy Policy

Cloud Hosting Providers:

Account data (encrypted)
Profile media (selfies, videos)
We use providers compliant with industry security standards

Analytics Services:

Anonymized usage data
Aggregate statistics
No personally identifiable information

4.4 Law Enforcement and Legal Requirements

We may disclose your information if required by law or in good faith belief that such action is necessary to:

Comply with legal process (subpoena, court order)
Protect and defend our rights or property
Investigate fraud or violations
Protect the safety of users or the public
Comply with government requests

4.5 Business Transfers

If BUMPIn is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred. We will notify you of any change in ownership or use of your data.

4.6 With Your Consent

We may share your information with third parties when you explicitly consent or direct us to do so.

5. DATA RETENTION

5.1 Active Accounts

We retain your information for as long as your account is active.

5.2 After Account Deletion

Deleted Within 90 Days:

Name and email
Selfie and video
Social media handles
Session tokens

Retained for Analytics (Anonymized):

Call duration statistics
Platform usage patterns
Aggregate demographics

Retained Indefinitely:

Ban records (if applicable)
Public blacklist entries
Reports filed by or against you (for safety)
IP addresses associated with bans

5.3 Backup Retention

Deleted data may persist in backups for up to 90 days before permanent deletion.

5.4 Legal Holds

We may retain data longer if required by law or legal process.

6. DATA SECURITY

6.1 Security Measures

We implement industry-standard security measures including:

HTTPS/TLS encryption for data in transit
Encrypted storage for sensitive data
Password hashing (bcrypt with cost factor 12)
Secure session token generation
IP-based access control
Regular security audits

6.2 WebRTC Peer-to-Peer Encryption

Video chats use WebRTC, which provides end-to-end encryption between participants. We do not have access to the content of your calls.

6.3 No Absolute Security

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You use the Service at your own risk.

6.4 Account Security

You are responsible for:

Keeping your password confidential
Using a strong, unique password
Logging out after use on shared devices
Notifying us of unauthorized access

7. YOUR RIGHTS AND CHOICES

7.1 Access and Portability

You may:

View your profile information in Settings
Request a copy of your data by contacting us at everything@napalmsky.com
Export your data (where technically feasible)

7.2 Correction

You may update your profile information at any time through Settings.

7.3 Deletion

You may delete your account through Settings. See Section 5 for retention after deletion.

7.4 Withdraw Consent

If processing is based on consent, you may withdraw it at any time by:

Disabling optional features
Deleting your account
Contacting us

7.5 Object to Processing

You may object to processing based on legitimate interests. We will evaluate your request and respond accordingly.

7.6 Restrict Processing

You may request restriction of processing in certain circumstances (e.g., while disputing accuracy of data).

7.7 Lodge a Complaint

If you are in the EEA, you have the right to lodge a complaint with your local data protection authority.

8. CHILDREN'S PRIVACY

8.1 Age Restriction

BUMPIn is strictly for users 18 years of age and older. We do not knowingly collect information from anyone under 18.

8.2 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA). If we discover that a user is under 18, we will immediately:

Delete their account and all associated data
Ban their IP address
Report to authorities if appropriate

8.3 Parental Notice

If you believe a minor is using our Service, please contact us immediately at everything@napalmsky.com.

9. INTERNATIONAL DATA TRANSFERS

9.1 Location of Data

Your information may be transferred to and processed in countries other than your country of residence, including the United States.

9.2 Adequate Protections

When transferring data internationally, we ensure adequate protections including:

Standard contractual clauses
Adherence to Privacy Shield principles (where applicable)
Compliance with GDPR for EEA residents

9.3 Consent to Transfer

By using the Service, you consent to the transfer of your information to countries with different data protection laws.

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 What We Use

Essential Cookies:

Session authentication tokens (required for Service operation)
Local storage for user preferences

Analytics Cookies:

Usage statistics
Feature adoption tracking
Performance monitoring

10.2 Third-Party Cookies

We may use third-party analytics services that set their own cookies. These services are subject to their own privacy policies.

10.3 Cookie Control

You may:

Disable cookies through browser settings (may affect functionality)
Opt out of analytics tracking
Use browser extensions to block tracking

10.4 Do Not Track

We currently do not respond to "Do Not Track" browser signals, as there is no industry standard.

11. CALIFORNIA PRIVACY RIGHTS (CCPA)

11.1 Right to Know

California residents have the right to request disclosure of:

Categories of personal information collected
Sources of personal information
Purposes for collection
Categories of third parties we share with
Specific pieces of personal information held

11.2 Right to Delete

California residents may request deletion of personal information, subject to certain exceptions (e.g., legal obligations, safety).

11.3 Right to Opt-Out

We do not "sell" personal information as defined by CCPA.

11.4 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

11.5 How to Exercise Rights

11.6 Verification

We may request information to verify your identity before processing requests.

12. EUROPEAN UNION PRIVACY RIGHTS (GDPR)

12.1 Rights of EEA Residents

If you are in the EEA, you have the rights described in Section 7, including:

Right of access
Right to rectification
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object
Right to withdraw consent
Right to lodge a complaint

12.2 Data Controller

BUMPIn is the data controller for your personal information.

Contact: everything@napalmsky.com

12.3 Data Protection Officer

Contact: everything@napalmsky.com

12.4 Legal Basis

See Section 3 for our legal bases for processing.

13. CHANGES TO THIS PRIVACY POLICY

13.1 Right to Modify

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

13.2 Notice of Changes

We will notify you of material changes by:

Posting a notice on the Service
Sending an email (if you provided one)
In-app notification

13.3 Effective Date

Changes take effect on the "Effective Date" posted at the top of this document.

13.4 Continued Use

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information:

BUMPIn
Email: everything@napalmsky.com
Website: napalmsky.com
Address: 1506 Nolita, Los Angeles, CA 90026

For GDPR Requests:
Email: everything@napalmsky.com (Subject: "GDPR Request")

For CCPA Requests:
Email: everything@napalmsky.com (Subject: "CCPA Request")

For General Privacy Questions:
Email: everything@napalmsky.com

15. SPECIFIC DISCLOSURES FOR CALIFORNIA RESIDENTS

In the past 12 months, we have collected and disclosed the following categories of personal information:

| Category | Collected | Disclosed to Third Parties | Sold | |----------|-----------|---------------------------|------| | Identifiers (name, email, IP) | Yes | Service providers | No | | Personal characteristics (gender, age) | Yes | Service providers | No | | Commercial information (payment history) | Yes | Stripe only | No | | Internet activity (usage data) | Yes | Analytics providers | No | | Audio/visual (selfie, video) | Yes | Cloud storage providers | No | | Geolocation (IP-based) | Yes | No | No |

Sources: Directly from you, automatically collected
Purposes: See Section 2
Third Parties: See Section 4.3

16. DATA PROCESSING ADDENDUM

For enterprise clients or users requiring a Data Processing Agreement (DPA), please contact us at everything@napalmsky.com.

ACKNOWLEDGMENT

By using BUMPIn, you acknowledge that you have read and understand this Privacy Policy and agree to its terms.

Last Updated: October 16, 2025