Policies

Privacy Policy

Your privacy matters to us. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

Last updated 15 May 2026

BumpBites Health ("BumpBites", "we", "our", or "us") operates bumpbites.health and related services (collectively, the "Service"). This Privacy Policy applies to all visitors, registered users, and content contributors.

1. Information We Collect

Information you provide

  • Account details: name, email address, password (hashed), profile photo (optional).
  • Pregnancy details you choose to enter: due date, last menstrual period, weight, mood, symptoms, journal entries.
  • Content you create: posts, comments, cravings, food ratings, videos, photos.
  • Communications you send to us (support emails, feedback).

Information collected automatically

  • Device and browser information (type, OS, screen size, language).
  • Approximate location derived from your IP address.
  • Usage data: pages viewed, links clicked, search queries, session duration.
  • Cookies and similar technologies (see our Cookie Policy).

Information from third parties

  • If you sign in with Google, we receive your name, email, and profile picture from Google.
  • If you connect Gmail or WhatsApp via BumpBills, we receive the specific data you authorize (e.g., medical-related emails) — read more in our Medical Disclaimer and BumpBills consent flow.

2. How We Use Your Information

  • To provide, personalize, and improve the Service.
  • To answer your food-safety questions and surface relevant content.
  • To send service emails (account verification, security alerts, recall warnings).
  • To send newsletters and product updates — only if you opt in. You can unsubscribe at any time.
  • To analyze usage and improve performance, content, and safety.
  • To detect and prevent fraud, abuse, and unauthorized access.
  • To comply with legal obligations.

3. Legal Basis for Processing (EEA / UK Users)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases: consent (for marketing emails, non-essential cookies), contract (to deliver the Service you signed up for), legitimate interests (security, fraud prevention, product improvement), and legal obligation where required by law.

4. Sharing & Disclosure

We do not sell your personal data. We share it only as follows:

  • Service providers who help us operate the Service (cloud hosting, email delivery, analytics, payment processing). They are contractually bound to use data only for the services we request.
  • Other users: content you post publicly (community posts, cravings, channel videos) is visible to other users.
  • Legal & safety: if required by law, court order, or to protect rights, property, or safety.
  • Corporate transactions: in connection with a merger, acquisition, or sale of assets, with notice to you.

5. Third-Party Services We Use

We rely on the following providers — each has its own privacy policy:

  • Google Firebase (authentication, database, hosting)
  • Google Analytics (usage analytics)
  • Meta Pixel / Conversions API (advertising measurement)
  • OpenAI API (AI-assisted content generation)
  • Shopify (store integration)
  • SendGrid (transactional email)
  • Cloudflare / Google Cloud (CDN, security)

6. Data Retention

We retain personal data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations and resolve disputes. You may request deletion at any time (see Section 8).

7. Security

We use industry-standard safeguards including encrypted transport (HTTPS), access controls, and regular reviews. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated personal data.
  • Object to or restrict certain processing.
  • Receive a portable copy of your data.
  • Withdraw consent at any time (this will not affect prior lawful processing).
  • Lodge a complaint with a supervisory authority.

To exercise any of these rights, email privacy@bumpbites.health.

9. Children's Privacy

The Service is intended for adults aged 18 and older. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, contact us and we will delete it.

10. International Transfers

Your data may be processed in countries other than your own, including the United States. Where required, we use Standard Contractual Clauses or equivalent safeguards to protect international transfers.

11. Changes to This Policy

We may update this Policy from time to time. Material changes will be announced on this page and, where appropriate, by email. The "Last updated" date at the top of this page reflects the most recent version.

12. Contact Us

Questions or requests? Reach us at privacy@bumpbites.health or through our contact page.