Last updated: 29 March 2026
Bump is operated by Jacarenda Labs Ltd., registered in England and Wales. We are the data controller for the personal data processed through the Bump platform (“getbump.io”).
Account data: Name, email address, phone number (optional), agency name, business domain.
Usage data: Pages visited, features used, scan results, content generated, lead data captured through your website.
Technical data: IP address, browser type, device information, cookies.
Payment data: Processed by Stripe. We do not store card numbers \u2014 only subscription status and customer ID.
We process your data to: (a) provide the Bump platform and its features; (b) send transactional emails (welcome, notifications, reports); (c) improve our service through anonymised analytics; (d) detect and prevent fraud; (e) comply with legal obligations.
Legal basis: Contract performance (providing the service), legitimate interest (analytics, fraud prevention), and consent (marketing communications).
Bump uses AI models (Anthropic Claude) to generate content, analyse websites, and provide growth recommendations. Your website data and brand profile are processed by AI to produce outputs specific to your agency. We do not use your data to train AI models.
We share data only with: (a) Supabase (authentication and database hosting); (b) Stripe (payment processing); (c) Resend (email delivery); (d) Anthropic (AI content generation \u2014 your data is not used for training); (e) Cloudflare (page hosting and CDN). We do not sell your data to third parties.
We retain your data for as long as your account is active. After account deletion, we retain data for 30 days for recovery purposes, then permanently delete it. Anonymised analytics data may be retained indefinitely.
You have the right to: (a) access your personal data; (b) rectify inaccurate data; (c) erase your data (“right to be forgotten”); (d) restrict processing; (e) data portability; (f) object to processing; (g) withdraw consent at any time.
To exercise these rights, use the in-app support chat or contact us at the address registered with Companies House. We will respond within 30 days.
We use essential cookies for authentication and session management. We use Umami for privacy-friendly analytics (no personal data collected, no cookies set). We do not use advertising or tracking cookies.
Your data is primarily processed within the EU/EEA (Supabase EU region). Where data is transferred outside the EU (e.g., Anthropic in the US), we ensure appropriate safeguards are in place, including Standard Contractual Clauses.
We implement industry-standard security measures including: encryption in transit (TLS), encryption at rest, row-level security on database, webhook signature verification, and regular security audits.
Bump is not intended for use by individuals under 18 years of age. We do not knowingly collect data from children.
We will notify you of material changes via email at least 30 days before they take effect. The “last updated” date at the top reflects the most recent revision.
If you are unsatisfied with our handling of your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.