Privacy Policy

We collect the following categories of information when you use BumpEvents:

• Account information: Your name, email address, and profile image when you register or sign in with Google or Microsoft.
• Profile data: Bio, avatar, and any other information you add to your public profile.
• Event data: Details of events you create, including titles, descriptions, images, locations, and dates.
• Usage data: Pages visited, features used, and interaction timestamps — collected via server logs.

We use collected information to:

• Operate, maintain, and improve the BumpEvents platform.
• Authenticate your identity and secure your account.
• Display your public profile and events to other users.
• Send transactional notifications (e.g. RSVP confirmations).
• Analyse usage patterns to improve the product experience.

We do not sell your personal data to third parties or use it for advertising profiling.

BumpEvents uses Google OAuth 2.0 and Microsoft OAuth 2.0 for social sign-in. When you choose to sign in with these providers, you are redirected to Google's or Microsoft's login page. We receive only your name, email address, and profile picture as authorised by you during the consent flow.

BumpEvents does not store OAuth access tokens or refresh tokens beyond the duration of your active session. Sessions are managed via secure, HTTP-only cookies with a limited expiry.

Your data is stored in a MySQL database hosted on a secure server. We implement the following technical safeguards:

• Passwords are hashed using bcrypt (≥12 rounds) — we never store plaintext passwords.
• All connections to the platform use HTTPS/TLS.
• Database credentials and API secrets are stored as environment variables, never in source code.
• Uploaded images are validated for file type and size before storage.

While we take reasonable precautions, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

BumpEvents uses session cookies to keep you signed in. These are HTTP-only, Secure cookies that are not accessible to JavaScript. We do not use tracking cookies or third-party advertising cookies.

The following third-party services are used to operate BumpEvents:

• Google Identity — optional OAuth sign-in.
• Microsoft Identity — optional OAuth sign-in.

Each third-party service has its own privacy policy. We encourage you to review them.

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data via your profile settings.
• Delete your account and associated data by contacting us.
• Withdraw consent for optional data uses at any time.

To exercise any of these rights, please reach out via the contact form on our website.

BumpEvents is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Your continued use of BumpEvents after any changes constitutes your acceptance of the updated policy.

For questions or concerns about this Privacy Policy, or to exercise any of your data rights, email us at [email protected].