privacy policy

last updated: april 5, 2026

share what you want to share. nothing more.

bump is designed to share as little data as possible. we built it this way on purpose. here's exactly what happens with your information.

what we don't collect

we do not collect, store, or have access to:

your name, email, or any account information (there are no accounts)
phone numbers or social media handles exchanged between users
your location (gps, ip-based, or otherwise)
your contacts, photos, or any other personal data on your device
the content of any interaction between users

how sharing works

you choose what to share — a phone number, an instagram handle, a linkedin, a snapchat. nothing is shared until both people commit. neither person sees the other's info until both have sent. if one person walks away, neither sees anything.

phone numbers are pulled directly from your SIM card via google's phone number hint api. there is no option to type a number manually — what you share is what's on your SIM.

how bluetooth works in bump

all data exchange happens directly between two phones over bluetooth low energy (BLE). the information you share never travels through our servers. on each device, the payload is encrypted with AES-256-GCM using a session key derived via HKDF from server-issued, short-lived session tokens.

we want to be precise about what this means: because our server issues the tokens that seed the key derivation, it holds the cryptographic material that could in principle be used to derive the same session key. in practice the server never receives the encrypted exchange — it happens entirely over bluetooth between the two phones — so there is nothing on our side to decrypt. if you want a guarantee that the server is cryptographically incapable of reading exchanges even if it wanted to, bump is not that product. what bump does guarantee is that exchanges do not transit our infrastructure.

before any personal data is shared, the two phones negotiate what to do — exchange info, play a quick game, or answer rapid-fire questions. these interaction preferences contain no personal information and are also encrypted.

received information is displayed for 15 seconds, then permanently erased from memory. screenshots and screen recording are blocked during this window.

what we do process

to make bump work and prevent abuse, our server processes:

a one-way device hash — derived from your android id with an app-specific salt. we cannot reverse this to identify you or your device.
timestamps — when you request a session token. used for rate limiting (max 10 per hour) and abuse detection.
abuse reports — if someone reports a user, we store the reporter's device hash, the reported device hash, and a reason category. no personal information is included.

data retention

session logs (device hash + timestamp only) are automatically deleted after 7 days
abuse reports are retained until resolved
no personal data is ever written to our database because we don't have any

third-party services

google play billing — if you purchase additional bumps, the transaction is handled entirely by google. we receive a purchase token to verify validity but no payment details.
google play integrity — used to verify your device hasn't been tampered with. the attestation result is not stored.
google phone number hint api — when you choose to share your phone number, it's read from your sim card via google's api. the number is sent directly to the other person over bluetooth. it never reaches our servers.

children's privacy

bump is intended for users 18 years of age and older. we do not knowingly collect any information from minors.

data deletion

bump does not have user accounts, so there is no "delete account" button to press. the only data we hold that is tied to your phone is a one-way device hash — a salted sha-256 of your android id that we cannot reverse to identify you. if you want us to delete that hash and any records associated with it, follow these steps.

how to request deletion:

email [email protected] with the subject line "data deletion request"
you do not need to tell us who you are — include the approximate date and time of any sessions you want purged, and note whether you were involved in any abuse report
we will confirm deletion within 30 days

what gets deleted on request:

your device hash
any entries in our abuse-report tables that reference your device hash
any remaining session-token records issued to your device hash

what is automatically deleted regardless of any request:

session logs (device hash + timestamp) are purged after 7 days
session tokens expire after 60 seconds and are purged from memory
contact info you exchanged with another person lives for 15 seconds on the receiving phone, then is erased — it never reaches our servers at any point

what we cannot delete:

google play billing records — your purchase history is held by google, not by us. to request deletion of those records, contact google play support
records held by another user — contact information you chose to share with someone lives on their device, not ours, and we have no way to reach into it

law enforcement

if we receive a lawful request for data, we can only provide what we have: anonymous device hashes and timestamps. we have no way to identify individual users, and we have no access to any content exchanged between users.

changes to this policy

if we change this policy, we'll update the date at the top. for significant changes, we'll notify users through the app.

contact

questions about this policy? reach us at [email protected]