Bump Privacy Policy
Your privacy matters to us
Effective Date: May 18, 2026
Bump ("we," "us," or "our") operates the Bump mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. Please read this policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- First and last name
- Email address (university-issued email required for verification — currently accepting addresses from Western, Queen's, Waterloo, Laurier, Guelph, and McMaster)
- Profile photo (optional)
- Major, year, hometown, and other optional profile fields
1.2 Bluetooth Low Energy (BLE) Data
Bump uses Bluetooth Low Energy to detect nearby users. We collect:
- Randomized advertising identifiers (advId) — short-lived, non-personal identifiers that rotate periodically
- Encounter timestamps and frequency
BLE proximity detection only determines whether another Bump user is nearby, not your geographic coordinates. BLE scanning runs only when you have explicitly enabled the Bump toggle and is paused automatically during Quiet Hours and any time you disable the toggle.
1.3 Precise Location
Bump can show your own position on the campus map when you tap the "Locate" button. We collect precise location only when you actively press this button; we automatically disable location sharing after 60 seconds and do not access location in the background. Your location is rendered on your own device for navigation purposes only — it is never sent to other users, never shared with third parties, and never written to our servers.
1.4 Chat and Message Data
- Messages you send through the App
- Message metadata (timestamps, read status)
- Friend request and connection data
Ephemeral conversations expire and are deleted after 30–60 hours unless both users become friends.
1.5 Sage AI Chat
Bump includes "Sage," an AI assistant powered by Claude (from Anthropic, PBC). When you send a message to Sage, the message and conversation context are transmitted to Anthropic's API to generate a response, and the response is returned to your device. We do not store Sage conversations on our servers — your conversation history lives on your device only, and you can clear it at any time from the Sage chat's settings menu. Anthropic does not retain your Sage messages for AI model training. By opening a conversation with Sage you consent to your messages being transmitted to Anthropic for the sole purpose of generating a response. For more information about Anthropic's data handling, see Anthropic's Privacy Policy.
1.6 Device Information
- Device type and operating system
- App version
- Crash logs and performance data (via Firebase)
2. How We Use Your Information
We use the information we collect to:
- Provide and operate the Bump service
- Facilitate proximity-based encounters and ephemeral chats
- Verify your UWO student status
- Send you notifications about new bumps, messages, and friend requests
- Improve and optimize the App
- Enforce our Terms of Service and prevent abuse
3. Information Sharing and Disclosure
We do not sell your personal information. We may share information in the following circumstances:
- With other users: Your first name and profile fields you mark as public are visible to users you encounter. Additional profile information is visible to friends.
- Service providers: We use Firebase (Google) for authentication, data storage, cloud functions, and analytics.
- Legal requirements: We may disclose information if required by law or to protect the safety of our users.
4. Data Retention
- Ephemeral chats: Automatically deleted 30–60 hours after creation unless users become friends.
- Encounter data: Bump encounter records are retained on your device and in your private account subcollection for 30 hours, then automatically expire from the active timeline.
- Profile photos: Stored in Firebase Storage until you replace them or delete your account, at which point they are permanently removed.
- Sage conversations: Stored on your device only. Not retained on our servers. Cleared instantly when you tap "Forget everything" in the Sage settings menu.
- Account data: Retained as long as your account is active. You may request deletion at any time from Settings → Account → Delete Account.
- BLE advertising identifiers: Rotate periodically and expire automatically.
5. Privacy Controls
You control your privacy through:
- Public fields: Choose which profile fields (e.g., major, hometown) are visible to non-friends. By default, only your first name is public.
- Bump toggle: Disable BLE broadcasting and scanning at any time.
- Quiet hours: Schedule times when bumping is automatically paused.
- Account deletion: Permanently delete your account and all associated data from Settings → Account → Delete Account.
6. Community Safety, Block, and Report
Bump is designed around safeguards that exist before any user opens the app:
- Verified university membership: Every account must be verified via an approved university-issued email. This filters out bots and impersonation, and keeps the community accountable to a single verified identity.
- Block: You can block any user from a chat, a Bump Spot, or a bumped-profile screen. Blocked users immediately disappear from your chats, your campus map, and any group chats you are in together. Blocking is private — the other user is not notified.
- Report: Long-press a message or open a profile, then tap the report icon. Reports are recorded for moderation review; we may suspend or remove accounts that violate our community standards (harassment, threats, sexual content, impersonation, spam, hate speech).
- Community-driven moderation: When multiple users independently flag the same account, our moderation system surfaces it for review and applies proportional, escalating consequences — designed to be corrective rather than punitive.
- Keyword filtering: Bump Spot titles and descriptions are checked against a banned-keywords list at creation time, blocking sexual content, slurs, drug-trafficking language, and contact information leaks before they reach other users.
7. Security
We use industry-standard measures to protect your data, including Firebase Authentication, Firestore security rules, encrypted communication in transit, and server-side access restrictions. If we become aware of a data breach affecting your account, we will notify you within 72 hours by email and on this page. No method of electronic transmission or storage is 100% secure.
8. Bluetooth and Background Permissions
Bump requires Bluetooth permissions to function. On Android, the App may run a foreground service to maintain BLE scanning in the background. You can disable this at any time through the App settings or your device settings. We only use Bluetooth for proximity detection — never for tracking your location.
9. Children's Privacy
Bump is intended for university students aged 17 and older. We do not knowingly collect information from anyone under the age of 17. If we learn we have collected personal information from someone under 17, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the App or on our website. Your continued use of the App after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:
Email: support@uwobump.ca