Privacy Policy

Bump & Bundle (“we”, “us”, “our”) operates the website bumpandbundle.com. We are committed to protecting your personal data and respecting your privacy. This policy explains what data we collect, why we collect it, and how we use it.

If you have any questions, contact us at: hello@bumpandbundle.com

• Email address — collected when you sign in via our one-time code system. Used to identify your account and send sign-in codes.
• Name — provided by you when setting up your registry. Used to personalise your experience and your registry page.
• Registry data — product wishlists, due dates, and registry preferences you choose to add.
• Usage data — pages visited, search queries made within the app. Used to improve the service. This data is anonymised and aggregated.
• Device & browser data — IP address, browser type, device type. Collected automatically for security and performance purposes.

• To provide and operate the Bump & Bundle service
• To send you sign-in codes and important account notifications
• To display price drop alerts and registry updates
• To personalise your dashboard and registry experience
• To improve our service through anonymised analytics
• To comply with legal obligations

We will never sell your personal data to third parties.

We process your data under the following lawful bases (UK GDPR):

• Contract — processing necessary to provide you with the service you've signed up for
• Legitimate interests — improving our service, preventing fraud, and ensuring security
• Consent — where you have explicitly agreed, such as optional marketing communications

We use essential cookies to keep you signed in and maintain your session. We do not use advertising or tracking cookies. See our Cookie Policy for full details.

We use the following third-party services which may process your data:

• Resend — email delivery service used to send sign-in codes
• Neon — database hosting provider (data stored in the EU/US)
• Vercel — website hosting and infrastructure
• SerpAPI — product search API (search queries only, no personal data shared)

All third-party providers are contractually obligated to protect your data in accordance with applicable data protection law.

Our site contains affiliate links to UK retailers. When you click these links and make a purchase, we may earn a commission. No personal data is shared with retailers beyond what is standard for any web referral. See our Affiliate Disclosure for more information.

We retain your account data for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where we are required to retain it for legal purposes.

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability — receive your data in a machine-readable format
• Withdraw consent at any time

To exercise any of these rights, email us at hello@bumpandbundle.com. We will respond within 30 days.

We may update this policy from time to time. We will notify you of significant changes by email or by a prominent notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.