Bounta ("Bounta," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the Bounta mobile application, website, and related services (the "Service"). By using the Service you consent to the practices described in this Policy.
1. Information We Collect
1.1 Information You Provide Directly
When you create an account or use the Service, we may collect:
- Identity information: name, date of birth, and government-issued identification where required for identity verification (processed by Stripe, not stored by Bounta);
- Contact information: email address, phone number, and mailing address;
- Payment information: card details are collected and tokenized directly by Stripe — Bounta never sees or stores your full card number, CVV, or bank credentials;
- Transaction information: orders, matches, payouts, discounts, and reward distributions;
- Credit card rewards information: the specific merchant offers you make available through the Service (offers only — not card numbers);
- Communications: messages, support requests, and survey responses.
1.2 Information Collected Automatically
- Device information: device type, operating system, unique device identifiers, mobile network information, and crash logs;
- Usage information: pages viewed, features used, timestamps, and interaction patterns;
- Location information: approximate location derived from IP address; precise location only if you explicitly grant permission;
- Cookies and similar technologies: we use cookies, local storage, and similar tools to operate the Service, remember preferences, and measure performance.
1.3 Information From Third Parties
We receive information from Stripe (including identity verification and payout status), from Mailgun (parsed order-confirmation emails used to verify completed orders), and from analytics and fraud-prevention providers.
2. How We Use Your Information
We use personal information to:
- Provide, operate, and maintain the Service, including matching Buyers and Providers;
- Process payments, payouts, refunds, and reward distributions;
- Verify the identity of users and comply with know-your-customer ("KYC") and anti-money-laundering ("AML") obligations;
- Verify that orders have been completed by parsing merchant confirmation emails;
- Detect, prevent, and investigate fraud, abuse, and violations of our Terms of Service;
- Communicate with you about your account, transactions, updates, and support requests;
- Improve the Service, develop new features, and perform analytics;
- Comply with legal obligations, respond to lawful requests, and enforce our rights.
3. Legal Bases for Processing
Where applicable law requires a legal basis for processing (for example, under the EU/UK General Data Protection Regulation), we rely on one or more of the following: performance of a contract with you; compliance with a legal obligation; your consent; and our legitimate interests in operating, securing, and improving the Service, where those interests are not overridden by your rights and freedoms.
4. How We Share Your Information
We do not sell your personal information. We share personal information only in the following circumstances:
| Who we share with | Why |
|---|---|
| Stripe, Inc. | Payment processing, identity verification, payouts via Stripe Connect, and fraud detection (Stripe Radar). |
| Mailgun Technologies, Inc. | Parsing merchant order-confirmation emails to verify completed orders. |
| Cloud and infrastructure providers | Hosting, storage, database, and communications services operating under confidentiality obligations. |
| Analytics and error monitoring providers | Understanding how the Service is used and diagnosing technical issues. |
| Other users of the Service | Limited information necessary to complete a match (e.g., shipping address shared with a matched Provider for order fulfillment). |
| Legal and governmental authorities | Where required by law, court order, or to protect Bounta, its users, or the public. |
| Successors in interest | In connection with a merger, acquisition, financing, or sale of assets, subject to customary confidentiality protections. |
5. Data Retention
We retain personal information for as long as your account is active and for a reasonable period afterward to comply with legal obligations (including tax, accounting, and anti-fraud requirements), to resolve disputes, and to enforce our agreements. Transaction records are typically retained for at least seven (7) years where required by financial regulation.
6. Security
We take world-class security seriously. We implement administrative, technical, and physical safeguards designed to protect your information, including:
- Encryption in transit: all connections to the Service use TLS 1.3;
- Encryption at rest: sensitive data is encrypted using AES-256;
- PCI DSS compliance: all cardholder data is handled exclusively by Stripe, a PCI Service Provider Level 1 processor — the highest level of certification in the payments industry;
- Access controls: strict role-based access, multi-factor authentication, and audit logging for all production systems;
- Fraud detection: real-time transaction screening by Stripe Radar, backed by machine-learning models trained on billions of payments;
- Data minimization: we collect only what we need and delete data when it is no longer required.
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
7. Your Rights
Depending on your jurisdiction, you may have the following rights with respect to your personal information:
- Access: request a copy of the personal information we hold about you;
- Correction: ask us to correct inaccurate or incomplete information;
- Deletion: request that we delete personal information, subject to legal retention obligations;
- Portability: request a machine-readable copy of information you provided to us;
- Objection and restriction: object to, or ask us to restrict, certain processing;
- Withdraw consent: where processing is based on consent, you may withdraw it at any time;
- Complain: lodge a complaint with your local data protection authority.
To exercise any of these rights, email hello@bounta.app. We will respond within the timeframe required by applicable law.
8. California Privacy Rights
If you are a California resident, the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), provides you with additional rights, including the right to know what personal information we collect, use, disclose, and (where applicable) sell or share; the right to delete; the right to correct; the right to limit the use of sensitive personal information; and the right to non-discrimination for exercising your rights. Bounta does not sell personal information and does not share personal information for cross-context behavioral advertising. To exercise your California rights, email hello@bounta.app.
9. Children's Privacy
The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will take steps to delete it.
10. International Transfers
Bounta is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate. Where required, we implement appropriate safeguards for such transfers.
11. Third-Party Links
The Service may contain links to third-party merchants, card issuer websites, and other services we do not operate. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy policies before providing information to them.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least seven (7) days before the changes take effect. The "Last updated" date at the top of this Policy reflects the most recent version.
13. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Bounta
Email: hello@bounta.app
Phone: +1 (628) 303-7539