Privacy Policy
Last updated: 1 April 2026
1. Who we are
Bumpo (the "Service") is operated by Mindysm OÜ, a private limited company registered in the Republic of Estonia, with its registered office in Tallinn, Estonia ("Mindysm", "we", "us", "our"). Mindysm is the data controller for any personal data processed in connection with the Service. You can contact us at privacy@bumpo.fun.
2. Summary
Bumpo is designed to require as little information about you as possible. In this version of the Service:
- we do not require an account, email address, or login;
- we do not collect payment information;
- we do not collect or store persistent personal profiles;
- the nickname and colour you choose exist only for the duration of your play session and are not tied to a user record;
- we do not knowingly collect any personally identifying information (PII) from players in this version of the Service.
3. What we process
The limited information we do process is:
- Session data. The nickname and character colour you pick, your current room assignment, and gameplay state (position, inputs, match events). This data lives in server memory for the duration of the match and is discarded when the match ends or the room disposes.
- Connection metadata. When your browser connects to our servers, the connection carries your IP address and a user-agent string, as with any website. We use this transiently to route your WebSocket connection, to protect the Service from abuse (rate limiting, blocking malicious traffic), and to produce aggregate operational logs. We do not use IP addresses to build marketing profiles.
- Operational logs. Short-lived server logs that record errors, request paths, and performance metrics. Logs are retained for up to 30 days and then deleted.
We do not use advertising cookies. We do not use cross-site tracking. We do not sell personal data.
4. Legal bases (GDPR)
Where the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") applies, we process the limited data described above on the following legal bases:
- Performance of a service at your request (Article 6(1)(b) GDPR) — to operate the game while you are playing it;
- Legitimate interests (Article 6(1)(f) GDPR) — to secure the Service against abuse, to keep it running reliably, and to diagnose faults. We have weighed these interests against the limited, transient nature of the data processed and consider the impact on players' privacy to be minimal.
5. Who we share data with
We share data only with service providers who help us run the Service and who process data on our behalf under written instructions (processors under Article 28 GDPR). These currently include our cloud infrastructure provider (Google Cloud, primarily in EU regions for hosting and DNS). We do not sell or rent personal data. We do not transfer data outside the European Economic Area except where a valid transfer mechanism recognised by EU law is in place.
6. Cookies and local storage
The marketing site at bumpo.fun does not set
advertising, analytics, or tracking cookies. The game client at
app.bumpo.fun may use your browser's local storage to
remember in-session preferences (for example, the nickname you just
typed) purely on your device. You can clear this at any time from
your browser settings.
7. Retention
Gameplay state is held in server memory only while the match is running and is discarded when the room disposes. Operational logs are retained for up to 30 days. We do not maintain persistent profiles of individual players.
8. Security
We apply commercially reasonable technical and organisational measures to protect the Service and any data it handles, including encrypted transport (TLS), access controls, and minimisation of stored data. No online service can be guaranteed to be completely secure; report suspected vulnerabilities to security@bumpo.fun.
9. Your rights (GDPR)
If you are in the European Economic Area, the United Kingdom, or another jurisdiction with equivalent law, you have the following rights in relation to personal data we hold about you: access, rectification, erasure, restriction of processing, objection to processing, and, where applicable, data portability. Because this version of the Service does not create persistent user profiles, we typically do not hold data that can be linked to an identifiable individual beyond short-lived operational logs. If you believe we hold personal data about you, you can contact us at privacy@bumpo.fun and we will respond within one month.
You also have the right to lodge a complaint with a supervisory authority. In Estonia, the competent authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, www.aki.ee). You may also contact the supervisory authority in your country of residence or the place of the alleged infringement.
10. Children
Bumpo is not directed at children under 13, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us and we will take appropriate steps to delete it.
11. Changes to this policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes become effective when posted. Your continued use of the Service after changes are posted constitutes your acknowledgement of the updated policy.
12. Contact
Questions about privacy can be sent to privacy@bumpo.fun.