SHUTDOWN VERSION
Last Updated: 10 December, 2025
Effective From: 10 December, 2025
Introduction
This Privacy Policy explains how Bumper (“we”, “us”, “our”) handles personal data following the permanent shutdown of the Bumper Protocol and retirement of the Bumper application interface (“dApp”).
As of 10 December, 2025, Bumper no longer provides active services, no longer operates a user interface for blockchain interaction, and no longer collects new personal information except where strictly required for legal, compliance, or security obligations.
All references to ongoing product development, service optimisation, or marketing-related processing in earlier versions of this policy are no longer applicable.
We remain committed to handling any retained personal data lawfully, transparently, and securely during and after the shutdown process.
Data Control
The below contact should be used for all data-protection enquiries, including access, deletion, and right-to-erasure requests.
Email: support@bumper.fi
What Personal Data We Still Process
Post-shutdown, we process very limited categories of personal data, solely for legal, compliance, and support-transition purposes.
We may retain the following categories of personal data:
Contact & Identification Information
- Email addresses you previously provided
- Correspondence sent to Bumper support
- Optional information you supplied (e.g., name, role)
Technical Information (Legacy Only)
- IP addresses captured in historical logs
- Minimal system logs preserved for security, debugging, or fraud prevention
- Transaction identifiers you previously submitted (for support purposes)
These logs are no longer actively collected; only historical records may remain.
Blockchain Wallet Addresses
Wallet addresses are inherently public.
We may store them only if:
- You shared them voluntarily during support interactions, or
- They exist in historical support logs.
We do not analyse or track on-chain activity.
Legal, Compliance & Security Records
These may include:
- Records of data-subject-rights requests
- Fraud-prevention records
Documentation required to comply with legal obligations
Aggregated or Anonymised Data
Data that has been fully anonymised is not considered personal data and may be retained indefinitely.
Categories of Data We No Longer Collect
As of the shutdown date, Bumper does not collect:
- Analytics or behavioural tracking
- Cookies other than strictly necessary cookies
- Marketing or advertising identifiers
- Usage statistics
- Onboarding or registration information
- Device profiling
- Automated decision-making or profiling data
- Any new user submissions via a dApp interface (because the dApp has been retired)
All marketing, analytics, optimisation, and user-experience processing has been permanently discontinued.
Why We Process Personal Data (Post-Shutdown Purposes)
We now process personal data only for the following limited purposes:
Compliance With Legal Obligations
Including:
- Retaining financial or contract-related records
- Responding to legal claims or regulatory requests
- Maintaining necessary audit trails
- Record-keeping required by applicable law
Security, Fraud Prevention & Abuse Detection
To:
- Protect against malicious activity
- Maintain system integrity
- Investigate troubleshooting requests submitted before shutdown
Responding to Data-Subject Requests
Including:
- Access, rectification, deletion, portability, and objection requests
- Verification of identity for such requests
Providing Temporary Shutdown Support
Until 17 December, 2025, personal data may be used for:
- Responding to user enquiries regarding access to on-chain assets
- Communicating changes to legal documentation
After that date, the support function will be closed.
Legal Claims, Defence & Dispute Resolution
To establish, exercise, or defend legal claims.
Lawful Bases for Processing
Post-shutdown, we rely on the following lawful bases under GDPR/UK GDPR:
- Legal Obligation (Art. 6(1)(c))
- Legitimate Interests (Art. 6(1)(f)) — limited to:
- fraud prevention
- security
- preservation of necessary records
- Consent, but only where previously and explicitly provided (e.g., email opt-in). No new consent-based processing is conducted.
We do not rely on legitimate interests for:
- marketing
- analytics
- product development
- service optimisation
…as these activities have ceased.
How Long We Keep Personal Data (Retention)
We apply strict retention limits now that Bumper is shut down.
Support & Correspondence Data
Retained for 6 months after last contact, then deleted.
Analytics/Technical Logs (Historical Only)
Retained for 90 days from shutdown date, then deleted or anonymised.
Legal/Compliance-Required Data
Retained for up to 6 years where necessary to:
- comply with statutory retention obligations
- defend against potential legal claims
Data Pending Deletion Requests
Retained only until we have verified and executed the request.
Anonymised Data
Retained indefinitely.
Data Sharing & Third Parties
Post-shutdown we share personal data only with:
Service Providers
For:
- hosting
- email support
- secure data storage
- compliance processing
These providers act strictly under data-processing agreements.
Legal or Regulatory Authorities
Only where legally required.
Professional Advisors
Such as legal counsel or auditors, where necessary.
We do NOT share data with:
- advertisers
- marketing networks
- analytics providers
- third-party commercial partners
- community outreach or partnership programs
All marketing and analytics data-sharing ended at shutdown.
International Data Transfers
If data is transferred outside the UK/EEA, we use one of the following safeguards:
- European Commission Adequacy Decisions
- UK Adequacy Regulations
- Standard Contractual Clauses (SCCs)
- International Data Transfer Agreements (IDTAs)
We ensure any such transfers remain lawful and secure.
Your Rights
You retain all applicable data-protection rights, including:
- Right of access
- Right to rectification
- Right to erasure (“right to be forgotten”)
- Right to object
- Right to restrict processing
- Right to data portability
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
We will respond to rights requests within one month, unless legally extended.
Requests should be sent to support@bumper.fi.
Children’s Privacy
Bumper does not knowingly collect personal data from children.
No new data from minors will be accepted post-shutdown.
Cookies and Tracking
As of the shutdown date:
- Analytics cookies have been disabled
- Marketing cookies have been removed
- Only essential/functional cookies may remain (e.g., for website operation)
A simplified cookie banner or statement may be shown for transparency.
Security
We implement appropriate organisational and technical measures to protect retained personal data, including:
- encryption
- access control
- storage minimisation
- secure deletion
- pseudonymisation where possible
No system is fully secure, but we make reasonable efforts to minimise risks during the wind-down period.
End of Support & Data Minimisation Commitment
After 17 December, 2025, Bumper will:
- cease responding to general support enquiries
- archive or delete non-essential data
- retain only legally-required records
- no longer process any personal data except for compliance and dispute resolution
Changes to This Policy
This Privacy Policy has been rewritten to reflect the shutdown of Bumper.
Any future updates will be posted on bumper.fi, and material changes will be timestamped.
Contact Us
For all privacy or data-protection enquiries email support@bumper.fi.
Changelog
Version [Current] — Full Rewrite for Shutdown
- Removed marketing and analytics sections
- Removed product improvement and optimisation purposes
- Added “Service Sunset” and explicit shutdown references
- Added strict data-minimisation and retention limits
- Added detailed legal bases post-shutdown
- Reduced categories of processing
- Refined third-party sharing
- Added international transfer safeguards
- Added a clear retention schedule
- Added post-shutdown support window
- Added deletion/anonymisation commitment
- Reformatted for clarity and compliance
