At Bumppy Media Pvt. Ltd. ("Bumppy", "we", "our", or "us"), we believe that how we handle your information reflects how much we value your trust. This Data Policy explains what data we collect, why we collect it, how we use it, and the choices available to you as a user of our platform — including our media portal, payment services, travel booking, food ordering, e-commerce, and education offerings available at bumppy.com and associated applications.

By accessing or using any Bumppy service, you acknowledge that you have read and understood this policy.

We collect information in three primary ways: what you give us directly, what we gather automatically, and what we receive from third-party partners.

a) Information You Provide

When you register an account, make a booking, process a payment, or contact our support team, you may provide us with your name, email address, mobile number, date of birth, government-issued identification details, billing address, bank account or UPI details, and any preferences or communications you share with us.

b) Information We Collect Automatically

Our systems may record your IP address, device type, operating system, browser type, pages visited, time spent, referring URLs, transaction identifiers, and app usage behaviour.

c) Information from Third Parties

We may receive data from payment processors, travel partners, social media platforms, and identity verification services as required by applicable financial regulations.

We use the information we collect to:

• •Create and manage your Bumppy account
• •Process payments, transfers, and bill payments securely
• •Facilitate flight bookings, food orders, and other transactional services
• •Personalise the news, entertainment, and content you see on our media platform
• •Send you service-related notifications, booking confirmations, and transaction receipts
• •Conduct identity verification in compliance with KYC (Know Your Customer) and AML (Anti-Money Laundering) obligations under applicable Indian law
• •Detect, prevent, and investigate fraudulent activity or unauthorised access
• •Improve and develop our products, features, and user experience
• •Respond to your queries, complaints, or support requests
• •Send you marketing communications where you have given consent (you may opt out at any time)

• •Contractual necessity — to provide the services you have requested
• •Legal obligation — to comply with RBI guidelines, CERT-In directives, GST requirements, and other applicable Indian regulations
• •Legitimate interests — to protect our platform, prevent fraud, and improve our offerings
• •Consent — for marketing communications and optional data sharing with partners

We do not sell your personal data to third parties. We may share your information only in the following circumstances:

• •Service providers: Trusted vendors who assist with payment processing, cloud hosting, analytics, identity verification, and customer support, bound by confidentiality agreements
• •Business partners: Travel operators, restaurant partners, or educational content providers strictly to fulfil your service requests
• •Regulatory authorities: Government bodies, law enforcement agencies, or courts where we are legally required to disclose information
• •Business transfers: In the event of a merger, acquisition, or restructuring of Bumppy, your data may be transferred as part of that transaction, subject to equivalent privacy protections

Bumppy Payments handles sensitive financial data with particular care. We maintain compliance with PCI-DSS standards for card data handling. Payment credentials, including bank account numbers and UPI IDs, are encrypted in transit and at rest. Our cybersecurity team actively monitors all transactions for suspicious activity. We do not store full card numbers on our servers.

We retain your personal data for as long as your account remains active or as required to provide services to you. For financial transaction records, we retain data for a minimum of five years in accordance with Indian regulatory requirements. When data is no longer required, we securely delete or anonymise it.

Our website and apps use cookies, web beacons, and similar technologies to enhance your browsing experience, remember your preferences, and analyse platform traffic. You may manage cookie preferences through your browser settings; however, disabling certain cookies may affect the functionality of some services. We use both first-party cookies and limited third-party cookies for analytics purposes.

You have the right to:

• •Access the personal data we hold about you
• •Correct inaccurate or incomplete information
• •Delete your account and associated data, subject to legal retention obligations
• •Withdraw consent for marketing communications at any time
• •Port your data in a machine-readable format upon request
• •Object to processing where we rely on legitimate interests

To exercise any of these rights, contact us at the details provided in Section 13 below.

We implement industry-standard technical and organisational measures to protect your data from unauthorised access, disclosure, alteration, or destruction. These include SSL/TLS encryption, multi-factor authentication for sensitive operations, regular security audits, role-based internal access controls, and a dedicated cybersecurity team. While we take every reasonable precaution, no system is entirely immune to risk, and we encourage you to keep your account credentials confidential.

Bumppy's services are intended for users who are 18 years of age or older. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal information without parental consent, we will take steps to delete that information promptly.

We may update this Data Policy from time to time to reflect changes in our services, technology, or legal obligations. When we make material changes, we will notify registered users by email or through a prominent notice on our platform. Your continued use of Bumppy's services after the effective date of any update constitutes your acceptance of the revised policy.