Bounce | Privacy Policy

Last updated: 20 November 2025

This Privacy Policy explains how Bounce ("we", "our", "us") collects, uses, shares and protects personal data when you use our website at www.bounceexperiences.co.uk (the “Site”) and the services we provide through the Site (the “Services”). By using the Site or Services you accept the practices described in this Privacy Policy.

1. Controller and contact details

The data controller for personal data collected through the Site is Bounce. If you have any questions about this Privacy Policy or our data practices, contact us:

• Email: [email protected]
• Website: www.bounceexperiences.co.uk

2. What personal data we collect

We collect personal data that you provide to us and data collected automatically when you use the Site. Examples include:

• Account information: name, email address, password (securely hashed) and profile information when you register an account or sign in (including via third-party sign-in such as Google).
• Contact information: email, phone number and address you provide to book or sell services.
• Payment & billing data: where applicable, payment card details and billing address — note: we do not store full card numbers on our servers if you use a third-party payment processor (see Section 7).
• Business details: for instructors and businesses listing on Bounce (e.g., business name, qualifications, insurance info, availability).
• Communications: messages between users and businesses, support requests, and any content you submit.
• Usage & analytics: pages visited, features used, device and browser information, IP address, cookies and similar tracking technologies.
• Support & verification: information you provide to verify identity or resolve disputes (e.g., ID documents, where necessary and lawful).

3. How we collect personal data

• Directly from you when you register, create a listing, make a booking, contact support, or otherwise provide information.
• Automatically through the use of cookies and analytics tools when you visit the Site.
• From third parties you choose to connect (for example, when you sign in with Google) or third-party services we use (e.g., hosting provider, analytics, payment processors).

4. Purposes of processing & lawful bases

We process personal data for the following purposes and rely on the corresponding lawful bases under UK GDPR:

• To provide the Service: creating and managing accounts, listings, bookings and payments — performance of a contract.
• To communicate: send transactional emails, booking confirmations and customer support — performance of a contract / legitimate interest.
• To improve the Site: analytics, feature development and personalisation — legitimate interests (balancing test applied).
• To comply with legal obligations: record keeping, tax and fraud prevention — legal obligation.
• For marketing: newsletters and promotional messages where you have consented — consent. You can withdraw consent at any time.

5. Cookies and similar technologies

We use cookies and similar technologies to operate the Site, remember your preferences, and collect analytics. Typical categories:

• Essential cookies: required for login, security, and core functionality.
• Performance & analytics: used to understand usage (we use Google Analytics by default).
• Functional: remember your settings and preferences.
• Advertising/third-party: where applicable for promotions (only if you consent where required).

You can manage cookie preferences through your browser settings and, where provided, via our cookie banner. To opt out of Google Analytics tracking, see Google’s tools (for example, the Google Analytics opt-out browser add-on) or visit Google’s privacy pages.

6. Third parties and data sharing

We share personal data with third parties to provide and improve the Service. These include:

• Hosting & infrastructure: Microsoft Azure (we host the Site and data on Azure).
• Authentication: ASP.NET Core Identity and optional third-party sign-in providers (e.g. Google Sign-In) for account management.
• Analytics: Google Analytics for site usage statistics.
• Stripe (Payment Processing): We use Stripe to process payments securely. When you make a purchase, your payment information is transmitted directly to Stripe and is not stored on our servers. Stripe processes personal data such as your name, email address, billing address, payment card details, device information, and transaction data in order to verify payments, prevent fraud, and comply with legal obligations. Stripe acts as an independent data controller for much of this processing. You can learn more by reviewing Stripe’s Privacy Policy at: https://stripe.com/privacy.
• Legal & compliance: law enforcement, courts, or other authorities if required by law or to protect rights and safety.

We require third parties to process personal data in accordance with applicable law and to maintain appropriate technical and organisational measures.

7. International transfers

Some service providers we use may be located outside the UK. Where personal data is transferred outside the UK/EEA, we will ensure appropriate safeguards are in place (for example, Standard Contractual Clauses, adequacy decisions, or other lawful mechanisms) to protect your information.

8. Data retention

We retain personal data only for as long as necessary to fulfil the purposes set out in this policy, to comply with legal obligations, resolve disputes and enforce our agreements. Typical retention periods:

• Account information — for as long as your account exists plus a limited period afterward to meet legal obligations and allow re-registration.
• Booking and transaction records — retained to meet tax, accounting and dispute resolution requirements (commonly several years depending on law).
• Analytics data — aggregated and/or retained for a period to improve the Site (retention settings depend on the analytics provider).

9. Your rights

Under applicable data protection law (including the UK GDPR) you have certain rights in relation to your personal data, including:

• The right to access your personal data.
• The right to rectify inaccurate or incomplete data.
• The right to erase personal data (the “right to be forgotten”) subject to legal limitations.
• The right to restrict or object to processing.
• The right to data portability where processing is based on consent or contract and carried out by automated means.

To exercise your rights, please contact us at [email protected]. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your rights have been infringed: ico.org.uk.

10. Security

We use appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. Measures include:

• Hosting on Microsoft Azure with industry standard access controls and network protections.
• Encryption of data in transit (HTTPS/TLS) and at rest where supported by our providers.
• Limiting access to personal data to authorised personnel and using role-based access controls.
• Regular security testing and patching of software stacks (including ASP.NET Core updates).

While we strive to protect your data, no method of transmission or storage is completely secure. If we become aware of a data breach affecting your personal data we will follow applicable legal requirements, which may include notifying affected individuals and regulators.

11. Children

Our services are not directed at children under 16. We do not knowingly collect personal data from children under 16. If you are under 16, do not provide personal data to us. If we learn that we have inadvertently collected data from a child under 16 without verification of parental consent, we will take steps to delete that data.

12. Commercial communications & marketing

We may send you marketing about Bounce services with your consent where required. You can opt out of marketing at any time by following the unsubscribe link in marketing emails or by contacting us at [email protected]. Even if you opt out of marketing, we may still send you transactional or service messages related to your account or bookings.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. If changes are material, we will provide more prominent notice (for example, email) as required by law.

14. Practical information & additional notes

Hosting & tech stack (for transparency): the Site is hosted on Microsoft Azure and built with ASP.NET Core MVC using the default Identity system for authentication. We use Google Analytics for aggregated site analytics. If you use third-party sign-in (for example Google), those providers may collect profile information per their privacy policies.

Please review the privacy policies of the third parties you interact with (for example, Google, payment processors and social login providers) for information on how they process and protect personal data.

15. How to contact us

If you have questions, requests or concerns about this policy or our use of your personal data, contact:

• Email: [email protected]
• Website: www.bounceexperiences.co.uk

This Privacy Policy is provided as a general template and should be reviewed by your legal advisor to ensure it matches your exact data-processing activities, any additional third-party services you use (for example the specific payment processor), and the legal requirements applicable to your organisation.

Thank you for using Bounce.