Privacy Policy
This Privacy Policy is the public policy for the Bumpsy Daisy website and Google Sign-In integration. Canonical URL: https://www.bumpsydaisy.com/privacy.
Bumpsy Daisy (“we”, “us”, “our”) operates https://www.bumpsydaisy.com, a parenting cafe and community space in Bangkok. We offer account registration, Google Sign-In, class booking, memberships, and related services. This policy explains what personal data we collect — including Google user data accessed through Google APIs — and how we access, use, store, share, retain, and delete that data.
Google Sign-In and Google user data
If you choose Sign in with Google or Sign up with Google,
our application uses Google OAuth 2.0 / OpenID Connect to authenticate you.
We request only the following OAuth scopes: openid, email,
and profile. We do not request access to Gmail, Google Drive,
Contacts, Calendar, or any other Google product data beyond basic sign-in profile information.
1. Data accessed (Google user data)
Through Google’s userinfo / OpenID Connect endpoint, our application accesses and may collect the following Google user data:
- Google account identifier (
sub) — a unique ID for your Google account, used to link your Google identity to your Bumpsy Daisy account. - Email address — your Google account email, used as your Bumpsy Daisy login identity.
- Email verification status — whether Google reports the email as verified (we only complete sign-in for verified emails).
- Name — given name and family name (or equivalent name fields Google returns under the
profilescope), used to populate your account profile. - Profile picture URL (if provided by Google) — may be present in the Google response during sign-in; we do not permanently store or display Google profile photos in our application today.
During the sign-in flow we temporarily receive a short-lived Google access token solely to complete authentication and retrieve the userinfo fields above. We do not store Google access tokens or refresh tokens in our database after sign-in completes.
2. Data usage (how Google user data is used)
We use Google user data only for the following purposes:
- To authenticate you and create, find, or sign in to your Bumpsy Daisy account.
- To link your Google account ID to your Bumpsy Daisy user record so future Google Sign-Ins work.
- To set or update your account email and name on first Google Sign-In / registration.
- To mark your email as verified when Google confirms verification.
We do not use Google user data for advertising, marketing lists, selling data, training AI models, or for any purpose unrelated to authenticating and operating your Bumpsy Daisy account and the services you request (such as class bookings and memberships associated with that account).
3. Data sharing (Google user data and third parties)
We do not sell Google user data. We do not share Google user data with third parties for advertising or unrelated analytics.
Limited sharing / disclosure that may involve account information (including data originally obtained from Google Sign-In) occurs only as follows:
- Service providers / processors: our hosting and database infrastructure stores account records needed to run the site. These providers process data on our behalf to host and operate the service.
- Payment processing (Stripe): if you make a purchase, we may send Stripe information needed to process payment (for example your email and booking/membership details). Stripe does not receive your Google account ID or Google OAuth tokens from us for advertising. Stripe’s processing is governed by Stripe’s Privacy Policy.
- Staff operations: authorised Bumpsy Daisy staff may see your name and email in admin tools to manage bookings, check-in, memberships, and customer support.
- Legal requirements: we may disclose information if required by law or to protect the security and integrity of our service.
Google’s own handling of data when you use Google Sign-In is described in Google’s Privacy Policy. Separately, we may use Google Analytics for aggregated website usage statistics; that analytics use is not a transfer of Google Sign-In OAuth profile data from our application to third parties for advertising.
4. Data storage and protection
- Account and Google-linked identity data are stored in our application database on secured servers.
- We store your Google account ID in an OAuth identities table linked to your user account, plus email and name on your user profile.
- Passwords for email/password accounts are stored as one-way hashes. Google Sign-In accounts may have no local password until you set one.
- The site is served over HTTPS in production. Sessions use secure cookie practices appropriate to the environment.
- Access to production systems and customer data is limited to authorised personnel who need it to operate the service.
- We do not store Google OAuth access tokens or refresh tokens after the sign-in exchange completes.
5. Data retention and deletion
Retention:
- We retain your account profile (including email, name, and Google account link) while your account remains active.
- We retain booking, membership, and payment reference records as needed to provide the service, meet accounting/legal obligations, and resolve disputes.
- Server logs used for security and troubleshooting are retained for a limited period and then deleted or rotated.
Deletion:
You may request deletion of your Bumpsy Daisy account and associated personal data (including the stored Google account link and profile fields obtained via Google Sign-In) by emailing bumpsydaisybkk@gmail.com with the subject line “Account deletion request” and the email address on your account.
After verifying the request, we will delete or anonymise your account personal data within a reasonable period, except where we must retain limited records (for example completed payment references or bookings) for legal, accounting, or fraud-prevention purposes. Deleting your Bumpsy Daisy account does not delete your Google Account; you can also revoke our app’s access in your Google Account permissions.
Other information we collect (non-Google Sign-In)
- Account data you provide: name, email, password (if set), phone (if provided), language preference.
- Bookings and memberships: class bookings, seat counts, payment references, membership status, and related service history.
- Payment data: processed by Stripe; we store payment status/references, not full card numbers.
- Usage and technical data: pages visited (via analytics where enabled), browser type, IP address, and server logs for security and troubleshooting.
- Cookies: session/sign-in cookies, language preference, and security cookies (such as CSRF protection).
How we use other information
- To create and manage your account and profile.
- To process class bookings, memberships, and related payments.
- To send service-related emails (booking confirmations, password resets).
- To personalise language settings and improve the site.
- To keep the site secure and prevent abuse.
Children’s information
Our services are intended for parents and carers. Accounts are for adults. Class bookings may relate to classes for children, but we do not knowingly collect personal information directly from children for account creation.
Your rights
Depending on where you live, you may have rights to access, correct, or delete your personal data, or to object to or restrict certain processing. Contact us at bumpsydaisybkk@gmail.com to make a request.
Contact
For privacy questions, Google user data questions, or deletion requests, email bumpsydaisybkk@gmail.com.
Privacy Policy URL: https://www.bumpsydaisy.com/privacy