Bounty Privacy Policy

Last Updated: 19 March 2026

Bounty-labs, ("Bounty", "we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Bounty mobile application and associated services.

www.bounty-labs.com

1. Introduction

This Privacy Policy complies with the Swiss Federal Act on Data Protection (nDSG/FADP, in force since 1 September 2023). As Bounty currently operates exclusively within Switzerland and is directed solely at Swiss residents, EU/GDPR requirements do not apply at this stage. Should the platform expand in a manner that brings EU residents within its scope, this policy will be updated accordingly.

By using the Bounty App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

2. Data Controller

The data controller responsible for your personal information is:

Bounty-labs

Email: support@bounty-labs.com

Website: www.bounty-labs.com

Canton of Vaud, Switzerland

As data controller, we determine the purposes and means of processing your personal data. For all privacy-related enquiries or requests, please contact us at the email address above.

3. Personal Data We Collect

3.1 Information You Provide Directly

When you register and use Bounty, we collect the following personal data that you provide to us:

  • Full name (first and last name);
  • Email address;
  • Swiss mobile phone number;
  • Profile photograph (optional but recommended);
  • Languages spoken;
  • Soft skills listed on your profile;
  • Bank account details (IBAN, processed and stored by Stripe Connect — not directly by Bounty);
  • Payment card details (processed and stored by Stripe — not directly by Bounty);
  • Bounty listings you create, including title, description, location, time, and payout amount;
  • Ratings and reviews you submit;
  • Dispute submissions and supporting evidence;
  • Communications with our support team.

3.2 Information Collected Automatically

When you use the App, we automatically collect certain technical and usage data:

  • Device information (device model, operating system version, unique device identifiers);
  • IP address and network information;
  • Firebase Cloud Messaging (FCM) token for push notifications;
  • App usage data (features accessed, time spent, actions taken);
  • Crash reports and performance data;
  • System language preference.

3.3 Location Data

Bounty collects your precise geolocation data when you use the App with your permission. Location data is used to:

  • Display nearby Bounties on the map;
  • Verify that you are within the required distance (200 metres) to start a Bounty;
  • Enable location search and map rendering via our mapping provider;
  • Restrict search results to the Canton of Vaud.

You can disable location access in your device settings, but this will significantly limit the functionality of the App. We only collect location data while the App is in use ("when in use" permission).

3.4 Phone Number Sharing for Direct Communication

When you claim a Bounty (as a Tasker) or have your Bounty claimed (as a Poster), your registered phone number is shared with the other party to enable direct communication through external messaging applications (SMS, WhatsApp, iMessage). This sharing is necessary to facilitate coordination of the task and occurs only for claimed Bounties.

By claiming or posting a Bounty, you consent to this sharing as described in our Terms and Conditions, Section 3.

4. How We Use Your Personal Data

4.1 Contract Performance

The following processing is necessary for the performance of our contract with you:

  • Creating and managing your account;
  • Matching Posters with Taskers;
  • Processing payments and payouts through Stripe;
  • Facilitating the start, confirmation, and completion of Bounties;
  • Enforcing cancellation and penalty policies;
  • Sending transactional notifications (Bounty claimed, started, completed, payment received, etc.);
  • Sharing phone numbers between Posters and Taskers for claimed Bounties to enable direct communication.

4.2 Legitimate Interests

We process the following data on the basis of our legitimate interests in operating a safe, fair, and functional platform. We have assessed that these interests are not overridden by your fundamental rights and freedoms, having regard to the limited and proportionate nature of the data involved and the reasonable expectations of users of a peer-to-peer task platform:

  • Maintaining platform safety and preventing fraud;
  • Operating the ratings and review system;
  • Sending push notifications about Bounty status updates;
  • Improving the App's functionality and user experience;
  • Analysing usage patterns to enhance our Services;
  • Managing and resolving disputes between users;
  • Enforcing our Terms and Conditions and Community Standards.

4.3 Legal Obligations

We may process your data to comply with applicable Swiss law, including:

  • Anti-money laundering regulations;
  • Tax reporting obligations;
  • Responding to lawful requests from public authorities;
  • Complying with court orders or legal proceedings.

4.4 Consent

Where required by law, we will seek your consent before processing your data, including for any processing not covered by the above legal bases. We do not currently send marketing communications.

If you provide consent for any specific processing activity, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

5. Third-Party Service Providers

5.1 Stripe

Stripe, Inc. and its affiliates process payment card data and bank account information on our behalf. Stripe acts as a data processor for payment processing and as an independent data controller for KYC verification. Data shared with Stripe includes your name, email, phone number, bank account details (IBAN), and transaction information. Stripe's privacy policy is available at stripe.com/privacy. Stripe may transfer data to the United States; such transfers are protected by appropriate safeguards including Standard Contractual Clauses.

5.2 Google Firebase

We use Google Firebase (Google LLC) for the following services:

  • Firebase Authentication — user account management;
  • Firebase Firestore — storing user profiles, Bounty data, and transaction records;
  • Firebase Storage — storing profile photographs;
  • Firebase Cloud Messaging (FCM) — delivering push notifications;
  • Firebase Functions — server-side processing.

Data processed by Firebase may be stored on servers in the European Union or United States. Google's privacy policy is available at policies.google.com/privacy.

5.3 Mapbox

We use Mapbox, Inc. for map rendering, location search, geocoding, and proximity verification services. The following personal data is transmitted to Mapbox in connection with your use of the App:

  • Precise GPS coordinates: When you open the map or browse nearby Bounties, your device's real-time GPS coordinates are transmitted to Mapbox to render the interactive map and display Bounties within your vicinity. This is functionally equivalent to how location-based apps such as scooter-sharing services use mapping providers to display live map tiles centred on your current position.
  • Location search queries: When you type an address or location name into the search bar, your search query text is transmitted to Mapbox's geocoding API to return matching address results. These queries may inherently reveal information about locations you are interested in or intend to visit.
  • Reverse geocoding requests: When a Poster pins a task location on the map, the selected GPS coordinates are sent to Mapbox to retrieve a human-readable address. This process transmits precise coordinate data to Mapbox's servers.
  • IP address: As with all server-side API requests, your IP address is transmitted to Mapbox as part of standard network communication when your device contacts Mapbox's services.

Mapbox processes this data as an independent data controller for the purpose of providing its mapping and geocoding API services. Bounty does not instruct Mapbox on how to use this data beyond the immediate API request. Mapbox may retain and use data in accordance with its own privacy policy, available at mapbox.com/legal/privacy. Data transmitted to Mapbox may be processed on servers located in the United States. Bounty has no control over Mapbox's independent data processing activities beyond the transmission of the API request itself.

Location data transmitted to Mapbox is used solely for the purposes described above and is not persistently stored by Bounty beyond the current session. If you wish to limit the transmission of location data to Mapbox, you may disable location permissions for the Bounty App in your device settings, though this will significantly affect the App's core functionality.

5.4 External Messaging Platforms

When you use the "Contact" button to communicate with another user through external messaging applications (SMS, WhatsApp, iMessage, etc.), your communications are transmitted through and processed by those third-party platforms. Bounty has no access to, control over, or responsibility for the content of these communications or how they are processed by the messaging platform.

Each messaging platform has its own privacy policy and terms of service that govern how your data is handled. We recommend reviewing the privacy policies of any messaging platform you use.

5.5 Apple

The App is distributed through the Apple App Store. Apple may collect certain usage data in accordance with their privacy policy, available at apple.com/legal/privacy.

6. Data Retention

We retain your personal data for the following periods:

  • Account information: For the duration of your account plus 3 years after account deletion, or longer if required by law;
  • Transaction and payment records: 10 years from the date of the transaction, as required by Swiss accounting and tax law;
  • Dispute records: 5 years from the resolution of the dispute;
  • Ratings and reviews: Retained indefinitely as part of the platform's trust and safety system, but anonymised upon account deletion;
  • Push notification tokens: Until your account is deleted or you revoke notification permissions;
  • Location data: Not persistently stored beyond the current session;
  • Communications and support tickets: 3 years from the date of the communication.

When your data is no longer required, we will securely delete or anonymise it in accordance with applicable data protection laws.

7. Your Rights Under Swiss Data Protection Law

Under the Swiss Federal Act on Data Protection (nDSG/FADP), you have the following rights regarding your personal data:

  • Right of access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request correction of inaccurate or incomplete data.
  • Right to erasure: You have the right to request deletion of your personal data, subject to our legal retention obligations.
  • Right to restriction: You have the right to request that we restrict the processing of your data in certain circumstances.
  • Right to data portability: You have the right to receive your data in a structured, machine-readable format.
  • Right to object: You have the right to object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you have the right to withdraw it at any time.

To exercise any of these rights, please contact us at support@bounty-labs.com. We will respond within 30 days. We may require proof of identity before processing your request to ensure we are disclosing data to the correct person.

Please note that exercising certain rights (such as erasure or restriction) may limit or prevent your ability to use the Services. For example, if you request erasure of your phone number, you will not be able to receive communications from other users or use payment features.

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch.

8. What We Store and How It Is Secured

8.1 Passwords

Bounty never stores your password. Password authentication is handled exclusively by a certified third-party identity management provider using industry-standard cryptographic hashing and salting. Your password is never transmitted to or stored on Bounty's servers. Even Bounty personnel cannot access or recover your password. If you forget your password, a reset link is sent to your registered email address.

8.2 Payment Card Data

Bounty does not store your full card number, CVV/CVC security code, or any raw payment card data. When you add a card, it is transmitted directly and securely to our payment processor using end-to-end encryption. What Bounty stores in its own database is strictly limited to:

  • Your card brand (e.g. Visa, Mastercard, Amex);
  • The last 4 digits of your card number only;
  • The card expiry month and year;
  • A tokenised payment method reference ID issued by our payment processor;
  • A non-reversible card fingerprint token used solely to detect duplicate card additions.

None of this stored information can be used to make a payment or reconstruct your full card details. All actual card processing is performed by a PCI DSS Level 1 certified payment processor — the highest level of payment security certification available globally.

8.3 Bank Account Data

Bounty does not store your full IBAN or complete bank account details. When you connect a bank account to receive payouts, your full banking credentials are submitted directly to our payment processor through a secure, encrypted onboarding flow operated entirely by the payment processor. What Bounty stores is strictly limited to:

  • The last 4 digits of your IBAN only;
  • A verification status indicator (pending or verified);
  • A tokenised account reference ID.

Your complete bank details are held exclusively by the payment processor under their regulatory and compliance obligations. They are never transmitted to, processed by, or stored on Bounty's infrastructure.

8.4 Profile and Account Data

Your profile information — including your name, email address, phone number, profile photograph, languages, and soft skills — is stored in encrypted cloud infrastructure. Access to this data is restricted through role-based access controls, meaning only the specific automated systems that require it to function can access it. Your profile photograph is stored in encrypted object storage and is only accessible via time-limited, authenticated access tokens.

8.5 Phone Numbers for Direct Communication

Your phone number is stored in our database and is shared with the other party when you claim a Bounty (as a Tasker) or have your Bounty claimed (as a Poster). This sharing is limited to the specific Bounty and is necessary to enable direct communication for task coordination.

We do not control or monitor how the other party uses your phone number once shared, and we are not responsible for any misuse. You should report any harassment or misuse to the relevant messaging platform and to us at support@bounty-labs.com.

8.6 Location Data

Bounty does not persistently store your real-time GPS coordinates. Your device's location is used only in the moment — to display the map, show nearby Bounties, and verify your proximity when starting a job. This data is not written to any permanent database. The only location data we store is the address of a Bounty listing, which is entered manually by the Poster. For information on how location data is transmitted to our mapping provider Mapbox, see Section 5.3.

8.7 Bounty and Transaction Records

All Bounty listings and transaction records are stored in encrypted cloud infrastructure with the following protections:

  • Automatic data replication across multiple geographic availability zones for redundancy and resilience;
  • Continuous automated security monitoring and threat detection;
  • Strict role-based access controls — no single person has unrestricted access to all data;
  • All data transmitted between the App and our servers is encrypted using TLS 1.2 or higher;
  • Automated backups with point-in-time recovery capabilities.

8.8 Security Limitations

While we implement industry-standard security measures across all systems, no technology infrastructure is completely immune to attack or failure. We cannot guarantee absolute security. In the event of a personal data breach that poses a risk to your rights, we will notify the Swiss Federal Data Protection and Information Commissioner (FDPIC) within 72 hours and affected individuals without undue delay, in accordance with applicable Swiss law.

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside Switzerland, including the United States, where our third-party service providers (including Google Firebase, Stripe, and Mapbox) operate their infrastructure. Such transfers are subject to appropriate safeguards, including Standard Contractual Clauses and, where applicable, adequacy frameworks recognised under Swiss law.

By using our Services, you acknowledge that your data may be transferred to these third-party providers in accordance with their respective privacy policies and the safeguards described above.

10. Children's Privacy

The Bounty App is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a person under 18, we will take steps to delete such data as soon as possible. If you believe a minor has provided us with personal data, please contact us at support@bounty-labs.com.

11. Push Notifications

We use Firebase Cloud Messaging (FCM) to send push notifications to your device. These notifications include transactional messages such as Bounty status updates, payment confirmations, and cancellation alerts. Push notifications are sent in your device's system language (English, French, or Spanish where supported).

You can manage push notification permissions through your device settings. Disabling push notifications may affect your ability to respond to time-sensitive Bounty actions within the required windows.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes through the App or by email. The date of the most recent revision is indicated at the top of this policy.

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Services and may request deletion of your account.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact:

Bounty-labs

Email: support@bounty-labs.com

Website: www.bounty-labs.com

We aim to respond to all privacy-related enquiries as soon as possible.

InvestorsContact
© 2026 Bounty Labs. All Rights Reserved.
ENG
FR
Terms Of UsePrivacy Policy