Bridge Privacy Policy
Effective Date: 01/11/2026
This Privacy Policy describes how Bridge LTD (“Bridge,” “we,” “us,” or “our”) collects, uses, and protects personal information in connection with the Bridge platform.
1. Information We Collect
We collect the following categories of personal information:
- Identifiers (name, email address)
- Transaction data (order history, receipts)
- Device and usage data (device identifiers, IP address)
- Location data (if enabled)
We do not store payment card numbers. Payment information is tokenized and processed by Stripe.
2. How We Use Information
We process personal data for the following purposes:
- Providing and operating the Services;
- Processing payments and orders;
- Fraud prevention and security;
- Compliance with legal obligations;
- Improving and analyzing platform performance;
- Communicating transactional and service‑related messages.
3. Legal Bases for Processing
We process personal information based on:
- Performance of a contract;
- Legitimate business interests;
- Compliance with legal obligations;
- User consent, where required.
4. Data Sharing
We share personal data with:
- Payment processors (Stripe);
- Cloud and infrastructure providers (AWS);
- Platform providers (Apple);
- Service providers supporting analytics, security, and customer support.
A current list of subprocessors is maintained at [privacy page URL].
5. Data Storage and Transfers
Data is stored in AWS U.S. regions. If data is transferred internationally, appropriate safeguards such as Standard Contractual Clauses are used.
6. Data Retention
Transaction records are retained for up to seven (7) years. User accounts and payment tokens are deleted within ninety (90) days of account closure unless retention is required for legal or fraud‑prevention purposes.
7. Security
We employ administrative, technical, and physical safeguards including:
- TLS 1.3 encryption in transit;
- AES‑256 encryption at rest;
- Role‑based access controls;
- Annual penetration testing;
- Incident‑response procedures consistent with NIST SP 800‑61.
8. Your Privacy Rights
Depending on your jurisdiction, you may have the right to:
- Access, correct, or delete your personal information;
- Opt out of targeted advertising or profiling;
- Appeal decisions regarding privacy requests.
Colorado residents may exercise rights under the Colorado Privacy Act.
Requests may be submitted to privacy@bridgehospitalityltd.com. Identity verification is required.
9. Children’s Privacy
Bridge is not intended for individuals under 21 years of age, and we do not knowingly collect data from minors.
10. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated through the Services.
11. Contact Us
For questions or concerns regarding this Privacy Policy, contact: admin@bridgehospitalityltd.com
