What can I do about this clause?

{'method': 'IN_APP', 'recipient': 'Bumble app settings or bumble.com/privacy-policy', 'difficulty': 'EASY', 'action_type': 'DELETE_DATA', 'instructions': 'In the Bumble app, go to Settings, select the privacy or data section, and submit a request to delete your account and associated personal data. You can also contact Bumble directly using the Contact Us link in the privacy policy.', 'deadline_days': None, 'deadline_hours': None} {'method': 'IN_APP', 'recipient': 'Bumble app settings or bumble.com/privacy-policy', 'difficulty': 'EASY', 'action_type': 'EXPORT_DATA', 'instructions': 'In the Bumble app, navigate to Settings and find the option to download or export your personal data; this allows you to see what information Bumble holds about you before deciding whether to request deletion.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has authority over companies that fail to honor stated privacy commitments and data subject rights under Section 5 of the FTC Act', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': 'California Privacy Protection Agency and state attorneys general in CCPA/CPRA-subject jurisdictions have enforcement authority over data subject rights obligations', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this User Rights Under GDPR and CCPA clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar User Rights Under GDPR and CCPA clauses across approximately 2 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

User Rights Under GDPR and CCPA — Bumble

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Bumble Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

Bumble acknowledges a broad set of data subject rights including the right to access, correct, delete, port, restrict, and object to processing of your personal information, as well as rights specific to California residents under CCPA/CPRA.

ⓘ

This analysis describes what Bumble's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

These rights give you meaningful control over your personal data on the platform, including the ability to request deletion of your entire profile and data history, which is particularly important given the sensitive nature of dating app data.

Recent Activity

This document changed recently

Medium Apr 19, 2026

Bumble's privacy policy previously disclosed that the company operates servers in the US, UK, and EU. The updated policy removes the UK from this list, stating only US and EU servers. For UK-based us…

Medium Mar 21, 2026

UK users may experience a change in data storage and processing infrastructure. The updated policy discloses that servers in the UK are no longer part of Bumble's stated network, meaning UK user data…

Consumer impact (what this means for users)

EU, UK, and California users have legally backed rights to access, delete, and export their Bumble data; exercising the right to erasure removes your profile and associated data from Bumble's systems, which is a significant privacy protection given the sensitive nature of the information collected.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

In the Bumble app, go to Settings, select the privacy or data section, and submit a request to delete your account and associated personal data. You can also contact Bumble directly using the Contact Us link in the privacy policy.
Export Your Data

In the Bumble app, navigate to Settings and find the option to download or export your personal data; this allows you to see what information Bumble holds about you before deciding whether to request deletion.

How other platforms handle this

Grammarly Medium

If you are located in the EEA, UK, or Switzerland, you have certain rights with respect to your personal information, including the right to access your personal data, to correct or delete your personal data, to restrict processing of your personal data, to data portability, and to object to process...

TransUnion Medium

Depending on where you live, you may have certain rights with respect to your personal information. These rights may include: The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected i...

Waze Medium

If you are located in the European Economic Area or the United Kingdom, you have certain rights under applicable data protection laws, including the right to access, correct, or delete your personal data, the right to object to or restrict processing, and the right to data portability. You may also ...

See all platforms with this clause type →

Monitoring

Bumble has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
Your Rights ... Right to be informed ... Right to access ... Right to rectify ... Right to data portability ... Right to erase ... Right to restrict or object ... Right to complain ... Rights related to automated decision-making, including profiling ... Do You Live in California?

— Excerpt from Bumble's Bumble Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: The rights enumerated in this section derive from GDPR Articles 13-22 (for EU users), UK GDPR (for UK users), and CCPA/CPRA Sections 1798.100-1798.125 (for California users). GDPR imposes a 30-day response deadline for data subject access requests (extendable by two months in complex cases), and CCPA imposes a 45-day response period. The California Privacy Protection Agency and ICO are the primary enforcement authorities; non-compliance with data subject request obligations is an area of active regulatory focus. GOVERNANCE EXPOSURE: Medium. The enumeration of rights in the policy is consistent with GDPR and CCPA requirements, but the operational adequacy of Bumble's request handling infrastructure (response times, identity verification processes, and exception handling) is a compliance variable not assessed from the policy text alone. Incomplete or delayed responses to data subject requests are a common source of regulatory findings. JURISDICTION FLAGS: EU users have the most comprehensive set of rights under GDPR, including the right to object to profiling and rights related to automated decision-making. UK users have equivalent rights under UK GDPR. California users have CPRA rights including the right to limit use of sensitive personal information. Users in Virginia, Colorado, Connecticut, and other US states with comprehensive privacy laws may have additional rights not specifically enumerated in this policy. CONTRACT AND VENDOR IMPLICATIONS: Exercising data subject rights, particularly erasure requests, may require coordinated action across all third-party processors and sub-processors who hold copies of the user's data. Bumble's vendor contracts should include obligations on processors to assist with data subject rights fulfillment within the regulatory deadline. COMPLIANCE CONSIDERATIONS: Compliance teams should audit the data subject request handling process end-to-end, verify that response time tracking and escalation procedures meet GDPR and CCPA statutory deadlines, and ensure that erasure requests result in deletion across all systems including backups within permissible timeframes. The identity verification process for requests should be proportionate and not create unnecessary barriers to rights exercise.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

FTC

The FTC has authority over companies that fail to honor stated privacy commitments and data subject rights under Section 5 of the FTC Act
File a complaint →
State AG

California Privacy Protection Agency and state attorneys general in CCPA/CPRA-subject jurisdictions have enforcement authority over data subject rights obligations
File a complaint →

Applicable regulations

Connecticut Data Privacy Act Amendments

US-CT

CAN-SPAM

United States Federal

FTC Act Section 5

United States Federal

GDPR

European Union

Indiana Consumer Data Protection Act

US-IN

Kentucky Consumer Data Protection Act

US-KY

UK GDPR

United Kingdom

Universal Opt-Out Mechanism Expansion 2026

VPPA

United States Federal

Provision details

Document information

Document

Bumble Privacy Policy

Entity

Bumble

Document last updated

May 5, 2026

Tracking information

First tracked

May 8, 2026

Last verified

May 10, 2026

Record ID

CA-P-008870

Document ID

CA-D-00226

Evidence Provenance

Source URL

https://bumble.com/en-us/privacy

Wayback Machine

View archived versions →

Content hash (SHA-256)

153d9cef35ab9e19783ae3daf7974b1910d07757a2ebe88355cad6dcb863fcdd

Analysis generated

May 8, 2026 00:09 UTC

Methodology

summarize_document-v8

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Bumble
Document: Bumble Privacy Policy
Record ID: CA-P-008870
Captured: 2026-05-08 00:09:56 UTC
SHA-256: 153d9cef35ab9e19…
URL: https://conductatlas.com/platform/bumble/bumble-privacy-policy/user-rights-under-gdpr-and-ccpa/
Accessed: May 13, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Biometric and ID Verification Data Collection high
Geolocation Data Collection medium
Automated Decision-Making and Profiling medium
Third-Party Data Sharing with Service Providers medium
Cross-Border Data Transfers medium
Message and Communication Content Collection medium

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Bumble's User Rights Under GDPR and CCPA clause do?

How does this clause affect you?

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.

Is ConductAtlas affiliated with Bumble?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Bumble.