This Privacy Policy describes how The BonusBridge LLC ("BonusBridge," "we," "us," or "our") collects, uses, and protects information in connection with the BonusBridge platform and website (thebonusbridge.com). By using BonusBridge, you agree to the practices described in this policy.
1. Who We Are
The BonusBridge LLC is a Minnesota limited liability company that provides a software-as-a-service platform for administering employee bonus agreements. Our platform is used by organizations ("issuers") to manage bonus agreements with their employees and contractors ("recipients").
For questions about this policy, contact us at: info@thebonusbridge.com
2. Information We Collect
Information provided by issuers (organizations)
- Organization name, contact information, and billing details
- Authorized user names, email addresses, and role assignments
- Agreement terms, financial figures, and document uploads
- Recipient information entered into the platform, including names, email addresses, employment details, and agreement data
Information provided by recipients (employees and contractors)
- Name, work email, personal email, mobile phone, and mailing address
- Password created during onboarding
- Acknowledgment of agreement terms (timestamped)
- Contact information updates made through the recipient portal
Information collected automatically
- Login timestamps and session activity
- Portal access events (invite sent, first login, acknowledgment, contact updates)
- Browser type and IP address for security and fraud prevention
3. How We Use Information
We use the information we collect to:
- Provide and operate the BonusBridge platform
- Generate amortization schedules and calculate imputed income figures
- Send transactional emails (invitations, password resets, departure notices)
- Maintain the audit trail required for compliance documentation
- Respond to support requests and communicate about your account
- Improve the platform and diagnose technical issues
We do not use personal information for advertising purposes. We do not sell personal information to third parties. We do not use personal information to build advertising profiles.
4. How We Share Information
We share information only as follows:
With issuers
Issuers have access to all data about recipients within their own organization. Issuers do not have access to data from other organizations on the platform.
With service providers
We use the following service providers to operate the platform. Each is bound by confidentiality and data protection obligations:
- Supabase — database hosting and authentication (US-based, AWS infrastructure)
- Vercel — application hosting and delivery
- Resend — transactional email delivery
- DocuSign — electronic signature services (BonusBridge + DocuSign clients only)
When required by law
We may disclose information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
5. Data Storage and Security
All data is stored in the United States on Supabase-managed infrastructure hosted on Amazon Web Services (AWS us-east-2). We implement the following security measures:
- Encryption at rest (AES-256) and in transit (TLS 1.2 minimum)
- Row-level security policies that prevent cross-tenant data access at the database layer
- JWT-based authentication with configurable session expiration
- Single-use magic links for recipient onboarding that expire after 24 hours
- bcrypt password hashing via Supabase Auth
No security system is perfect. In the event of a data breach that affects your personal information, we will notify affected parties as required by applicable law.
6. Data Retention
We retain data for the duration of the client relationship. When a client account is terminated, we will delete or return data upon written request within 30 days, unless we are required to retain it by law. Audit trail records may be retained longer where required for legal or compliance purposes.
Recipients may request deletion of their personal data by contacting their employer (the issuer) or by emailing us directly at info@thebonusbridge.com. Please note that certain records may need to be retained to fulfill legal obligations or resolve disputes.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access — request a copy of the personal information we hold about you
- Correction — request that inaccurate information be corrected
- Deletion — request that your personal information be deleted (subject to legal retention requirements)
- Portability — request your data in a machine-readable format
- Objection — object to certain uses of your personal information
To exercise any of these rights, contact us at info@thebonusbridge.com. We will respond within 30 days.
8. Cookies
BonusBridge uses session cookies necessary for authentication and platform functionality. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. You may disable cookies in your browser settings, but doing so will prevent you from logging in to the platform.
9. Children's Privacy
BonusBridge is a business-to-business platform intended for use by organizations and their employees. We do not knowingly collect personal information from individuals under the age of 18. If you believe a minor has submitted information through our platform, please contact us and we will promptly delete it.
10. California Privacy Rights
California residents may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your California privacy rights, contact us at info@thebonusbridge.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify active users by email. Your continued use of BonusBridge after any changes constitutes acceptance of the updated policy.
12. Contact
If you have questions about this Privacy Policy or how we handle your information, please contact us:
The BonusBridge LLC
Email: info@thebonusbridge.com
Website: thebonusbridge.com