← Back to Home

Data Protection Policy

Last updated: December 23, 2025

1. Data Controller

Bonus App ("we", "us", "our") operates bonus-app.net. We are committed to protecting your privacy and personal data.

2. Data We Collect

2.1 Information You Provide

When you sign up for our service, we collect:

• Email address
• Username
• Password (encrypted)
• Newsletter preferences
• Push notification preferences

2.2 Automatically Collected Data

We automatically collect certain information when you use our website:

• IP address and geolocation data (country, region, city)
• Browser type, version, and language settings
• Operating system and device information
• Unique device identifiers and mobile advertising IDs
• Cookies and similar tracking technologies
• Pages visited, session duration, and interaction data

2.3 Push Notification Data

If you subscribe to push notifications, we collect and process:

• Browser push subscription endpoint
• Device tokens and push notification identifiers
• Notification delivery and interaction data (opened, clicked, dismissed)
• Time zone and notification preferences
• Cross-device identifiers for unified messaging

3. How We Use Your Data

We use your personal data to:

• Provide access to our blog and services
• Send newsletters and updates (if you opted in)
• Deliver push notifications about new content and updates (with your consent)
• Analyze user behavior and improve our services
• Personalize content and notifications based on your interests
• Measure engagement and notification effectiveness
• Prevent fraud and ensure security
• Comply with legal obligations

3.1 Legal Basis for Processing (GDPR)

We process your personal data based on:

• Consent: Push notifications, newsletters, and marketing communications
• Contract performance: Account management and service delivery
• Legitimate interests: Service improvement, analytics, and security
• Legal obligations: Compliance with applicable laws

4. Data Sharing and Third-Party Services

We do not sell your personal data. We may share data with trusted service providers who assist us in operating our website and services:

4.1 Push Notification Service - OneSignal

We use OneSignal, Inc. (based in San Mateo, California, USA) to deliver push notifications. When you subscribe to notifications, OneSignal processes:

• Your IP address and approximate location
• Device and browser information
• Push subscription tokens and identifiers
• Notification interaction data (views, clicks, conversions)
• Session data and usage patterns

OneSignal may use this data for:

• Delivering push notifications on our behalf
• Analytics and reporting on notification performance
• Creating predictive models to improve engagement
• Cross-device user identification (using hashed identifiers)

Data Retention: OneSignal retains personal data for a maximum of 30 days, after which it is deleted from their servers.

OneSignal's Privacy Policy: https://onesignal.com/privacy_policy

Data Transfer: OneSignal is based in the USA and participates in the EU-U.S. Data Privacy Framework (DPF). Data transfers are protected by Standard Contractual Clauses (SCCs).

4.2 Other Service Providers

• Email delivery services
• Analytics providers
• Hosting and infrastructure providers

4.3 Legal Disclosures

We may disclose your information to legal authorities when required by law, to enforce our terms, or to protect our rights and safety.

5. Your Rights

Under GDPR, CCPA, and applicable data protection laws, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Object: Object to data processing based on legitimate interests
• Restriction: Request limited processing of your data
• Portability: Receive your data in a structured, machine-readable format
• Withdraw consent: Revoke consent at any time without affecting prior processing
• Opt-out of targeted advertising: Disable personalized notifications and marketing

5.1 Managing Push Notifications

You can control push notifications at any time:

• Browser settings: Manage notification permissions in your browser settings (Chrome, Firefox, Safari, Edge)
• Device settings: Control notifications through your device's notification center
• Unsubscribe: Click "unsubscribe" in any notification or in your account settings
• OneSignal opt-out: Visit your browser's site settings to revoke notification permission for our site

Note: Disabling push notifications will not affect your account or access to our services.

5.2 Exercising Your Rights

To exercise any of these rights, contact us at: privacy@bonus-app.net

We will respond to your request within 30 days (or as required by applicable law).

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the United States.

6.1 Transfers to the United States (OneSignal)

OneSignal, Inc. is based in the United States. When you subscribe to push notifications, your data is transferred to and processed in the USA. These transfers are protected by:

• EU-U.S. Data Privacy Framework (DPF): OneSignal participates in the DPF, ensuring adequate protection for EU data
• Standard Contractual Clauses (SCCs): EU Commission-approved contractual terms for international data transfers
• UK Extension to the DPF: Covering transfers from the United Kingdom
• Swiss-U.S. DPF: Covering transfers from Switzerland

6.2 Your Rights Regarding International Transfers

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have the right to:

• Request information about the safeguards in place for your data transfers
• Obtain a copy of the Standard Contractual Clauses
• Object to the transfer of your data to countries outside your jurisdiction

Contact us at privacy@bonus-app.net to exercise these rights.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit (HTTPS/TLS)
• Secure password hashing and storage
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Contractual obligations with service providers (including OneSignal) to protect your data

8. Cookies and Tracking Technologies

We use cookies, web beacons, local storage, and similar technologies to enhance user experience and deliver our services.

8.1 Types of Cookies We Use

• Essential cookies: Required for website functionality and account access
• Analytics cookies: Help us understand how visitors interact with our website
• Notification cookies: Store push notification subscription data and preferences
• Preference cookies: Remember your settings and personalization choices

8.2 OneSignal Tracking

OneSignal uses the following tracking technologies:

• Browser cookies to identify returning users
• Local storage for push subscription data
• Service Worker scripts for notification delivery
• Device fingerprinting for cross-device tracking
• Web beacons to track notification interactions

8.3 Managing Cookies

You can control cookies through your browser settings:

• Block all cookies (may affect website functionality)
• Delete existing cookies
• Accept/reject cookies on a per-site basis

For more information, see our Cookie Policy.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Account data: Retained until account deletion or 2 years of inactivity
• Newsletter data: Retained until you unsubscribe
• Push notification data: Retained by OneSignal for maximum 30 days, then automatically deleted
• Analytics data: Aggregated and anonymized after 24 months
• Legal compliance data: Retained as required by applicable laws

10. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@bonus-app.net.

11. Changes to This Policy

We may update this Data Protection Policy from time to time. We will notify you of material changes by:

• Posting a notice on our website
• Sending an email to registered users
• Sending a push notification (if subscribed)

Your continued use of our services after such changes constitutes acceptance of the updated policy.

12. Contact & Data Protection Officer

For privacy concerns, data subject requests, or questions about this policy, contact us at:

• Email: privacy@bonus-app.net
• Data Protection Officer: dpo@bonus-app.net

If you are in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

---

Back to Home | Terms of Service | Cookie Policy