Bound Mama Ltd is the Data Controller for the personal data collected through boundmama.com. We are registered in England and Wales, with our registered office at 86–90 Paul St, London EC2A 4NE.
For any questions about how we handle your data, or to exercise any of your rights, you can contact us at support@boundmama.com. We aim to respond to all data-related requests within one month of receipt.
Bound Mama Ltd is registered with the Information Commissioner's Office (ICO) as a data controller. If you are unhappy with how we have handled your data, you have the right to lodge a complaint directly with the ICO at ico.org.uk or by calling 0303 123 1113.
We collect personal data from two categories of users: mothers using the platform to find a doula, and doulas registering to provide services through Bound. The data collected differs by category.
When you use the platform, we also collect standard technical data including your IP address, browser type, device type, and pages visited. This data is used solely for maintaining and improving the platform and is not used to identify you individually.
Some of the data we collect about mothers falls under the definition of special category data under UK GDPR. This includes information about your pregnancy, your health conditions, your birth history (including pregnancy loss or previous C-sections), and any reproductive health information you choose to share.
We only collect this data with your explicit consent. Before submitting your intake questionnaire, you will be asked to confirm that you consent to Bound collecting and processing this information for the purpose of finding you the most suitable doula. You can withdraw this consent at any time by contacting us at support@boundmama.com, at which point we will delete your special category data and cease processing it. Withdrawing consent may affect our ability to provide you with the matching service.
Special category data is stored securely in our database, is accessible only to authorised personnel at Bound, and is shared with a matched doula solely for the purpose of providing you with appropriate support. It is never shared with third parties for marketing or any other commercial purpose.
We collect and process personal data for the following purposes, each with a corresponding legal basis under UK GDPR.
We process your personal data to match you with the most suitable doula based on your location, availability, preferences, and experience requirements. The legal basis is performance of a contract: this processing is necessary to deliver the service you have paid for.
We use your email address and payment reference to manage your subscription. The legal basis is performance of a contract.
We send you emails relating to your account status, your match, and your onboarding. The legal basis is performance of a contract.
Where we collect information about your health, pregnancy, or birth history, the legal basis is explicit consent, which you provide at the point of submitting your intake questionnaire.
We may use anonymised and aggregated data to improve the matching algorithm and the quality of the service. No individual is identifiable from this data. The legal basis is legitimate interests.
We do not sell your data. We share it only in the following circumstances.
When a match is confirmed, the doula receives your first name, estimated due date, London borough, birth preferences, and the support requirements relevant to your match. This is the minimum necessary for her to provide you with appropriate support. Your full address, date of birth, and payment details are never shared with a doula.
We share data with the processors listed in Section 6, who handle it on our behalf under contractual obligations that require them to protect it in accordance with UK GDPR.
We may disclose personal data if required to do so by law, or in response to a valid request from a public authority.
The following third-party services process personal data on behalf of Bound Mama Ltd. Each has been selected on the basis that it provides appropriate technical and contractual data protection measures.
Note for Jove: the processor names below are underlined with a dashed line. Please confirm the exact legal entity name, the data storage region, and whether a Data Processing Agreement is in place for each. Update the document accordingly before it is published.
Supabase Inc. — we use Supabase to store all user data collected through the platform, including mother profiles, doula profiles, match records, and scoring data. Please confirm: which data centre region is active for the Bound project, and confirm a DPA is signed with Supabase before publishing this policy.
Stripe, Inc. — all subscription payments are processed by Stripe. Bound does not store card details; Stripe handles payment data in accordance with PCI DSS standards and its own privacy policy. Stripe stores data in the United States under Standard Contractual Clauses.
Loops (Loops Technologies, Inc.) — automated email communications, including welcome emails and match confirmation emails, are sent via Loops. Please confirm: which data centre region Loops uses, and whether a DPA is in place.
Lovable (confirm legal entity name with Jove) — the platform interface is built and hosted via Lovable. Please confirm the data storage region and whether a DPA is signed before publishing.
Bound Mama Ltd is a UK-registered company and we process data in accordance with UK GDPR. We aim to store all personal data within the United Kingdom or the European Economic Area. Where data is processed outside these regions (for example, by US-based processors such as Stripe), we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the ICO.
Note for Jove: once you have confirmed the Supabase and Loops data centre regions, this section should be updated to name those regions explicitly.
We retain personal data only for as long as is necessary for the purpose for which it was collected.
Once the applicable retention period expires, data is permanently deleted from all systems, including our database and any backups. Requests for early deletion will be honoured within one month, except where we are required by law to retain certain records.
As a UK data subject, you have the following rights in relation to your personal data. To exercise any of these rights, contact us at support@boundmama.com. We will respond within one month and there is no charge for making a request.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Bound Mama Ltd will notify the ICO within 72 hours of becoming aware of the breach, as required by UK GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, explaining what happened, what data was involved, the likely consequences, and the steps we are taking to address it.
This website uses cookies and similar tracking technologies. For full details of what cookies are set, why, and how to manage them, please refer to our separate Cookie Policy, available at boundmama.com/cookie-policy.
We may update this privacy policy from time to time. When we do, we will revise the date at the top of this document and, where the changes are material, notify active users by email. We encourage you to review this policy periodically. Continued use of the platform following notification of changes constitutes acceptance of the updated policy.