Legal Center Navigation

Privacy Policy

Last Updated: February 26, 2026

1. Introduction

Murdock Solutions LLC d/b/a BonusBell ("BonusBell," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use www.bonusbell.com and related services (collectively, the "Platform").

BonusBell provides gambling-related informational tools, educational resources, odds comparison, calculators, and AI-powered assistance. We are not a gambling operator — we do not accept wagers, process gambling transactions, or operate any games of chance involving real money.

By using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform. This Privacy Policy is incorporated into and subject to our Terms of Service.

2. Definitions

  • "Personal Information" means information that identifies, relates to, or could reasonably be linked to you or your household, as defined under applicable state privacy laws.
  • "Processing" means any operation performed on Personal Information, including collection, use, storage, disclosure, and deletion.
  • "Service Provider" means a third party that processes Personal Information on our behalf pursuant to a written contract.
  • "Bella AI" means our AI-powered assistant feature, which processes conversations through the Google Gemini API.
  • "Practice Games" means our educational simulation games that use virtual currency with no real-money value.

3. Information We Collect

In plain English: We collect what you give us (account info, messages), what your device tells us automatically (IP, browser, cookies), and limited data from sign-in services. We never see your credit card number — Stripe handles all payments.

Information You Provide Directly

  • Account Information: Email address, password, display name, profile photo
  • Profile Data: State/location, gambling preferences, linked platform accounts, social links
  • Bella AI Conversations: Messages you send to and responses you receive from our AI assistant. These conversations are processed through Google's Gemini API. See Section 8 for details.
  • Responsible Gaming Data: Self-exclusion selections, PGSI (Problem Gambling Severity Index) self-assessment responses, activity limit preferences, and session duration settings
  • User Content: Posts, picks, comments, ratings, and other content you submit
  • Communications: Support tickets, feedback, contact form submissions, and email correspondence
  • Age Verification: Confirmation that you are 21 years of age or older
  • Payment Information: Subscription billing is handled entirely by Stripe, Inc. We never receive, process, or store your full credit card number, CVV, or banking details. We receive only a payment token, subscription status, and transaction metadata from Stripe.

Information Collected Automatically

  • Device Data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences
  • Usage Data: Pages viewed, features used, click patterns, session duration, referring URLs, and navigation paths
  • Location Data: General geographic location (state and country level) derived from your IP address via ip-api.com — used to display platforms available in your state. We do not collect precise GPS location.
  • Push Notification Tokens: If you opt in to push notifications, we store Firebase Cloud Messaging (FCM) tokens to deliver notifications to your device
  • Client-Side Storage: We use localStorage (calculator settings, theme preference, UI state) and sessionStorage (temporary form data) in your browser. This data remains on your device and is not transmitted to our servers unless you explicitly submit it.
  • Practice Game Data: Game selections, simulated bet amounts, and strategy choices within our Practice Games are processed entirely client-side using your browser's Web Crypto API. This data is not transmitted to or stored on our servers.
  • Cookies and Similar Technologies: See Section 6 for detailed cookie information
  • Log Data: Server logs including access times, error reports, and request metadata, retained for 30 days

Information from Third Parties

  • OAuth Providers: If you sign in via Google or Apple (coming soon), we receive your email address, name, and profile photo from the OAuth provider. We do not receive your password.
  • Analytics Services: Aggregated and anonymized usage data from Google Analytics 4 and Vercel Analytics
  • Referral Data: Information about how you were referred to our Platform (e.g., UTM parameters, referring domains)

4. How We Collect Information

We collect information through the following methods:

  • Direct Collection: When you create an account, update your profile, use Bella AI, submit content, contact support, or subscribe to Pro
  • Automated Collection: Through cookies, server logs, analytics tools, and similar technologies as you interact with the Platform
  • Third-Party Sources: From OAuth authentication providers (Google, Apple), analytics services, and referral tracking
  • Derived Data: We derive your state location from your IP address to display jurisdiction-appropriate platform availability. This is an automated process — see Section 11 for your rights regarding automated decisions.

5. How We Use Your Information

We use your information for the following purposes:

Service Provision

  • Create, maintain, and secure your account
  • Provide personalized platform recommendations based on your state and preferences
  • Process Bella AI conversations through the Google Gemini API
  • Deliver push notifications (if you opt in)
  • Process subscription payments through Stripe
  • Manage responsible gaming features (self-exclusion, activity limits, PGSI assessments)

Communication

  • Send transactional emails (account verification, password resets, subscription confirmations)
  • Respond to support inquiries and feedback
  • Send marketing communications (with your consent; you may opt out at any time)

Improvement and Analytics

  • Analyze usage patterns to improve the Platform
  • Monitor performance, uptime, and error rates
  • Conduct A/B testing and feature development

Legal and Safety

  • Enforce our Terms of Service and prevent fraud or abuse
  • Comply with legal obligations, including tax and regulatory requirements
  • Protect the rights, safety, and property of BonusBell, our users, and the public

6. Cookies and Tracking Technologies

In plain English: We use a small number of cookies to keep you logged in, remember your preferences, and understand how people use BonusBell. You can disable analytics and marketing cookies — but essential cookies are required for the site to function.

We use the following categories of cookies and tracking technologies:

CategoryTechnologyPurposeDurationCan Disable?
EssentialFirebase Auth sessionAuthenticationSessionNo
EssentialCookie consentRemember consent choice1 yearNo
AnalyticsGoogle Analytics (_ga, _gid)Usage analyticsUp to 2 yearsYes
AnalyticsVercel AnalyticsPerformance metricsSessionYes
MarketingGoogle Tag ManagerTag managementSessionYes
FunctionalTheme preferenceDark/light modePersistentYes

Global Privacy Control (GPC)

We honor the Global Privacy Control (GPC) browser signal. If your browser sends a GPC signal, we will treat it as a valid opt-out of the "sale" or "sharing" of your Personal Information under applicable state privacy laws, including the California Consumer Privacy Act and the Colorado Privacy Act.

Do Not Track (DNT)

There is currently no universally accepted standard for how to respond to Do Not Track (DNT) browser signals. We do not currently respond to DNT signals. However, you may opt out of analytics tracking via your cookie preferences or by using the Global Privacy Control.

For additional cookie details, see our Data Policy.

7. How We Share Your Information

In plain English: We share data only with services that help run BonusBell (hosting, email, payments, AI). We never sell your personal data. When you click an affiliate link, the gambling platform may receive a tracking identifier — but never your name, email, or account details.

Service Providers

We share information with third-party service providers who perform services on our behalf. These providers are contractually obligated to protect your information and may only use it for the purposes specified in our agreements. See Section 8 for a complete list.

Affiliate Partners

When you click an affiliate link on BonusBell, the destination platform may receive a tracking identifier (such as a click ID or campaign code) for commission attribution purposes. We do not share your Personal Information (name, email, account details) with gambling operators or affiliate partners without your explicit consent.

Legal Requirements

We may disclose your information if required by law, subpoena, court order, or governmental authority, or if we believe disclosure is reasonably necessary to protect our rights, your safety, or the safety of others; prevent fraud; or respond to a government request.

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your Personal Information may be transferred as part of the transaction. We will notify you via email and/or prominent Platform notice before your information is subject to a different privacy policy.

With Your Consent

We may share information for other purposes with your explicit consent.

We do NOT sell your Personal Information to third parties for their marketing purposes. We do NOT share your Personal Information for cross-context behavioral advertising.

8. Third-Party Services

The following third-party services process data in connection with the Platform:

ServiceData SharedPurpose
Firebase / Firestore (Google)Account data, usage data, FCM tokensAuthentication, database, push notifications
Google Gemini APIBella AI conversation textAI assistant processing
Stripe, Inc.Payment token (no raw card data)Subscription billing (PCI DSS Level 1)
Google Analytics 4Anonymized usage dataAnalytics
VercelPerformance data, IP (anonymized)Hosting, edge delivery, analytics
SendGrid (Twilio)Email address, nameTransactional and marketing emails
The Odds APINone (inbound data only)Sports odds data provider
ip-api.comIP addressGeolocation (state detection)
Google / Apple OAuth (coming soon)Auth tokens, email, profileSocial sign-in authentication

Each third-party service processes data under its own privacy policy. We encourage you to review their policies. BonusBell is not responsible for the privacy practices of third-party services.

9. Data Retention

In plain English: We keep your data only as long as needed. Account info goes away within 30 days of deletion. Bella AI chats disappear when you clear them. Self-exclusion records are permanent (that's by design — to protect you). Payment records stay for 7 years because tax law requires it.

Data TypeRetention PeriodLegal Basis
Account informationUntil deletion request + 30 daysService provision
Bella AI conversationsUntil you clear them or delete your accountUser control
Self-exclusion recordsPermanent (irreversible by design)Responsible gaming obligation
PGSI assessment dataUntil account deletionResponsible gaming
Subscription / payment records7 years after last transactionTax and legal compliance
Server logs30 daysSecurity and debugging
Analytics data (GA4)26 monthsAnalytics retention setting
FCM push tokensUntil you unsubscribe or delete your accountService provision
Cookie consent preferences1 yearLegal compliance
Practice game dataClient-side only (never transmitted)N/A — stays on your device

After account deletion, some anonymized or aggregated data may be retained for analytics purposes. Anonymized data cannot be linked back to you.

10. Data Security

We implement reasonable administrative, technical, and physical security measures to protect your information, including:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
  • Encryption at rest: Data stored in Firebase/Firestore is encrypted at rest using AES-256 via Google Cloud Platform
  • PCI DSS Level 1 compliance: All payment processing is handled by Stripe, which maintains PCI DSS Level 1 certification. BonusBell never receives or stores raw credit card data.
  • Authentication security: Passwords are hashed using industry-standard algorithms. We support OAuth-based authentication (Google, Apple — coming soon) as an alternative to password-based login.
  • Access controls: Role-based access controls limit employee and administrator access to Personal Information on a need-to-know basis
  • Infrastructure: Our Platform is hosted on Vercel and Google Cloud Platform, both of which maintain SOC 2 Type II certifications

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

Data Breach Notification

In the event of a data breach that compromises your Personal Information, we will:

  • Notify affected users via email and/or prominent Platform notice
  • Comply with applicable state breach notification laws, including Virginia (Va. Code § 18.2-186.6 — notification without unreasonable delay, not to exceed 60 days from discovery)
  • Provide a description of the breach, the types of information involved, steps we are taking, and contact information for questions
  • Notify applicable state attorneys general as required by law

11. Your Privacy Rights

In plain English: No matter where you live in the US, you can access, correct, or delete your data. Many states give you additional rights like data portability and the right to opt out. We never discriminate against you for exercising your privacy rights.

Universal Rights (All Users)

Regardless of your state of residence, you have the right to:

  • Access: Request a copy of the Personal Information we hold about you
  • Correction: Request correction of inaccurate Personal Information via your settings or by contacting us
  • Deletion: Request deletion of your account and associated data by contacting privacy@bonusbell.com or through your Dashboard settings. We will process your request within 30 days.
  • Opt-Out of Marketing: Unsubscribe from marketing emails at any time by clicking "unsubscribe" in any email or updating your notification preferences
  • Push Notification Control: Disable push notifications through your device settings or Dashboard preferences

Automated Decision-Making

We use automated processing to determine your state location from your IP address, which affects which gambling platforms are displayed as available to you. This is an informational display — it does not prevent you from accessing any feature of BonusBell itself. You may manually select a different state in your profile settings.

Exercising Your Rights

To exercise any privacy right, contact us at privacy@bonusbell.com. We will verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

12. California Privacy Rights (CCPA/CPRA)

In plain English: California residents get extra rights under the CCPA: you can see exactly what data we have, tell us to delete it, and opt out of any "sale" (though we don't sell your data). We respond within 45 days.

If you are a California resident, you have rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA, Cal. Civ. Code § 1798.100 et seq.):

Categories of Information Collected

  • Identifiers: Email address, IP address, display name, account ID
  • Commercial Information: Subscription history, transaction records (via Stripe)
  • Internet/Electronic Activity: Browsing history on the Platform, interaction data, search history
  • Geolocation Data: State-level location derived from IP address
  • Inferences: Platform preferences, state availability filtering

Your CCPA/CPRA Rights

  • Right to Know / Access: Request the categories and specific pieces of Personal Information we have collected about you
  • Right to Delete: Request deletion of your Personal Information
  • Right to Correct: Request correction of inaccurate Personal Information
  • Right to Opt-Out of Sale/Sharing: We do not sell your Personal Information. We do not share your Personal Information for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Information: We do not use sensitive personal information for purposes beyond what is necessary to provide the services
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights

How to Exercise: Contact us at privacy@bonusbell.com with the subject line "CCPA Request." We will verify your identity and respond within 45 days (with one 45-day extension if necessary).

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. The agent must provide proof of authorization (such as a signed letter or power of attorney).

13. Virginia Privacy Rights (VCDPA)

If you are a Virginia resident, you have rights under the Virginia Consumer Data Protection Act (Va. Code § 59.1-575 et seq.):

  • Right to Access: Confirm whether we are processing your Personal Information and access that data
  • Right to Correct: Correct inaccuracies in your Personal Information
  • Right to Delete: Request deletion of your Personal Information
  • Right to Data Portability: Obtain a copy of your Personal Information in a portable, readily usable format
  • Right to Opt Out: Opt out of the processing of your Personal Information for targeted advertising, the sale of your data, or profiling that produces legal or similarly significant effects

How to Exercise: Contact us at privacy@bonusbell.com with the subject line "VCDPA Request." We will respond within 45 days (with one 45-day extension if reasonably necessary).

Right to Appeal: If we decline your request, you have the right to appeal. Submit your appeal to privacy@bonusbell.com with the subject line "VCDPA Appeal." We will respond within 60 days. If your appeal is denied, you may file a complaint with the Virginia Attorney General at oag.state.va.us.

14. Additional State Privacy Rights

The following states have enacted comprehensive consumer privacy laws. If you are a resident of any of these states, you may have additional rights similar to those described in Sections 12 and 13:

StateLawKey Rights
ColoradoColorado Privacy Act (CPA)Access, correct, delete, portability, opt-out of targeted ads/sale/profiling
ConnecticutCT Data Privacy Act (CTDPA)Access, correct, delete, portability, opt-out, appeal
TexasTX Data Privacy & Security Act (TDPSA)Access, correct, delete, portability, opt-out, appeal
OregonOregon Consumer Privacy Act (OCPA)Access, correct, delete, portability, opt-out of profiling
MontanaMT Consumer Data Privacy Act (MCDPA)Access, correct, delete, portability, opt-out
TennesseeTN Information Protection Act (TIPA)Access, correct, delete, portability, opt-out
IndianaIN Consumer Data Protection Act (ICDPA)Access, correct, delete, portability, opt-out
KentuckyKY Consumer Data Protection Act (KCDPA)Access, correct, delete, portability, opt-out
Rhode IslandRI Data Transparency & Privacy Protection Act (RIDPA)Access, correct, delete, portability, opt-out

To exercise your rights under any of these laws, contact us at privacy@bonusbell.com with the subject line indicating your state (e.g., "Colorado Privacy Request"). We will verify your identity and respond within the timeframe required by your state's law.

Right to Appeal: If we decline your request, most state laws provide a right to appeal. Submit appeals to privacy@bonusbell.com with "Privacy Appeal" in the subject line.

15. Children's Privacy

The Platform is intended for users who are at least 21 years of age (as required for access to gambling-related informational content) or at least 18 years of age for non-gambling features. We do not knowingly collect, use, or disclose Personal Information from children under 13, in compliance with the Children's Online Privacy Protection Act (COPPA).

We do not knowingly collect Personal Information from anyone under 18. If we become aware that we have inadvertently collected information from a person under 18, we will promptly delete that information.

If you are a parent or guardian and believe your child has provided us with Personal Information, please contact us immediately at privacy@bonusbell.com and we will take steps to delete that information.

16. International Users

The Platform is operated from and primarily intended for users in the United States. If you access the Platform from outside the U.S., your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

By using the Platform, you consent to the transfer of your information to the United States. We do not specifically target users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with GDPR-equivalent regulations. If you are located in such a jurisdiction, please be aware that we may not comply with all local data protection requirements.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes (such as new categories of data collected, new third-party sharing, or changes to your rights), we will provide at least thirty (30) days' advance notice via email to the address associated with your account and/or a prominent notice on the Platform before the changes take effect.

For non-material changes (such as formatting updates, clarifications, or corrections of typographical errors), we may update the Privacy Policy without advance notice.

Your continued use of the Platform after any changes constitutes acceptance of the updated Privacy Policy. If you disagree with any changes, your remedy is to stop using the Platform and request deletion of your account.

18. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about our data practices, please contact us:

Murdock Solutions LLC d/b/a BonusBell
Privacy inquiries: privacy@bonusbell.com
General support: support@bonusbell.com
Legal inquiries: legal@bonusbell.com

We aim to respond to all privacy-related inquiries within 30 days. For state-specific requests (CCPA, VCDPA, etc.), we will respond within the timeframe required by applicable law.

Version History
  • February 26, 2026: Complete rewrite — expanded from 12 to 18 sections. Added Bella AI data disclosure, Stripe payment processing, multi-state privacy rights (CCPA/CPRA, VCDPA, CPA, CTDPA, TDPSA, OCPA, MCDPA, TIPA, ICDPA, KCDPA, RIDPA), detailed data retention schedule, third-party services table, cookie categories, GPC/DNT policy, breach notification procedures, and responsible gaming data disclosure.
  • January 3, 2026: Initial publication.