Privacy Policy

Data Collection and Use

We collect various types of personal and sensitive data to provide and improve our services, personalize your experience, facilitate account pairing and shared activities, and comply with legal obligations. The types of data we collect and the specific purposes for each category are detailed below:

1.1 Personal Identifiers

• Types of Data: This includes your full name, email address, date of birth (optional), gender (optional), and any username or profile name you create within the App.
• Purposes of Collection: We collect this information to create and manage your account, verify your identity, communicate with you regarding your account and our services (including important updates and support), and personalize your profile within the App.

1.2 Relationship-Related Inputs

• Types of Data: This includes your specific responses to prompts, detailed information about shared activities you log (e.g., description, date, participants), relationship milestones you track (e.g., anniversaries, significant events), and any other content, including text, images, or other media, you voluntarily share with your paired partner through the App.
• Purposes of Collection: This data is essential for the core features of Bondly, enabling you and your partner to engage in shared experiences, strengthen your connection, and track meaningful moments in your relationship. This information helps personalize the content and prompts you and your partner receive, and may be used in an anonymized and aggregated form to improve the App's features and user experience.

1.3 Health and Wellness Data

• Types of Data: This may include specific mood tracking entries (including date, time, and selected mood), detailed fitness information you choose to input manually (e.g., types of activities, duration, intensity), or precise data synced from health and wellness platforms (e.g., steps taken, sleep duration from Apple HealthKit), if you explicitly grant us permission.
• Purposes of Collection: We collect this data to provide features such as detailed mood tracking with historical trends and to potentially offer personalized insights or content related to your individual and relationship well-being. If you choose to integrate with health data sources, we will only access and use the specific data categories you explicitly consent to share, for the clearly disclosed purposes at the time of consent. You can manage these permissions at any time through your device settings.

1.4 Technical and Usage Data

• Types of Data: This includes your specific device model and operating system version, precise IP address, unique device identifiers (e.g., IDFA or Android Advertising ID), specific app version installed, detailed usage patterns within the App (e.g., specific features used, duration and frequency of use, navigation paths), and comprehensive crash logs with timestamps and error details.
• Purposes of Collection: This detailed data helps us to thoroughly understand how you interact with the App, effectively troubleshoot technical issues with specific devices and software versions, optimize the App's functionality and performance for different user configurations, and ensure the robust security of our services by identifying and addressing potential vulnerabilities.

1.5 Communication Data

• Types of Data: This includes the complete content of messages, including text, images, and other media, you send to your paired partner through any in-app communication tools we may provide, along with associated timestamps.
• Purposes of Collection: This detailed data enables seamless and comprehensive communication between you and your partner directly within the App.

1.6 Location Data (Optional)

• Types of Data: With your explicit and affirmative consent, we may collect your device's precise location data (e.g., GPS coordinates). You will be prompted for permission before we collect this data, and you can revoke this permission at any time through your device settings.
• Purposes of Collection: Precise location data may be used to suggest highly relevant location-based activities in your vicinity or to facilitate real-time location sharing with your partner if you actively choose to use such features.

Data Sharing and Disclosure

We do not sell your personal information to third parties for their marketing purposes. We may share your personal information with certain categories of third parties for the specific purposes outlined below, under strict contractual agreements that ensure the protection of your data:

2.1 Service Providers

We share data with specific third-party service providers who provide essential services for the operation and improvement of the App. These include:

• Analytics providers (e.g., Google Analytics, Firebase) to analyze user behavior and App performance. The data shared is typically technical and usage data, often in an aggregated and anonymized form.
• Cloud storage providers (e.g., AWS, Google Cloud) to securely store your personal data, including relationship-related inputs and health and wellness data.
• Customer support platforms (e.g., Zendesk) to manage and respond to your support inquiries. The data shared is typically personal identifiers and information related to your support request.
• Payment processors (e.g., Stripe, PayPal) to securely process payments for premium features, if applicable. The data shared is payment information, which is handled according to their privacy policies.
• Email and communication service providers (e.g., SendGrid, Twilio) to send you important notifications and communications related to your account and our services.

These service providers have access to your personal information only to perform these specific tasks on our behalf, under strict contractual obligations that prohibit them from disclosing or using it for any other purpose. We implement robust safeguards, including data processing agreements with Standard Contractual Clauses where applicable.

2.2 Partners (for Account Pairing Features)

If we offer features that involve integration with carefully selected partner services to facilitate the secure and seamless pairing of accounts (e.g., using a unique, time-sensitive pairing code), we may share a limited set of personal identifiers, such as this pairing code, with the partner service solely for the purpose of establishing the connection between you and your partner. These partners are contractually obligated to use this information only for the intended purpose of facilitating the account pairing.

2.3 Legal Compliance and Protection of Rights

We may disclose your personal information to specific law enforcement agencies, regulatory bodies, legal advisors, or other relevant third parties when we have a good-faith belief that it is reasonably necessary to:

• Comply with applicable laws, specific legal processes (e.g., valid court orders, subpoenas), or legitimate government requests from recognized authorities.
• Enforce our clearly stated Terms of Service or other binding agreements.
• Respond to substantiated claims that any content violates the rights of third parties.
• Protect our rights, property, or the safety of Bondly, our users, or others.

2.4 Business Transfers

In the event of a clearly defined merger, acquisition, significant reorganization, or the sale of substantially all of our assets, your personal information may be transferred to the acquiring entity or other involved third party as part of the documented transaction. The clearly identified recipient would be legally bound by this Privacy Policy or a demonstrably equivalent policy. You will be clearly notified of such a transfer and any significant changes to the privacy policy that would govern your personal information as a result.

2.5 Aggregated and Anonymized Data

We may share carefully aggregated and rigorously anonymized data (i.e., data that has been demonstrably processed to remove any direct or indirect identifiers, ensuring it cannot be linked back to you) with specifically identified third parties for clearly defined purposes, including analytics and research purposes to understand broad user trends and improve our services, and academic partners for specific research projects aimed at enhancing relationship well-being, under strict data protection agreements.

User Rights and Choices

Under applicable data protection laws, you have the following specific rights regarding your personal information. We are committed to facilitating the exercise of these rights in a transparent and timely manner.

3.1 Accessing, Correcting, or Deleting Your Data

You have the explicit right to request clear confirmation as to whether we are processing your personal data, to obtain a copy of the specific personal information we hold about you, and to request that we promptly correct any inaccurate or incomplete personal information. Furthermore, under specific circumstances defined by law, you have the clear right to request the erasure of your personal information without undue delay.

You can typically directly access and update much of your personal information within your account settings in the App. For formal requests to access, correct, or delete data, please contact our Privacy Team using the contact information provided in Section 11. We may need to reasonably verify your identity before fulfilling your request.

3.2 Withdrawing Consent

Where we rely on your explicit consent as the legal basis for processing your personal information (e.g., for the integration of specific health data or the collection of precise location data), you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You can typically withdraw consent for specific data processing activities, such as health data integration and location sharing, through the App's dedicated settings menus. Please be aware that withdrawing consent for certain data processing may prevent us from providing you with the related features or services that rely on that data.

3.3 Opting Out of Data Sharing or Certain Processing Activities

Depending on the specific provisions of applicable data protection laws in your jurisdiction (e.g., CCPA/CPRA in California), you may have the explicit right to opt out of certain data sharing practices or specific processing activities. If and when applicable, we will provide clear and easily accessible mechanisms within the App's settings for you to exercise your opt-out choices. For detailed assistance with understanding and exercising your specific opt-out rights under applicable law, please contact our Privacy Team directly.

3.4 Right to Data Portability

Under specific circumstances defined by law (e.g., GDPR), you have the explicit right to receive the personal information you have directly provided to us in a structured, commonly used, and machine-readable format (such as a CSV or JSON file) and have the clear right to transmit that data to another controller without demonstrable hindrance from us, where the processing is based on your consent or a contract and is carried out by automated means. To exercise your right to data portability, please contact our Privacy Team using the information in Section 11.

3.5 Right to Lodge a Complaint

If you firmly believe that our processing of your personal information demonstrably infringes upon applicable data protection laws in your jurisdiction, you have the explicit right to lodge a formal complaint with the competent supervisory authority in your country or region. You can directly contact the data protection authority in your place of residence, your place of work, or the place of the alleged infringement to file a complaint. We encourage you to first contact our Privacy Team directly so that we can attempt to address your concerns and find a resolution.

Data Security

We implement a comprehensive suite of robust technical and organizational security measures that are continuously reviewed and updated to protect your personal information against unauthorized access, unlawful processing, accidental loss, destruction, or damage. These specific measures include:

• End-to-End Encryption: We utilize industry-standard encryption protocols, such as Transport Layer Security (TLS/SSL), to encrypt all sensitive data during transmission. Sensitive data at rest is encrypted using strong, industry-recognized encryption algorithms (e.g., AES-256).
• Strict Access Controls: We implement the principle of least privilege, granting access to your personal information only to specifically authorized personnel who have a demonstrable business need. This includes the use of strong, unique passwords, multi-factor authentication (MFA) for employee accounts, and role-based access control (RBAC) systems.
• Regular Security Assessments and Penetration Testing: We conduct regular and thorough security vulnerability assessments and penetration testing, performed by independent security experts, to proactively identify and address potential security weaknesses in our systems and infrastructure.
• Anomaly Detection and Intrusion Prevention Systems: We employ sophisticated anomaly detection systems and intrusion prevention systems to continuously monitor our network and systems for suspicious activity and to prevent unauthorized access attempts in real-time.
• Data Minimization and Pseudonymization: We adhere to the principle of data minimization, collecting and retaining only the personal information that is strictly necessary for the specified processing purposes. Where feasible and appropriate, we utilize pseudonymization techniques to reduce the direct link between your identity and your data.
• Secure Development Practices: We integrate security best practices into our software development lifecycle to build and maintain a secure application.
• Employee Training and Awareness: All our employees undergo comprehensive and ongoing training on data protection principles, security best practices, and incident response procedures.
• Incident Response Plan: We have a well-defined and regularly tested incident response plan in place to effectively manage and mitigate the impact of any potential data security incidents, including procedures for timely notification to affected users and relevant authorities as required by law.

While we implement these rigorous measures and strive for the highest standards of data security, no method of data transmission over the internet or method of electronic storage can be guaranteed to be absolutely 100% secure. In the event of a confirmed data breach that poses a significant risk to your personal information, we will take prompt and appropriate steps to investigate the incident, implement remediation measures, and notify you and the relevant authorities in accordance with applicable legal requirements.

Data Retention

We retain your personal information only for as long as demonstrably necessary to fulfill the specific purposes for which it was collected, as clearly outlined in this Privacy Policy, or for a longer period if explicitly required or permitted by applicable legal or regulatory obligations. The specific criteria we use to determine the appropriate retention periods include:

• The active duration of your relationship with us and your use of the App: We will typically retain your personal data for the entire period your account remains active and as long as it is reasonably necessary to provide you with the full functionality of the services you expect.
• The specific and clearly defined purposes for the data collection: We retain different categories of data for the minimum period necessary to achieve the specific purposes for which they were collected. For example, relationship-related inputs are retained to continuously provide the core features of the App and allow you and your partner to access your shared history.
• Our clearly defined and legitimate business interests: In some specific situations, we may need to retain certain data for our legitimate business interests, such as maintaining accurate business records, improving our services through aggregated analysis (where individual identities are removed), or defending against potential legal claims.
• Strict legal and regulatory obligations: We are obligated to retain certain categories of personal data for specific periods to comply with applicable laws, regulations, legal processes (e.g., tax laws, accounting requirements, legal hold orders), and mandatory government requests.

Once the retention period expires, we will securely delete or anonymize your personal information in accordance with our data retention policies and procedures. For example, if you delete your account, we will initiate the process to delete your personal data within a reasonable timeframe, unless we are required to retain certain information for legal reasons.

Cookies and Tracking Technologies

We and our service providers may use cookies, pixels, or similar tracking technologies to analyze usage patterns within the App, measure the effectiveness of our marketing campaigns (if any), and personalize certain aspects of your experience. These technologies may involve the use of mobile identifiers such as the Identifier for Advertisers (IDFA) on iOS devices and the Google Advertising ID (GAID) on Android devices. These identifiers are typically anonymized and are used for purposes such as analytics, attribution, and improving our services.

You can control the use of these identifiers through your device settings. For example, you can limit ad tracking in your iOS settings or reset your advertising ID in your Android settings. Please note that disabling or limiting these identifiers may affect the accuracy of analytics and the personalization of content.

Privacy Rights for U.S. State Residents

This section provides additional information for residents of certain U.S. states, including California, Virginia, Connecticut, and Washington, regarding their privacy rights under applicable state laws.

7.1 California Residents (CCPA as amended by CPRA)

As a California resident, you have the following rights regarding your personal information:

• The Right to Know: You have the right to request and receive specific pieces of personal information we have collected about you, the categories of personal information we have collected, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, and the categories of third parties with whom we share personal information.
• The Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.
• The Right to Correct: You have the right to request the correction of inaccurate personal information that we maintain about you.
• The Right to Opt-Out of Sale or Sharing: While we do not currently sell your personal information for monetary consideration, you have the right to opt out of the "sharing" of your personal information for cross-context behavioral advertising.
• The Right to Limit Use and Disclosure of Sensitive Personal Information: You have the right to direct us to only use your sensitive personal information for limited purposes.
• The Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your California privacy rights, please contact us as described in Section 11. We will respond to your request within the timeframes required by the CCPA/CPRA. We may need to verify your identity before fulfilling your request. You can also designate an authorized agent to make requests on your behalf, subject to verification.

7.2 Virginia, Connecticut, and Washington Residents

Residents of Virginia, Connecticut, and Washington have similar rights regarding their personal information, including the right to access, correct, delete, and obtain a copy of their personal data, as well as the right to opt out of targeted advertising, the sale of personal data, and (in Virginia and Connecticut) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

To exercise your privacy rights under the laws of Virginia, Connecticut, or Washington, please contact us as described in Section 11. We will respond to your request within the timeframes required by the applicable state law. We may need to verify your identity before fulfilling your request.

International Data Transfers

If you are located outside of Moldova and your personal information is transferred to us in Moldova, please be aware that Moldova may have data protection laws that are different from those in your country. We will take appropriate safeguards to ensure that your personal information is protected in accordance with this Privacy Policy and applicable international data transfer mechanisms. These safeguards may include:

• Standard Contractual Clauses: We may enter into Standard Contractual Clauses approved by the European Commission or other relevant authorities with recipients of data located outside of jurisdictions with adequate data protection laws. These clauses help ensure an adequate level of data protection.
• Other Legally Permissible Mechanisms: We may also rely on other legally recognized mechanisms for international data transfers, as permitted by applicable laws.

By using Bondly and providing us with your personal information, you consent to the transfer, processing, and storage of your information in Moldova and other jurisdictions where our service providers operate.

Children's Privacy

Bondly is not intended for children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children under this age. If we become aware that we have collected personal information from a child under the applicable age without verifiable parental consent, we will take steps to delete that information as soon as possible.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us using the information provided in Section 11.

Policy Updates and Changelog

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the features of our App. We will notify users of material changes to this Privacy Policy through a prominent in-app notice or via email to the email address associated with your account. We will also update the "Last Updated" date at the top of this policy.

Prior versions of this Privacy Policy will be archived and made available to users upon request. To request a prior version, please contact us using the information provided in Section 11. Your continued use of the App after the effective date of any updated Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you should stop using the App.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Bondly Privacy Team
• Email:[email protected]
• Mailing Address: THE DOT IT, str. Gherman Pintea 102
• Support:help.thebondly.com