Bondly - Privacy Policy
Last Updated: May 4, 2025

This Privacy Policy describes how Bondly ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our mobile application (the "App"). Please read this policy carefully to understand our practices regarding your data and how we handle it. By using Bondly, you agree to the terms of this Privacy Policy.

1. Data Collection and Use
We collect various types of personal and sensitive data to provide and improve our services, personalize your experience, facilitate account pairing and shared activities, and comply with legal obligations. The types of data we collect and the specific purposes for each category are detailed below:
1.1 Personal Identifiers
  • Types of Data: This includes your full name, email address, date of birth (optional), gender (optional), and any username or profile name you create within the App.
  • Purposes of Collection: We collect this information to create and manage your account, verify your identity, communicate with you regarding your account and our services (including important updates and support), and personalize your profile within the App.
1.2 Relationship-Related Inputs
  • Types of Data: This includes your specific responses to prompts, detailed information about shared activities you log (e.g., description, date, participants), relationship milestones you track (e.g., anniversaries, significant events), and any other content, including text, images, or other media, you voluntarily share with your paired partner through the App.
  • Purposes of Collection: This data is essential for the core features of Bondly, enabling you and your partner to engage in shared experiences, strengthen your connection, and track meaningful moments in your relationship. This information helps personalize the content and prompts you and your partner receive, and may be used in an anonymized and aggregated form to improve the App's features and user experience.
1.3 Health and Wellness Data
  • Types of Data: This may include specific mood tracking entries (including date, time, and selected mood), detailed fitness information you choose to input manually (e.g., types of activities, duration, intensity), or precise data synced from health and wellness platforms (e.g., steps taken, sleep duration from Apple HealthKit), if you explicitly grant us permission.
  • Purposes of Collection: We collect this data to provide features such as detailed mood tracking with historical trends and to potentially offer personalized insights or content related to your individual and relationship well-being (e.g., suggesting relaxing activities if a low mood is frequently logged). If you choose to integrate with health data sources, we will only access and use the specific data categories you explicitly consent to share, for the clearly disclosed purposes at the time of consent. For example, shared activity levels might be used to suggest relevant date ideas. You can manage these permissions at any time through your device settings.
1.4 Technical and Usage Data
  • Types of Data: This includes your specific device model and operating system version, precise IP address, unique device identifiers (e.g., IDFA or Android Advertising ID), specific app version installed, detailed usage patterns within the App (e.g., specific features used, duration and frequency of use, navigation paths), and comprehensive crash logs with timestamps and error details.
  • Purposes of Collection: This detailed data helps us to thoroughly understand how you interact with the App, effectively troubleshoot technical issues with specific devices and software versions, optimize the App's functionality and performance for different user configurations, and ensure the robust security of our services by identifying and addressing potential vulnerabilities.
1.5 Communication Data
  • Types of Data: This includes the complete content of messages, including text, images, and other media, you send to your paired partner through any in-app communication tools we may provide, along with associated timestamps.
  • Purposes of Collection: This detailed data enables seamless and comprehensive communication between you and your partner directly within the App.
1.6 Location Data (Optional)
  • Types of Data: With your explicit and affirmative consent, we may collect your device's precise location data (e.g., GPS coordinates). You will be prompted for permission before we collect this data, and you can revoke this permission at any time through your device settings.
  • Purposes of Collection: Precise location data may be used to suggest highly relevant location-based activities in your vicinity or to facilitate real-time location sharing with your partner if you actively choose to use such features. We will clearly explain the purpose of location data collection at the time of requesting your consent.


2. Data Sharing and Disclosure
We do not sell your personal information to third parties for their marketing purposes. We may share your personal information with certain categories of third parties for the specific purposes outlined below, under strict contractual agreements that ensure the protection of your data:

2.1 Service Providers
  • Categories of Recipients: We share data with specific third-party service providers who provide essential services for the operation and improvement of the App. These include:
  • Analytics providers (e.g., Google Analytics, Firebase) to analyze user behavior and App performance. The data shared is typically technical and usage data, often in an aggregated and anonymized form.
  • Cloud storage providers (e.g., AWS, Google Cloud) to securely store your personal data, including relationship-related inputs and health and wellness data.
  • Customer support platforms (e.g., Zendesk) to manage and respond to your support inquiries. The data shared is typically personal identifiers and information related to your support request.
  • Payment processors (e.g., Stripe, PayPal) to securely process payments for premium features, if applicable. The data shared is payment information, which is handled according to their privacy policies.
  • Email and communication service providers (e.g., SendGrid, Twilio) to send you important notifications and communications related to your account and our services. The data shared is typically personal identifiers.
  • Purposes of Sharing: These service providers have access to your personal information only to perform these specific tasks on our behalf, under strict contractual obligations that prohibit them from disclosing or using it for any other purpose. We implement robust safeguards, including data processing agreements with Standard Contractual Clauses where applicable, to ensure these providers protect your data in accordance with this Privacy Policy and all applicable laws.
2.2 Partners (for Account Pairing Features)
  • Categories of Recipients: If we offer features that involve integration with carefully selected partner services to facilitate the secure and seamless pairing of accounts (e.g., using a unique, time-sensitive pairing code), we may share a limited set of personal identifiers, such as this pairing code, with the partner service solely for the purpose of establishing the connection between you and your partner.
  • Purposes of Sharing: This limited sharing is strictly for the purpose of enabling the specific pairing feature you actively choose to use. These partners are contractually obligated to use this information only for the intended purpose of facilitating the account pairing and to protect it with measures equivalent to those in this Privacy Policy.
2.3 Legal Compliance and Protection of Rights
  • Categories of Recipients: We may disclose your personal information to specific law enforcement agencies, clearly identified regulatory bodies, named legal advisors, or other specifically identified relevant third parties when we have a good-faith belief that it is reasonably necessary to:
Comply with clearly defined applicable laws, specific legal processes (e.g., valid court orders, subpoenas with proper legal basis), or legitimate government requests from recognized authorities.
  • Enforce our clearly stated Terms of Service or other binding agreements.
  • Respond to clearly substantiated claims that any content violates the rights of third parties.
  • Protect our clearly defined rights, explicitly identified property, or the demonstrable safety of Bondly, our users, or others in a clearly defined and imminent situation.
2.4 Business Transfers
  • Categories of Recipients: In the specific event of a clearly defined merger, acquisition, significant reorganization, or the sale of substantially all of our assets, your personal information may be transparently transferred to the clearly identified acquiring entity or other specifically involved third party as part of the documented transaction.
  • Purposes of Sharing: This transfer would occur solely as part of the documented business transaction, and the clearly identified recipient would be legally bound by this Privacy Policy or a demonstrably equivalent policy that provides at least the same comprehensive level of protection for your personal information. You will be clearly notified of such a transfer and any significant changes to the privacy policy that would govern your personal information as a result.
2.5 Aggregated and Anonymized Data
  • Categories of Recipients: We may share carefully aggregated and rigorously anonymized data (i.e., data that has been demonstrably processed to remove any direct or indirect identifiers, ensuring it cannot be linked back to you) with specifically identified third parties for clearly defined purposes, including:
  • Analytics and research purposes to understand broad user trends and improve our services.
  • Academic partners for specific research projects aimed at enhancing relationship well-being, under strict data protection agreements.
  • Purposes of Sharing: This type of data, by its nature, cannot be used to directly or indirectly identify you individually.


3. User Rights and Choices
Under applicable data protection laws, you have the following specific rights regarding your personal information. We are committed to facilitating the exercise of these rights in a transparent and timely manner.

3.1 Accessing, Correcting, or Deleting Your Data
  • Right: You have the explicit right to request clear confirmation as to whether we are processing your personal data, to obtain a readily understandable copy of the specific personal information we hold about you, and to receive comprehensive information about the processing, including the purposes, categories of data, recipients, and retention period. You also have the unambiguous right to request that we promptly correct any demonstrably inaccurate or clearly incomplete personal information we hold about you without undue delay. Furthermore, under specific circumstances defined by law (e.g., the data is no longer necessary for the purposes for which it was collected, you have withdrawn consent, or the processing is unlawful), you have the clear right to request the erasure of your personal information without undue delay.
  • Exercise Your Rights: You can typically directly access and update much of your personal information, such as your profile details and relationship-related inputs, within your account settings in the App. For formal requests to access, correct, or delete data that you cannot directly manage within the App, please contact our dedicated Privacy Team using the contact information provided in Section 9. Please clearly specify the nature of your request and the specific information you are referring to. We will acknowledge receipt of your request within [Number] business days and will respond fully within [Number] business days, in accordance with applicable laws. We may need to reasonably verify your identity to protect the security of your data before fulfilling your request. If we cannot fulfill your request, we will clearly explain the reasons for the refusal.
3.2 Withdrawing Consent
  • Right: Where we rely on your explicit consent as the legal basis for processing your personal information (e.g., for the integration of specific health data or the collection of precise location data), you have the unambiguous right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. We will make it as easy to withdraw consent as it was to give it.
  • Exercise Your Rights: You can typically directly manage and withdraw your consent for specific data processing activities, such as health data integration and location sharing, through the App's dedicated settings menus. If you encounter any difficulties, you can also withdraw your consent by contacting our Privacy Team directly using the contact information in Section 9. Please clearly specify the consent you wish to withdraw. We will process your withdrawal request promptly. Please be aware that withdrawing consent for certain data processing may prevent us from providing you with the related features or services that rely on that data. For example, if you withdraw consent to share health data, the integrated features that utilize that data will no longer function.
3.3 Opting Out of Data Sharing or Certain Processing Activities
  • Right: Depending on the specific provisions of applicable data protection laws in your jurisdiction (e.g., CCPA/CPRA in California), you may have the explicit right to opt out of certain data sharing practices or specific processing activities, such as the "sale" of your personal information (although we do not currently engage in this) or targeted advertising (if we implement such features in the future).
  • Exercise Your Rights: If and when applicable, we will provide clear and easily accessible mechanisms within the App's settings or in our communications for you to exercise your opt-out choices. For example, you may be able to adjust your notification preferences or ad personalization settings within the App. For detailed assistance with understanding and exercising your specific opt-out rights under applicable law, please contact our Privacy Team directly.
3.4 Right to Data Portability
  • Right: Under specific circumstances defined by law (e.g., GDPR), you have the explicit right to receive the personal information you have directly provided to us in a structured, commonly used, and machine-readable format (such as a CSV or JSON file) and have the clear right to transmit that data to another controller without demonstrable hindrance from us, where the processing is based on your consent or a contract and is carried out by automated means.
  • Exercise Your Rights: To exercise your right to data portability, please contact our Privacy Team using the information in Section 9 with a clear and specific description of the particular personal data you would like to receive in a portable format and the intended recipient (if applicable). We will assess the technical feasibility of your request and provide the data in the requested format within a reasonable timeframe.
3.5 Right to Lodge a Complaint
  • Right: If you firmly believe that our processing of your personal information demonstrably infringes upon applicable data protection laws in your jurisdiction, you have the explicit right to lodge a formal complaint with the competent supervisory authority in your country or region.
  • Exercise Your Rights: You can directly contact the data protection authority in your place of residence, your place of work, or the place of the alleged infringement to file a complaint. We encourage you to first contact our Privacy Team directly so that we can attempt to address your concerns and find a resolution.


4. Data Security
We implement a comprehensive suite of robust technical and organizational security measures that are continuously reviewed and updated to protect your personal information against unauthorized access, unlawful processing, accidental loss, destruction, or damage. These specific measures include:
  • End-to-End Encryption: We utilize industry-standard encryption protocols, such as Transport Layer Security (TLS/SSL), to encrypt all sensitive data during transmission between your device and our servers, ensuring confidentiality and integrity. Furthermore, sensitive data at rest, including relationship-related inputs, health and wellness data, and communication content, is encrypted using strong, industry-recognized encryption algorithms (e.g., AES-256).
  • Strict Access Controls: We implement the principle of least privilege, granting access to your personal information only to specifically authorized personnel who have a demonstrable business need to access it for clearly defined purposes. This includes the use of strong, unique passwords, multi-factor authentication (MFA) for employee accounts, and role-based access control (RBAC) systems to precisely limit data access based on job responsibilities.
  • Regular Security Assessments and Penetration Testing: We conduct regular and thorough security vulnerability assessments and penetration testing, performed by independent security experts, to proactively identify and address potential security weaknesses in our systems and infrastructure.
  • Anomaly Detection and Intrusion Prevention Systems: We employ sophisticated anomaly detection systems and intrusion prevention systems to continuously monitor our network and systems for suspicious activity and to prevent unauthorized access attempts in real-time.
  • Data Minimization and Pseudonymization: We adhere to the principle of data minimization, collecting and retaining only the personal information that is strictly necessary for the specified processing purposes. Where feasible and appropriate, we utilize pseudonymization techniques to reduce the direct link between your identity and your data.
  • Secure Development Practices: We integrate security best practices into our software development lifecycle to build and maintain a secure application.
  • Employee Training and Awareness: All our employees undergo comprehensive and ongoing training on data protection principles, security best practices, and incident response procedures.
  • Incident Response Plan: We have a well-defined and regularly tested incident response plan in place to effectively manage and mitigate the impact of any potential data security incidents, including procedures for timely notification to affected users and relevant authorities as required by law.
While we implement these rigorous measures and strive for the highest standards of data security, it is important to acknowledge that no method of data transmission over the internet or method of electronic storage can be guaranteed to be absolutely 100% secure. In the event of a confirmed data breach that poses a significant risk to your personal information, we will take prompt and appropriate steps to investigate the incident, implement remediation measures, and notify you and the relevant authorities in accordance with applicable legal requirements.


5. Data Retention
We retain your personal information only for as long as demonstrably necessary to fulfill the specific purposes for which it was collected, as clearly outlined in this Privacy Policy, or for a longer period if explicitly required or permitted by applicable legal or regulatory obligations. The specific criteria we use to determine the appropriate retention periods for different categories of personal data include:
  • The active duration of your relationship with us and your use of the App: We will typically retain your personal data for the entire period your account remains active and as long as it is reasonably necessary to provide you with the full functionality of the services you expect.
  • The specific and clearly defined purposes for the data collection: We retain different categories of data for the minimum period necessary to achieve the specific purposes for which they were collected. For example, relationship-related inputs are retained to continuously provide the core features of the App and allow you and your partner to access your shared history.
  • Our clearly defined and legitimate business interests: In some specific situations, we may need to retain certain data for our legitimate business interests, such as maintaining accurate business records, improving our services through aggregated analysis (where individual identities are removed), or defending against potential legal claims. We will only retain data for these purposes when our interests are not demonstrably overridden by your fundamental rights and freedoms.
  • Strict legal and regulatory obligations: We are obligated to retain certain categories of personal data for specific periods to comply with applicable laws, regulations, legal processes (e.g., tax laws, accounting requirements, legal hold orders), and mandatory government requests. These retention periods are legally mandated and may extend beyond the period necessary for providing our services.
Once the retention period expires, we will securely delete or anonymize your personal information in accordance with our data retention policies and procedures. For example, if you delete your account, we will initiate the process to delete your personal data within a reasonable timeframe, unless we are required to retain certain information for legal reasons.


6. Cookies and Tracking Technologies
We and our service providers may use cookies, pixels, or similar tracking technologies to analyze usage patterns within the App, measure the effectiveness of our marketing campaigns (if any), and personalize certain aspects of your experience. These technologies may involve the use of mobile identifiers such as the Identifier for Advertisers (IDFA) on iOS devices and the Google Advertising ID (GAID) on Android devices. These identifiers are typically anonymized and are used for purposes such as analytics, attribution, and improving our services. You can control the use of these identifiers through your device settings. For example, you can limit ad tracking in your iOS settings or reset your advertising ID in your Android settings. Please note that disabling or limiting these identifiers may affect the accuracy of analytics and the personalization of content.

7. Privacy Rights for U.S. State Residents
This section provides additional information for residents of certain U.S. states, including California, Virginia, Connecticut, and Washington, regarding their privacy rights under applicable state laws.

7.1 California Residents (California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA))
As a California resident, you have the following rights regarding your personal information:
  • The Right to Know: You have the right to request and receive specific pieces of personal information we have collected about you, the categories of personal information we have collected, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, and the categories of third parties with whom we share personal information.
  • The Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.
  • The Right to Correct: You have the right to request the correction of inaccurate personal information that we maintain about you.
  • The Right to Opt-Out of Sale or Sharing: While we do not currently sell your personal information for monetary consideration, you have the right to opt out of the "sharing" of your personal information for cross-context behavioral advertising.
  • The Right to Limit Use and Disclosure of Sensitive Personal Information: You have the right to direct us to only use your sensitive personal information for limited purposes.
  • The Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
Exercising Your Rights: To exercise your California privacy rights, please contact us as described in Section 9. We will respond to your request within the timeframes required by the CCPA/CPRA. We may need to verify your identity before fulfilling your request. You can also designate an authorized agent to make requests on your behalf, subject to verification.

7.2 Virginia, Connecticut, and Washington Residents
Residents of Virginia, Connecticut, and Washington have similar rights regarding their personal information, including the right to access, correct, delete, and obtain a copy of their personal data, as well as the right to opt out of targeted advertising, the sale of personal data, and (in Virginia and Connecticut) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.
Exercising Your Rights: To exercise your privacy rights under the laws of Virginia, Connecticut, or Washington, please contact us as described in Section 9. We will respond to your request within the timeframes required by the applicable state law. We may need to verify your identity before fulfilling your request.


8. International Data Transfers
If you are located outside of Moldova and your personal information is transferred to us in Moldova, please be aware that Moldova may have data protection laws that are different from those in your country. We will take appropriate safeguards to ensure that your personal information is protected in accordance with this Privacy Policy and applicable international data transfer mechanisms. These safeguards may include:
  • Standard Contractual Clauses: We may enter into Standard Contractual Clauses approved by the European Commission or other relevant authorities with recipients of data located outside of jurisdictions with adequate data protection laws. These clauses help ensure an adequate level of data protection.
  • Other Legally Permissible Mechanisms: We may also rely on other legally recognized mechanisms for international data transfers, as permitted by applicable laws.
By using Bondly and providing us with your personal information, you consent to the transfer, processing, and storage of your information in Moldova and other jurisdictions where our service providers operate.

9. Children's Privacy
Bondly is not intended for children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children under this age. If we become aware that we have collected personal information from a child under the applicable age without verifiable parental consent, we will take steps to delete that information as soon as possible.
If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us using the information provided in Section 9.

10. Policy Updates and Changelog
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the features of our App. We will notify users of material changes to this Privacy Policy through a prominent in-app notice or via email to the email address associated with your account. We will also update the "Last Updated" date at the top of this policy.

Prior versions of this Privacy Policy will be archived and made available to users upon request.
To request a prior version, please contact us using the information provided in Section 11. Your continued use of the App after the effective date of any updated Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you should stop using the App.

11. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Bondly Privacy Team
Email: support@bondly.app
Mailing Address: THE DOT IT, str. Gherman Pintea 102
Made on
Tilda