Privacy Policy
1. Introduction
At Bond, we value and respect your privacy. This Privacy Policy describes what personal data we collect from users, how and for what purposes we process it, with whom we share it, and what rights you have regarding it. Our goal is to be transparent and comply with international data protection laws, including the European Union’s General Data Protection Regulation (GDPR), Colombia’s Law 1581 of 2012 (the Personal Data Protection Law, or “Habeas Data” law), and other applicable regulations in the jurisdictions where we operate. By using the Bond app, you agree that we may process your data as described in this Policy.
2. Identity of the Data Controller
The data controller for your personal data (i.e., the entity that decides how and why your data is processed) is the developer of the Bond app. Bond is operated by [Company/Developer Name], with its registered address at [Address, City, Country]. For any inquiries or to exercise your data protection rights, you can contact us via email at support@app-bond.com.
Note: If Bond is managed by a different entity in the future or if a Data Protection Officer (DPO) or an EU Representative is designated according to the GDPR, this Policy will be updated to reflect that contact information.
3. Personal Data We Collect
We collect various types of personal data when you use Bond, whether you provide it directly or it is generated automatically through the use of the App. Below, we describe the categories of data collected:
3.1. Data Provided by the User:
These are the data you voluntarily enter in the App, typically during registration or in your user profile, in order to receive a personalized service. They may include:
Profile Information: Age, gender, relationship status (for example, whether you are married, in a partnership, single, etc.), and language or general location (country/city) if needed to personalize the experience.
Personal Objective or Interest: Your interest in improving a particular relationship or aspect of your life (for example, “improving communication with my partner” or another reason for downloading the app). We may also ask you your reason for downloading or what you hope to achieve with Bond, to tailor our content to your needs.
Availability and Habits: Information such as your availability to engage in activities or exercises (for example, preferred days of the week or time slots) or other data that help us remind or schedule therapeutic support activities.
Support Communication: If you contact us for support or feedback (via email or other means), we will collect the information you provide in that communication (for example, details of the issue you report or additional contact information).
This data is typically optional, but providing accurate and complete information allows us to offer you a better personalized experience. Please do not provide more personal data than requested; specifically, we ask that you do not share sensitive data unless it is relevant to the functioning of the App (see Section 3.3 on sensitive data).
3.2. Data Collected Automatically:
Bond uses technological tools to collect technical and usage information about the App automatically when you use it, such as:
Usage Data and Metrics: Through Firebase Analytics (a Google-provided analytics service), we collect information about how you interact with the App. This may include which screens or sections of Bond you visit, the features you use, usage frequency and duration, events or actions performed within the App, among other statistical data. This information helps us understand overall user behavior and improve the service (for example, determining which features are most useful).
Technical Identifiers: Firebase Analytics and our systems may collect identifiers from your device or your App installation, such as the App instance identifier, mobile device type, operating system version, device language, time zone, and anonymized IP address. We do not use advertising identifiers for third-party commercial purposes, nor do we obtain your phone number or contact list unless we explicitly request it and you provide it (which, in the current version of Bond, does not occur).
Performance and Error Data: We may collect anonymous logs of App errors, crash reports, or other diagnostic data through tools such as Firebase Crashlytics or other services, to maintain Bond’s stability and security.
These automatic data generally do not directly identify you (they do not contain your name or contact information), but they could be considered personal data if they are linked to you in any way. We use this information primarily in aggregate form for statistical analysis and product improvement.
3.3. Sensitive Personal Data:
In some cases, Bond may collect information that, depending on applicable laws, could be considered “sensitive personal data.” For example, details about your emotional or romantic life, your relationship status, or the personal reason you seek help in the App may be delicate information for you. We do not request health data, data about your sexual life, religious beliefs, ethnic origin, or other classic sensitive data defined by law, unless a specific exercise or function of the App explicitly requires it with your consent (in which case we will clearly inform you).
If you voluntarily provide us with information that could be considered sensitive, we will understand that you give your explicit consent for Bond to process that data solely to provide you with the service (Articles 5 and 6 of Colombia’s Law 1581 of 2012 and Article 9 of the GDPR require explicit consent for sensitive data). Please note that you are not obligated to provide sensitive data; its provision is optional and voluntary. Bond will treat such information with strict confidentiality and only for the purposes described. If you are uncomfortable sharing certain information, you may omit it, though this might partially limit the personalization or effectiveness of some App functions.
4. Purposes for Data Processing
We use your personal data solely for legitimate and specific purposes related to the service Bond offers. In particular, we process your data for the following purposes:
Providing and Personalizing the Service: The data you provide (age, objectives, relationship status, etc.) is used to personalize the recommendations, exercises, or content that the App offers you. For example, we may adapt advice based on whether you indicate you are in a relationship or not, or send reminders based on your availability.
Improving the App and User Experience: Usage information collected (via Firebase Analytics or other tools) helps us understand how users interact with Bond, which features are most popular, where they might be having difficulties, etc. This allows us to optimize the design, correct errors, and develop new features that respond to user needs. Wherever possible, we use this data in aggregated and anonymous form so that it is not focused on any individual.
Communications and Support: We use your email address or other contact data (if you provided it) to communicate with you only when necessary— for example, to respond to a support inquiry, notify you of important changes in the App or our policies, send you receipts or purchase confirmations from the App Store, or generally inform you about matters related to your account or subscription. We do not send unsolicited promotional messages (spam) to users. If we wish to send you newsletters or offers in the future, we will first obtain your explicit consent.
Processing Subscriptions: Although Bond does not directly manage payments (this is handled by Apple), we may retain information about your subscription status (active/inactive, plan type, start and end dates of the period) to enable or restrict access to Premium features within the App. These subscription references may come from the confirmation that Apple sends us after your purchase. We use this information internally to ensure that subscribed users have access to the corresponding content. Bond does not store financial details (such as credit card numbers) or individual transaction details, but it may record internally that you have an active subscription.
Legal Compliance: We may process personal data when necessary to comply with legal obligations to which we are subject (for example, tax obligations, regulatory requirements, data protection norms, or other applicable laws). We might also use and retain certain information to respond to legal proceedings or to prevent fraud, abuse, or violations of our Terms.
We will not use your data for purposes that are unrelated, incompatible, or not described above without informing you and, if necessary, obtaining your additional consent.
5. Legal Basis for Data Processing
We ensure that we have a valid legal basis for each processing of your personal data, in accordance with data protection laws. Depending on the type of data and the context, we rely on one or more of the following legal bases:
Contractual Necessity: When processing certain data is necessary to provide the service you request. For example, processing your profile and preference data to grant you access to Bond and its therapeutic support features is necessary for the execution of the service agreement between you and us (the Terms of Use). Without that data, we could not adequately offer the service.
Informed Consent: In cases where you have given us your consent to process data (especially for optional or sensitive data, or for receiving optional communications). For example, if you decide to provide us with delicate information about your personal life to receive more precise guidance, or if we ask for consent to send promotional communications in the future, such processing will be based on your consent. You have the right to withdraw your consent at any time, without affecting the legality of the processing carried out based on that consent beforehand.
Legitimate Interest: We may process certain data based on our legitimate interest, provided that such interest does not override your rights and fundamental freedoms. For example, using analytics data (app usage, statistics) to improve our product: we have an interest in refining Bond and offering a better service, and we use minimal data with low privacy impact (in aggregated/anonymous form) for this purpose. We will always assess that our interest does not result in an unjustified detriment to your privacy. You have the right to object to processing based on legitimate interest (see the Rights section below).
Legal Obligation: When necessary, we process data to comply with a legal obligation. For example, we may retain records of transactions or communications if required by law for tax, accounting, or judicial purposes, or to adequately manage requests to exercise your data protection rights.
If we ever need to process personal data for a purpose that requires a different legal basis (for example, processing sensitive data without explicit consent under a legal exception), we will inform you of the basis and justification, always respecting what the law allows.
6. Data Sharing with Third Parties
Bond does not sell or rent your personal data to third parties. We only share your data under the following circumstances and with proper safeguards:
Service Providers (Data Processors): We may engage trusted third parties to assist us in operating the App. These third parties act under our instructions and on our behalf to process your data, and they may not use it for their own purposes. Examples include:
Google/Firebase: As mentioned, we use Firebase Analytics (and potentially other Firebase services such as Crashlytics, Firebase Cloud Firestore, etc.). Google acts as a data processor providing us these tools. This means that some of your data (e.g., device identifiers, usage events, and possibly profile information stored in Firebase) may be stored on Google’s servers. Google has its own terms and privacy measures that comply with international standards (including the GDPR, via Standard Contractual Clauses for international transfers, see Section 7). We only share with Firebase the data necessary for the desired functionalities (analytics, database, authentication, etc.).
Apple: When you subscribe, Apple acts as the payment intermediary. Apple may provide us with basic transaction information (e.g., confirmation of the purchase, type of subscription purchased, the country of subscription, and no personal financial data). Apple also has its own privacy policy and will act as an independent controller of the data it processes for its purposes (for example, Apple collects your payment data under its terms).
Cloud Hosting Services: If our backend infrastructure or user database is hosted on cloud services (e.g., on Google Cloud servers via Firebase or Amazon Web Services), personal data stored by the App (such as your profile) may reside on those servers. Such providers follow our instructions and implement security measures to protect the data.
Legal Requirements and Protection: We may disclose personal data to third parties when we reasonably believe it is necessary to comply with a legal obligation, a judicial process (for example, a court order or a request by a competent authority), or to enforce our Terms and Conditions, protect the rights, property, or safety of Bond, our users, or others. This includes sharing information with data protection regulatory authorities if required during a complaint or investigation.
Business Transfer: In the hypothetical event that Bond undergoes a corporate reorganization, merger, acquisition, or sale of all or part of its assets, it is possible that users’ personal data will be included in the transferred assets. Should this occur, we will ensure that the receiving entity agrees to abide by this Privacy Policy and that you are notified of any relevant changes, with the option to have your data deleted before the transfer if you wish.
Outside the above cases, we will not share your data with third parties without obtaining your prior explicit consent. If we wish to partner with third parties (e.g., affiliated professionals, researchers, or business partners) for other purposes, we will clearly inform you and provide you the option to opt out.
7. International Data Transfers
Bond operates internationally, and the data we collect may be transferred and stored on servers located outside your country of residence. In particular, our main technology providers (for example, Google/Firebase) may store data in data centers in the United States or other countries. This means that your personal data may be transferred to jurisdictions that might not offer the same level of data protection as your country of origin (for example, the European Union does not consider the United States to have an adequate level of data protection in the absence of additional safeguards).
However, to protect your rights and ensure secure data processing, we take the following measures when making international transfers:
Standard Contractual Clauses: If we transfer data from the European Economic Area (EEA) or another jurisdiction with transfer restrictions, we will ensure that recipients outside those areas (e.g., providers in the USA) are subject to contracts that include the standard clauses approved by the European Commission or other equivalent legal mechanisms that require personal data to be protected to standards equivalent to those in Europe.
Explicit Consent: In specific cases, we may request your consent to transfer your data to a particular country, especially if it involves sensitive data. For example, users in Colombia, by accepting this Policy, consent to having their data hosted in infrastructures outside Colombia, understanding that we will apply appropriate security measures.
Binding Corporate Rules or Certifications: Although Bond is an independent service, our providers like Google maintain certifications and compliance commitments (for example, Google adheres to the EU-US Privacy Shield framework successors and complies with Law 1581 in Colombia through contracts).
By using Bond, you acknowledge and agree to the international transfer of your data to the countries where we operate or where our technical providers are located, always under the aforementioned safeguards. If you have any questions about these transfers or wish to know more about the security measures applied, please contact us at any time.
8. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes set forth in this Policy or as required by applicable laws (for example, for accounting or legal purposes). In general terms:
Account and Profile Data: We will retain your account information as long as you maintain an active account in Bond. If you decide to delete your account, we will delete or anonymize your personal data within a reasonable time after your request (see below on how to delete data). We may retain certain information for an additional limited period in secure backups or as necessary to meet legal obligations or resolve disputes, but when applicable, such data will be securely blocked (i.e., not actively used).
Usage Data (Analytics): Data collected via Firebase Analytics or other analytical tools may be retained in aggregate form indefinitely for statistical purposes. However, any identifiers that may be linked to a specific user or device will be anonymized or deleted after [e.g., 14 months] (note: Firebase allows data retention configuration, typically 14 months is a standard for non-aggregated data).
Support Communications: If you contact us for support, we may retain your messages or emails for the time necessary to address your inquiry and keep a record of the support provided. These records are typically retained as long as you have an account with us or as required by quality or customer service standards, and may be deleted periodically if no longer relevant.
Legal Obligations: When the law requires us to retain data for a specific period (for example, transaction records for tax purposes), we will comply with those requirements. During that time, your data will be protected and processed only to meet those legal obligations. Once the information is no longer necessary for the purposes for which it was collected, we will proceed with its secure deletion or irreversible anonymization (so that it can no longer be associated with an identifiable person). If for any reason it is not possible to completely delete certain data (for example, stored in old backups), we will store it securely and isolate it from further use until deletion is feasible.
9. Rights of the Data Subject
As the data subject, you have a series of legal rights regarding your personal data, which we respect and ensure you can exercise. In compliance with the GDPR, Colombia’s Habeas Data Law, and other applicable regulations, your primary rights are:
Right of Access: You can request confirmation of whether we are processing your personal data and, if so, a copy of that data along with information about the purposes of the processing, the categories of data, the third parties with whom it is shared, the retention period, and your rights regarding it.
Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you. It is important that the information in your Bond profile is accurate; we encourage you to update any changes directly in the App (for example, if your relationship status or contact email changes). If you cannot do so, we will be happy to process your rectification request.
Right to Cancellation/Erasure (“Right to be Forgotten”): You may request the deletion of your personal data under certain circumstances, for example, if it is no longer necessary for the purposes stated, if you withdraw your consent (when the processing was based on it), or if you believe we are processing your data unlawfully. In Bond, you can delete your account and all associated data directly through the App’s settings/profile section. Upon doing so, we will remove your personally identifiable information from our production systems. If you encounter difficulties with automatic deletion, please contact us and we will manually process your request. Please note that there may be exceptions to deletion if a law requires us to retain certain data (see Section 8 on Data Retention).
Right to Object: You have the right to object at any time, for reasons related to your particular situation, to the processing of your data based on our legitimate interest or public interest. If you object, we will cease processing your data in the area to which you object, unless we can demonstrate compelling legitimate reasons to continue (for example, a legal necessity) that override your interests, or for the formulation, exercise, or defense of claims. In practice, this might apply if you object to the use of your usage data for analytical purposes; in such cases, we will evaluate your request and, if no legal or technical impediment exists, we may exclude your device from our analytics collection.
Right to Restrict Processing: This right allows you to request that we mark your personal data so that, temporarily, we only store it without actively using it. You can request restriction, for example, while a rectification request is being processed (to verify data accuracy), if you have objected and we are determining whether our legitimate interests prevail, or if you need us to retain the data for a legal claim even though we no longer need it for its original purpose. When restriction applies, we will only retain the data for preservation and will not perform new processing until the situation is resolved.
Right to Data Portability: To the extent permitted by law (mostly under the GDPR), you may request a copy of certain data in a structured, commonly used, and machine-readable format, so that you can transfer it to another provider, or have us directly transfer it to a new provider where technically feasible. This right applies to data you have provided to us and that we process automatically based on your consent or a contract. If requested, we will provide, for example, the key details of your profile and activities in a standard electronic format (e.g., CSV or JSON).
Right Not to Be Subject to Automated Decision-Making: Bond does not make decisions that have legal or similarly significant effects on you solely based on automated data processing (without human intervention), such as automated profiling that determines an outcome that significantly affects you. In the event that we implement any functionality of automated personalized recommendations with significant effects in the future, you would have the right to obtain an explanation and to request human intervention or challenge the decision.
To exercise any of your rights, you can use the features available in the App (e.g., the account deletion option) or contact us via email at support@app-bond.com, indicating which right you wish to exercise and providing the necessary details for us to process your request. We may need to verify your identity before processing your request to protect your privacy (for example, we might ask you to write from the email registered with your account, or provide additional information to confirm that you are the data subject).
Timeframes: We will respond to your requests as promptly as possible. For formal requests under the GDPR or similar laws, the legal response timeframe is generally up to 30 days, extendable by another 30 days if necessary due to complexity, about which we will inform you. For users in Colombia, inquiries must be resolved within no more than 10 business days (extendable by an additional 5 days with justification), and requests for rectification, update, or deletion of data or withdrawal of consent will be addressed within a maximum of 15 business days upon complete receipt (according to Law 1581/2012). We will do our best to address your request within these timeframes or even sooner.
Right to Lodge a Complaint: If you believe we have not addressed your request or have processed your data inadequately or unlawfully, you have the right to lodge a complaint with the competent data protection authority. For instance, if you are in an EU country, you may contact your national data protection authority (e.g., the Spanish Data Protection Agency, the CNIL in France, etc.). In Colombia, you may file a complaint with the Superintendency of Industry and Commerce (Data Protection Delegation). We invite you, however, to first contact us so that we can try to resolve any concerns amicably and effectively.
10. Data Security
We take the security of your personal data very seriously. We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include, among others: encryption of communication between the App and our servers (e.g., using HTTPS/SSL), storage of personal data on secure servers with restricted access controls, robust authentication and credential management, and internal information security practices.
Furthermore, we limit access to your personal data only to those employees, contractors, or collaborators who require it to operate, develop, or improve the App, and who are subject to strict confidentiality obligations. We perform regular backups of our database to prevent data loss and monitor our systems to detect potential vulnerabilities or attacks.
Notwithstanding the above, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, while we strive to protect your data to high standards, we cannot guarantee absolute security. In the event that we detect a security breach compromising your personal data, we will comply with legal notification obligations: we will inform you and the competent authorities (e.g., the SIC in Colombia, or the GDPR authorities in Europe) promptly as required by law, and take necessary corrective measures.
You also play an important role in protecting your data. We recommend that you keep your account credentials (e.g., your Bond password or PIN) confidential and do not share them with others. If you believe someone has gained unauthorized access to your account or data, please contact us immediately.
11. Privacy of Minors
Bond is not directed at children or minors. We do not deliberately collect personal information from individuals under 18 years of age without verifiable parental or guardian consent. If we inadvertently collect personal data from a minor without the appropriate consent, we will take steps to delete that information as soon as possible.
We recommend that parents, guardians, and caretakers monitor their children’s online activities. If you are a parent or guardian and believe that your child under 18 has provided personal data to us without your consent, please contact us so we can promptly delete that information.
12. Updates to This Privacy Policy
We may review or update this Privacy Policy periodically to reflect changes in our practices, applicable legislation, or Bond’s functionalities. When we make significant changes (for example, if we expand the categories of data we collect or the purposes for which it is used), we will notify you through the App (e.g., via a prominent notice or pop-up message) or by other means (e.g., email, if applicable) and highlight the changes made.
Each version of the Privacy Policy will be indicated with its last updated date (see at the end of this document). We recommend reviewing this Policy periodically to stay informed about how we protect your information.
If you continue using Bond after the effective date of an updated version of the Privacy Policy, it will be deemed that you accept the changes. If you do not agree with the modifications, you should stop using the App and exercise your rights, such as deleting your account and data.
13. Contact and Privacy Inquiries
If you have any questions, comments, or requests regarding this Privacy Policy or the processing of your personal data in Bond, please do not hesitate to contact us:
Email: support@app-bond.com
Last updated: March 23, 2025.