Privacy Policy
Effective Date: 1 November 2025
1) Our Privacy Promise
Bond is built on one principle: your data belongs to you. We don't read your conversations, we don't sell your information, and we don't track your behavior. Everything stays private between you and your match. This policy explains exactly what we collect and why — nothing more. Bond is operated by Quentin Roba, independent, Belgium ([email protected]), in full compliance with the EU General Data Protection Regulation (GDPR).
2) What Data We Collect
We collect the minimum data needed to operate the service: • Email address or phone number — to authenticate your account via one-time passcode (OTP) • Display alias — randomly generated, not your real name • Conversations — text messages exchanged between matched users • Date proposals — location, time, and recognition marks you choose to share with your match • Technical data — device type, app version, and IP address (for security and rate limiting only) We do not collect photos, biometric data, precise location, browsing history, or any data beyond what is listed above.
3) How We Use Your Data
Your data is used strictly to operate Bond. Specifically: • Authentication — your email/phone is used only to send login codes • Messaging — conversations are stored so you and your match can read them • Date planning — proposals are stored so both parties can coordinate • Security — IP addresses and device info are used for rate limiting and abuse prevention We do not use your data for advertising, profiling, analytics, marketing, or any purpose other than running the app. We do not sell, rent, or share your data with anyone. We do not read your conversations. Your messages are private between you and your match.
4) Legal Basis (GDPR Art. 6)
We process your data under the following legal bases: • Contract performance (Art. 6(1)(b)) — processing necessary to provide the Bond service you signed up for (authentication, messaging, date planning) • Legitimate interest (Art. 6(1)(f)) — security measures such as rate limiting and abuse prevention We do not rely on consent for core functionality because the service cannot operate without this data. You can withdraw from the service at any time by deleting your account.
5) Who Has Access to Your Data
Nobody reads your data. Access is limited to: • Automated systems — servers process messages for delivery, but no human reads them • Infrastructure providers — hosting (Railway), database (PostgreSQL), caching (Redis) process data as part of service delivery We do not share data with advertisers, data brokers, analytics companies, or any third party for their own purposes. Our infrastructure providers act as data processors under GDPR and process data only on our instructions.
6) Data Storage and Security
Your data is stored on servers in the EU/EEA. We use: • Encrypted connections (HTTPS/TLS) for all data in transit • Passwordless authentication — no passwords are stored • Secure token storage on your device • Rate limiting and abuse detection to protect accounts We retain your data only as long as your account is active. Conversations and proposals are kept so you can access your chat history.
7) Your Rights Under GDPR
As an EU resident, you have the following rights: • Access — request a copy of your personal data • Rectification — correct inaccurate data • Erasure — request deletion of your data ("right to be forgotten") • Restriction — request we limit how we use your data • Portability — receive your data in a structured, machine-readable format • Objection — object to processing based on legitimate interest To exercise any of these rights, email [email protected]. We will respond within 30 days as required by GDPR. If you are not satisfied with our response, you have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit).
8) Data Retention
• Account data (email/phone) — kept until you delete your account • Conversations and proposals — kept until you delete your account • Security logs (IP, device info) — automatically deleted after 90 days When you delete your account, all your personal data is removed. Some anonymized data may be retained for security purposes (e.g., abuse prevention logs with no identifying information).
9) Cookies and Tracking
Bond does not use cookies for tracking or advertising. The website may use essential cookies strictly for functionality (e.g., session management). The mobile app does not use cookies. We do not use any analytics tools, tracking pixels, or third-party scripts that monitor your behavior.
10) Children's Privacy
Bond is not intended for users under 16 years old (or the age of digital consent in your country, if higher). We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact [email protected] and we will delete it promptly.
11) International Transfers
Your data is processed within the EU/EEA. If any infrastructure provider processes data outside the EEA, we ensure appropriate safeguards are in place (such as EU Standard Contractual Clauses) as required by GDPR.
12) Changes to This Policy
We may update this Privacy Policy for legal or operational reasons. Material changes will be communicated in-app or by email. Continued use of Bond after changes constitutes acceptance of the updated policy.
13) Contact
Quentin Roba — Belgium [email protected] For GDPR-related requests, please include "GDPR" in your email subject line.