Privacy Policy
Last updated: January 5, 2026
1. Data Controller
Company: Being lifestyle s.r.o.
IČO: 19067135
Country: Czech Republic
Email: [email protected]
Website: https://www.withbondo.com
This Privacy Policy explains how Bondo | relationship companion (the "App") processes personal data.
2. Minimum age (16+ only)
The App is not intended for children.
- You must be at least 16 years old to create an account or use the App.
- We do not provide a parental consent onboarding mechanism.
- Accounts reasonably believed to belong to users under 16 may be suspended or deleted.
3. Personal data we process
A. Account & identity data
- Email address
- Authentication identifiers
- Internal user ID
B. User-generated relationship data
- Names of people
- Birthdays and name days
- Notes, preferences, gift ideas
- Events and reminders
- Optional event location text
C. Purchases
- Subscription status and entitlement metadata
- Processed via Apple In-App Purchases and RevenueCat
D. Usage & diagnostics
- App interaction events
- Crash and performance diagnostics
- App version and device type (where available)
4. Children's data entered by adults
- The App may contain information about minors (e.g. a child's birthday) only if entered by an adult user.
- The App does not allow accounts for users under 16.
- By storing data about a child, you confirm you are authorized to do so (e.g. as a parent or legal guardian).
- Such data is used only to provide the App's functionality (e.g. reminders).
5. Location data
- We do not collect precise GPS or real-time device location.
- Event locations are optional and stored only as user-entered text (place names or addresses).
- This is considered coarse location data, not tracking.
6. Legal bases & purposes
| Purpose | Legal basis |
|---|---|
| Core app functionality | Contract |
| Account security | Legitimate interest |
| Subscriptions & entitlements | Contract |
| Analytics & improvement | Legitimate interest |
| Accounting & tax compliance | Legal obligation |
We do not sell personal data and do not use it for advertising.
7. Service providers (processors)
| Provider | Purpose | Hosting |
|---|---|---|
| Supabase | Authentication & database | EU |
| RevenueCat | Subscription management | USA |
| PostHog | Analytics | EU |
| Amazon Web Services (AWS) | Push notifications | EU (with US entities) |
| Hetzner (n8n) | Automation workflows | EU |
Only the minimum data required for each service is shared.
8. International data transfers & SCCs (vendor-specific)
Where personal data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) and supplementary safeguards.
🔒 SCC & transfer documentation by vendor
| Vendor | Transfer mechanism | Official documentation |
|---|---|---|
| Supabase | SCCs + EU hosting | https://supabase.com/legal/data-processing-addendum |
| RevenueCat | SCCs (EU Commission Decision 2021/914) | https://www.revenuecat.com/dpa/ |
| PostHog (EU Cloud) | EU hosting + SCCs | https://posthog.com/dpa |
| AWS | SCCs + GDPR DPA | https://aws.amazon.com/compliance/gdpr-center/ |
| Hetzner | EU-only processing (no third-country transfer) | https://www.hetzner.com/legal/privacy-policy |
Supplementary safeguards include:
- Encryption in transit (TLS)
- Access controls and least-privilege
- EU-region hosting where available
9. Data retention
- Active account data: stored while the account exists
- Account deletion: personal data removed from active systems within 30 days
- Backups: overwritten within 90 days
- Security logs: retained up to 30 days
- Payment & accounting records: retained for 7 years (Czech legal obligation)
10. Security
We apply appropriate technical and organizational safeguards, including:
- TLS/HTTPS encryption
- Secure authentication
- Access control & monitoring
- Cloud provider security standards
11. Your GDPR rights
You have the right to access, rectify, delete, restrict, object to processing, and request data portability.
12. Supervisory authority
You may lodge a complaint with:
Úřad pro ochranu osobních údajů (ÚOOÚ)
Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
13. Changes
We may update this Privacy Policy. Material changes will be announced in the App or on our website.