October 22, 2020
Updated over a week ago
Here we describe the privacy practices for our bracelets, other devices, apps, chat and other functionality, software, websites, products, and services (the “Services”). We discuss the data we collect, how we use it, the controls we give you over your information, and the measures we take to keep it safe.
1. Legal bases for collecting, processing, and using information
Our legal bases for collecting, processing, and using information from you in connection with the Services are as follows:
proper functioning of a bracelet;
opening of an account;
use of an account;
logging onto and use of our app;
using the chat and other features, including exchanging text messages, photos, and other media;
logging onto our website;
processing payment for any of the Services;
and any other use of the Services.
2. Return policy and limited product warranty
When you use our Services, we collect the following types of information.
(a) Information you provide us
Some information is required to create an account on our Services and to use such Services, such as your name, mobile telephone number, mobile carrier, password, email address, social media accounts, date of birth, residential address, and photo. The person that will exchange touches, chats, text messages, photos, or any other media or content with you through the bracelets will also create an account on our Services and will provide the same information to us. You may also choose to provide other types of information related to any other Services we may provide in the future.
Age-Related Information for Children and Parent/Legal Guardian Consent Purposes
We also collect age-related information for the purpose of complying with applicable laws regarding online access for children and obtaining the consent of a parent or legal guardian. We may collect such information from you, or, if we have a reasonable belief that you are below the applicable age of consent in your jurisdiction, we may seek to collect such information from your parent or legal guardian. Please see Section 7, “Our Policies for Children”.
To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information, such as access to your contact list on your mobile device.
If you contact us or participate in a survey, contest, or promotion, we collect the information you submit such as your name, contact information, and messages.
If you choose to connect your account on our Services to your account on another service, we may receive information from the other service. For example, if you connect to Facebook, Twitter, or Instagram, we may receive information like your name, profile picture, age range, language, email address, and friend list.
Payment and card information
If you purchase Bond Touch bracelets or other merchandise on our website or an authorized seller’s website, you provide your payment information, including your name, credit or debit card number or PayPal account information, card expiration date, CVV code, and billing address. We store your shipping address to fulfill your order.
(b) Information we receive from your use of our services
Bond Touch Device and Apps Information
Your Bond Touch bracelet and apps, together with your mobile device, collect data on:
touches sent or received;
the sender and the recipient of such touches;
information regarding the sender and recipient of such touches, including mobile phone numbers and the other Account Information described above;
the sender’s and recipient’s location at a city-level of granularity (see “Location Information” below);
the number, time, and duration of touches sent and received; and your email address, text messages, photos, and other media and content if you use the chat functionality in the app.
When information regarding touches syncs with our apps or software, or if information regarding text messages, photos, or other media and content is transmitted through the chat functionality in the app, data is recorded on your mobile device and is then transferred to our servers which may be operated by third parties.
The Services include features that use location data to a city-level of granularity, which may be obtained from GPS signals, device sensors, Wi-Fi access points, and cell tower IDs. We may also derive your approximate location from your IP address, phone number, or email address. We do not collect location data to a level of granularity more precise than city-level.
When you access or use our Services, we receive certain usage data. This includes information about your interaction with the Services, such as when you turn on the Bond Touch bracelet, create or log into your account, pair your Bond Touch bracelet with your account, open or interact with the Bond Touch app or bracelet, log out of your account, or turn off the Bond Touch bracelet.
We also collect data about the devices you use to access the Services, including Bond Touch bracelet information, IP addresses, email addresses, mobile phone numbers and other identifiers, browser type, language, operating system, referring web pages, pages visited, location, and cookie information. among other sources of data collection.
Personally Identifiable Information (PII) Relating to Touches or Chat Functionality
Personally Identifiable Information (PII) includes names, mobile smartphone numbers, email addresses, photos, and anything else that could identify you or the person with whom you exchange touches or communicate using the app’s chat functionality or any other functionality.
PII related to data from touches sent and received through bracelets (“Touch Data”) remains saved within the mobile app on your smartphone until you uninstall the app. The Touch Data is transmitted to Bond Touch’s servers and is used to deliver touches between you and the person that is receiving and sending touches with you. We then pseudonymize the Touch Data to remove its personally identifiable aspects which are then deleted immediately from our servers after a touch is delivered. We keep the pseudonymized Touch Data for our analytics which we may share with third-party processors (see “How We Use Information”).
PII exchanged in connection with the use of the app’s chat functionality (“Chat Data”) will be encrypted. All Chat Data is pseudonymized except that we will know the identity of the sender and recipient of such Chat Data until the recipient receives the Chat Data from the sender. Chat Data is stored by us or our third-party processors for a maximum of three (3) days except for up to ten (10) photos that the user (either a sender or recipient) chooses to save. Any such saved photos will remain stored by us until the user deletes such photos, and any photos deleted by a user will be deleted on the user’s device and will no longer be stored by us. Any photos not saved by a user will be deleted within three (3) days. Text messages cannot be saved by a user and will be deleted within three (3) days.
Other PII Not Collected from Touches or the Chat Functionality or Other Functionality
Cookies and Similar Technologies We Use
Cookies are small data files stored on your browser or device. They may be served by the entity that operates the website you are visiting (“first-party cookies”) or by other companies (“third-party cookies”). For example, we partner with third-party analytics providers which set cookies when you visit our websites. This helps us understand how you are using our Services so that we can improve them.
Pixels are small images on a web page or in an email. Pixels collect information about your browser or device and can set cookies.
Local storage allows data to be stored locally on your browser, mobile smartphone, or other device, and includes HTML5 local storage and browser cache.
SDKs are blocks of code provided by our partners that may be installed in our mobile apps. SDKs help us understand how you interact with our mobile apps and collect certain information about the device and network you use to access the apps.
We and our partners use these technologies on our Services as follows:
Preferences: To help us remember your settings and preferences, like your preferred language or the country you are in, so that we can personalize the Services.
Authentication and Security: To help us maintain the security of your data and the Services.
Service Features and Performance: To provide you with functionality and optimize the performance of the Services.
Analytics and Research: To help us understand how you are using the Services so that we can improve them continuously.
Advertising: To enable our partners to serve ads for our products and services, deliver relevant ads to people who may be interested in them on other services, measure the performance of ads; and opt you out of receiving interest-based ads if you choose.
To change your settings related to cookies and similar technologies, see Section 5(a) “Your Options Relating to Cookies and Similar Technologies”.
3. How we use information
We use the information we collect to provide, improve, and develop our Services..
(a) Providing, improving, and developing services
We deliver the Services, improve them, and research and develop new ones using the information we collect. For example, we use the information to do the following:
provide you with the Services you request;
understand how you and other users interact with the Services;
track usage trends;
provide customer support;
troubleshoot and protect against errors;
perform data analysis and testing;
conduct research and surveys;
personalize the Services;
and develop new features and Services.
(b) Communicating with you
We use your information to send you Service notifications and inform you of new features or products. You can control marketing communications and most Service notifications by changing your account settings or via the “Unsubscribe” link in an email. We also use your information to respond to you when you contact us.
(c) Promoting safety and security
We use the information we collect to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
4. How information is shared
We do not share your information, including your PII, except in the limited circumstances described below.
(a) When you agree or direct us to share
You may direct or authorize us to share your information with others, for example, by choosing to connect to any of your social media accounts or to a third-party app to which you grant access to your account. If you do so, their use of your information will be governed by their privacy policies and terms. You can revoke your consent to share with third-party apps by changing your account settings.
(b) For external processing
We may engage other similar third-party processors or process other types of data from time to time at our discretion to maintain and enhance the quality of the Services.
(c) For legal reasons or to prevent harm
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person.
Touch Data and Chat Data may be monitored for objectionable or illegal content through a BlackBox process in which we will not have access to the substance or content of such Touch Data or Chat Data except for time, location (if a user has enabled location information), properties and details of touches, photos, or text messages that are sent or received. The BlackBox process may involve applicable law enforcement agencies.
We will notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to notifying you include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
We may share non-personal information that is aggregated or pseudonymized so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties to partners under agreement with us.
If we are involved in a merger, acquisition, or sale of assets, we will continue to take measures to protect the confidentiality of personal information and give affected users notice before transferring any personal information to any new entity.
5. How to access or delete your personal information
We provide you with account settings and tools to access and manage the personal information associated with your account. You can also download certain account information, including data about your activities.
We store information associated with your account until your account is deleted. You can delete your account at any time by contacting us at firstname.lastname@example.org. Please note that it may take a bit of time to delete your account information, and we may preserve it for legal reasons or to prevent harm, including as described in Section 4, “How Information Is Shared”.
(a) Your options relating to cookies and similar technologies
Although most browsers and devices accept cookies by default, their settings usually allow you to clear or decline cookies. If you disable cookies, however, some of the features of our Services may not function properly.
To prevent your data from being used by Google Analytics, you can install Google’s opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
For information on how our advertising partners allow you to opt-out of receiving ads based on your web browsing history, please visit http://optout.aboutads.info.
To opt-out of ads on your social media accounts that are targeted to your interests, adjust the settings for these accounts.
Check your mobile device for settings that control ads based on your interactions with the apps on your device. For example, on your iOS device, enable the “Limit Ad Tracking” setting, and on your Android device, enable the “Opt-out of Ads Personalization” setting.
Our websites do not respond to Do Not Track signals because we do not track our users over time and across third-party websites to provide targeted advertising. However, we believe that you should have a choice regarding interest-based ads served by our partners, which is why we outline the options available to you above.
(b) Deletion of inactive accounts
We delete accounts that have been inactive for nine (9) months after the last account activity. All PII of the users of inactive accounts is also deleted.
6. Analytics and advertising services provided by others
(a) Use of visitor action pixels from Facebook
We use the “visitor action pixels” from Facebook, Inc. (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website.
The visitor action pixel is located in a Google container in the header section of our website.
This allows user behavior to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account (if you have one) and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.
The legal basis for the use of this service is Art. 6(1)(f) of the GDPR (defined in Section 9 below). You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.
(b) Use of visitor action pixels from Twitter
We use the “visitor action pixels” from Twitter Inc. (1355 Market Street, Suite 900, San Francisco, CA 94103, USA, www.twitter.com (“Twitter”)), which are used to target existing users and customers to create remarketing campaigns.
The visitor action pixel is located in a Google container in the header section of our website.
Targeting activity can include directly reaching out to users or visitors to our website and campaign pages and/or retargeting previous customer lists. Twitter sets a minimum size limit for a tailored audience to 100 users. If the tailored audience does not match 100 Twitter users, it will display as “audience too small” and will not be available for targeting.
7. Our policies for children and age-related information
We will require all new users are required to submit information regarding their age on our app before being able to set up an account. We may also require existing users who have not submitted their age information to us to do so as a condition of being able to continue use of their accounts and the Services.
We may also request information regarding country of residence from all users to determine the applicable laws relating to consent by a parent or legal guardian for use of the Services. This may be done directly by us (e.g. asking for information regarding your country of residence) or indirectly through other types of information that we typically collect (e.g. country or area codes for telephone numbers).
If a user’s age is below the applicable age of consent, that underage user’s parent or legal guardian must provide us with written consent for the underage user to set up an account and use the Services. We will request additional information to verify the identity of an underage user’s parent or legal guardian, which may include a name, address, phone number, and/or email address. We may contact an underage user’s parent or legal guardian directly by any reasonable means of communication of our choice, including through the app, by email, by text message, or any other means. If an underage user’s parent or legal guardian does not provide such consent, the underage user may not set up an account and may not use the Services.
We rely on accurate and truthful self-reporting by all users and their parents or legal guardians if required. If we learn that we have collected the personal information of an underage user under the relevant minimum age without the written consent of that user’s parent or legal guardian, we will take steps to delete the underage user’s information as soon as possible and we will disable any account associated with such underage user. Parents or legal guardians who believe that their child has set up an account with us and/or used the Services without consent should contact us promptly through the contact information in Section 12.
Notwithstanding any disabling of any child’s account or the deletion of any related information, we reserve the right to retain an archival copy of information related to that account. The retention of an archival copy is for legal reasons and for preventing harm as described in Section 4(c), which may include providing assistance to law enforcement agencies. All such information will be segregated from other information held by us.
8. Information security
We use a combination of technical, administrative, and physical controls to maintain the security of your data. No method of transmitting or storing data is completely secure, however. If you have a security-related concern, please contact email@example.com.
9. European privacy disclosures
If you live in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, or are a citizen, national, or permanent resident of the European Union, please review these additional privacy disclosures under the European Union’s General Data Protection Regulation (“GDPR”).
We recognize the potentially sensitive nature of Touch Data as it may constitute “personal data” in connection with your personal relationships for purposes of Article 9 of the GDPR. The Touch Data is therefore pseudonymized and stored and processed separately from other PII to ensure that it cannot be used to identify you or any person with whom you exchange touches.
(a) Our international operations and data transfers
We are subject to the oversight of the US Federal Trade Commission and remain responsible for personal information that we transfer to others who process it on our behalf as described in Section 4, “How Information Is Shared”. If you have a complaint about our Privacy Shield compliance, please contact us. You can also refer a complaint to our chosen independent dispute resolution body, the International Centre for Dispute Resolution/American Arbitration Association, and in certain circumstances, invoke the Privacy Shield arbitration process. More information is available at http://go.adr.org/privacyshield.html.
(b) Legal bases for processing personal data
For personal data subject to the GDPR, we rely on several legal bases for processing data each of which are described in Section 1.
(c) How to exercise your legal rights under the GDPR
Under the GDPR, you have a general right to object to the use of your information for direct marketing purposes.
If you need further assistance regarding your rights, please contact us per the information in Section 12 and we will consider your request in accordance with applicable laws. You also have a right to lodge a complaint with your local data protection authority under the laws applicable thereto.
10. California privacy disclosures
If you are a California resident, please review the following additional privacy disclosures under the California Consumer Privacy Act (“CCPA”).
(a) How to exercise your legal rights under the CCPA
You have the right to understand how we collect, use, and disclose your PII, to access your PII, to request that we delete certain information, and to not be discriminated against for exercising your privacy rights. You may exercise these rights by reviewing and changing your account settings as described in Section 5, including (i) accessing your PII, (ii) understanding how we collect, use, and disclose your PII, and (iii) deleting your PII.
If you need further assistance regarding your rights, please contact us per the information in Section 12 and we will consider your request in accordance with applicable laws.
(b) Types of information we collect, use, and disclose for business purposes
We collect the types of information listed in Section 2 and in the table in Exhibit A. We receive this information from you, your device, your use of the Services, third parties (including social media accounts linked to your account), and as otherwise described in this policy. We use and disclose these types of information for the business purposes described in Sections 3 and 4.
We never sell our users’ PII. We do work with partners who provide us with advertising services as described in Section 6. Also, please refer to Section 5(a) for your options to control the use of your information regarding cookies and advertising.
12. How to contact us
Bond Touch inc,
101 Jefferson Drive, 1st Floor
You may also chat with us directly at https://www.bond-touch.com/.
Exibit A - Third-party processor
|Third-party processor||Purpose of data processing||Type of data processed|
|Klaviyo||Customer communications, marketing and advertisement||
|DCL Logistics||Logistics for shipping (outside of Europe)||
|Google Firebase Datastore||Real-time database||
|Superset||Analytics on usage||
|TBM Solution||Logistics for shipping (Europe)||