What we know about you.
And what we don't.

Bonded is a product of Aradeva Ltd (“we,” “us,” “our”). We operate the bonded.partners website and the Bonded mobile application. Aradeva Ltd is the data controller for the personal data processed through the Platform.

For any privacy-related questions, contact us at privacy@bonded.partners.

Account data

• Email address— used for authentication (magic links) and essential notifications. This is the only piece of personally identifiable information we require.
• Display name— chosen by you. It does not need to be your real name. Visible to your dynamic partners.
• Timezone— auto-detected from your device, used for scheduling and display. You can change it.
• Partner code— a randomly generated 8-character code used to connect with partners. Regenerable at any time.

Content you create

• Diary entries and reflections
• Evidence submissions (photos, videos, audio, documents, text)
• Chat messages and images
• Rules, tasks, and their completion records
• Limit classifications (your boundary preferences across 170+ activities)
• Chastity session records (lock/unlock times, notes)
• Budget entries and receipts
• Shared files and wishlist items
• Activity log entries (timeline of actions within your dynamics)

Subscription data

• Subscription tier (free, premium, or pro) and validity period
• Payment processing identifiers (we do not store credit card numbers — payment is handled entirely by Stripe or Apple)

Technical data

• Push notification tokens (device identifiers for delivering notifications)
• Notification preferences (which notifications you have enabled or disabled)
• Basic server logs (IP addresses, request timestamps, user agent strings) retained for security and debugging purposes

We acknowledge that some data you store on Bonded may constitute “special category data” under the UK GDPR and EU GDPR. This includes data relating to your sexual preferences, practices, and intimate activities — such as limit classifications, diary entries describing D/s activities, evidence content, and chastity session records.

We process this data on the basis of your explicit consent, which you provide by choosing to create an account and voluntarily entering this information. You can withdraw this consent at any time by deleting the relevant content or deleting your account entirely.

We treat all user content with the same high level of protection regardless of classification, but we are particularly mindful of the sensitivity of this data in our security and access policies.

You use Bonded to store intimate data. We take this seriously. Our approach:

• Minimal collection. We only store data that you actively create. We never ask for information we don't need.
• Per-dynamic encryption. All content in your dynamic is encrypted with a key unique to your dynamic. This includes text content (messages, diary entries, rules, tasks, limit classifications, and notes) and all uploaded files (evidence photos, videos, receipts, and shared documents). Text is encrypted in the database. Files are encrypted with AES-256 before being written to storage — our storage provider only ever receives and stores ciphertext. Keys are held in an isolated vault, separate from the data they protect. Our team cannot access your content. When a dynamic is deleted, the encryption key is destroyed and all associated data becomes permanently unreadable.
• No content viewing. We cannot view, review, or monitor your content — the encryption architecture prevents it. We may be compelled by valid legal process to provide data, in which case the encrypted data and associated keys could be subject to court order.
• Automatic deletion. Evidence uploads (photos, videos, audio, and documents submitted as proof of rule compliance) are automatically removed after the retention period (14 days free, 60 days paid). No manual action needed.
• Database-level isolation. Row-level security policies ensure you can only access data from dynamics you belong to. This is enforced at the database level, not just the application level.
• Private file access. Uploaded files are encrypted at rest and never publicly accessible. Every view requires a temporary signed URL that expires. Even if a URL were intercepted, the file contents are encrypted and unreadable without the dynamic's key.

Bonded is designed so that partners connect without exchanging personal information through the Platform:

• Your email is never visible to other users, including people in your dynamics.
• You can connect with a partner via anonymous partner codes (randomly generated, regenerable at any time) or via email invitation. If invited by email, the email is used solely to deliver the invitation — it is never displayed to your partner inside the Platform.
• Your display name is whatever you choose — a scene name, a title, an initial, or anything else. We do not verify or require real names.
• If you leave a dynamic, you disappear from it. Your former partners cannot contact you through the Platform after you leave.

We use your data for the following purposes:

• Providing the service — storing and displaying your content, managing your dynamics, processing your rules and tasks, delivering chat messages
• Authentication — sending magic links to verify your identity
• Notifications— sending push notifications and email notifications about activity in your dynamics, based on your preferences
• Subscription management — managing your subscription tier and entitlements
• Security and abuse prevention — detecting and preventing fraudulent, abusive, or illegal activity
• Service improvement — understanding aggregate usage patterns (never individual content) to improve the Platform
• Legal compliance — responding to lawful requests from authorities

Our legal bases for processing under GDPR are: your consent (especially for special category data), performance of our contract with you (the Terms of Service), our legitimate interests (security, service improvement), and legal obligations.

We use a small number of third-party services to operate the Platform. Each is listed here with exactly what they access:

Important context: All content in your dynamic (messages, diary entries, rules, tasks, limit classifications, evidence, notes) is encrypted with a key unique to your dynamic before it is stored. Most of the services below never see your decrypted content. Where a service does receive unencrypted data, we note it explicitly.

If we add a new service that receives your data, we will update this policy and notify you before any new sharing begins.

To be explicit:

• We don't sell your data. Not to advertisers, not to data brokers, not to anyone. Ever.
• We don't show you ads. There is no advertising on Bonded and no ad-related tracking.
• We don't train machine learning models on your data. Your content is not used to train, fine-tune, or improve any AI or machine learning system, whether ours or anyone else's.
• We don't view your content. No employee or contractor accesses your diary entries, evidence, chat messages, or files unless we are legally compelled or investigating a specific report of illegal content.
• We don't share data with law enforcement without valid legal process. We will not voluntarily hand over your data. We require a valid court order, warrant, or equivalent legal instrument. We will notify you of any such request unless legally prohibited from doing so.
• We don't profile you. We don't build behavioural profiles, track you across sites, or make automated decisions about you based on your data.

Bonded uses one essential cookie:

• Authentication session — a single httpOnly cookie that keeps you logged in and verifies your session. Set by our authentication provider (Supabase). Expires when you sign out.

We do not set analytics cookies, advertising cookies, or social media tracking pixels. Our product analytics tool (PostHog) runs without cookies on the marketing site. In the authenticated app, PostHog uses localStorage (not cookies) to maintain your identified session. There is no cookie consent banner because there are no optional cookies to consent to.

We also use localStorage to remember your Dom(me)/submissive view preference on feature pages. This never leaves your browser.

We implement appropriate technical and organisational measures to protect your data:

• Per-dynamic encryption: all text content (messages, diary entries, rules, tasks, limit classifications, notes) and all uploaded files (photos, videos, receipts, documents) are encrypted with a key unique to each dynamic. Text is encrypted in the database; files are encrypted with AES-256 before storage. Keys are held in an isolated vault separate from the data
• Encryption in transit (TLS) for all connections between your device and our servers
• Row-level security policies enforced at the database level, ensuring users can only access data from their own dynamics
• Passwordless authentication via magic links, eliminating the risk of password database breaches
• All uploaded files encrypted with AES-256 at rest, accessed only via temporary signed URLs — storage provider never holds readable data
• Biometric app lock (Face ID / Touch ID) on mobile
• Infrastructure hosted on SOC 2 Type 2 certified providers
• No admin backdoor access to user data

No system is completely secure. While we take extensive measures to protect your data, we cannot guarantee absolute security. If we become aware of a security breach affecting your personal data, we will notify you and the relevant supervisory authority in accordance with applicable law.

We retain different types of data for different periods:

When you delete your account, all data is permanently destroyed. There are no soft deletes, no hidden backups, and no grace period. Deletion is irreversible.

Under the UK GDPR, EU GDPR, and other applicable data protection laws, you have the following rights:

• Right of access — you can request a copy of the personal data we hold about you
• Right to rectification — you can correct inaccurate personal data (most data can be edited directly through the Platform)
• Right to erasure — you can delete your account and all associated data at any time through the Platform
• Right to data portability — you can request your data in a structured, commonly-used, machine-readable format
• Right to restrict processing — you can ask us to restrict how we process your data in certain circumstances
• Right to object — you can object to processing based on our legitimate interests
• Right to withdraw consent — where we process data based on your consent, you can withdraw it at any time

To exercise any of these rights, contact us at privacy@bonded.partners. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with a supervisory authority (in the UK, this is the Information Commissioner's Office).

Bonded is strictly for adults aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If we discover that we have collected data from a minor, we will delete their account and all associated data immediately.

If you believe a minor is using the Platform, please contact us immediately at privacy@bonded.partners.

Your data may be processed in countries outside your country of residence. Our primary database is hosted in the United States (us-east-1) via Supabase. Uploaded files are stored on Cloudflare R2 (encrypted at rest, globally distributed). Other third-party service providers (Vercel, Expo, RevenueCat, Stripe, Resend, Buttondown) may also process data in the United States. All sensitive content is encrypted before storage, meaning providers hold only ciphertext regardless of hosting location.

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), adequacy decisions, or the provider's participation in recognised data protection frameworks. You can request details of the specific safeguards by contacting us.

If we introduce AI-assisted or automated features, this policy will be updated to explain what data those features process, how they process it, and what safeguards are in place. We will notify you of any such changes before they take effect.

As stated in Section 8: we will not use your content to train general-purpose AI or machine learning models.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or through a prominent notice on the Platform at least 14 days before the changes take effect.

We will keep a record of previous versions of this policy available upon request.

For any questions about this Privacy Policy or how we handle your data, contact us at privacy@bonded.partners.

For questions about the Terms of Service, contact legal@bonded.partners.