Privacy Policy
Effective Date: June 2026
This Privacy Policy explains how Bondigo ("we", "us", "our") collects, uses, stores, and protects personal data when you use the Bondigo mobile application and related online services. Bondigo is currently operated privately during its development phase by Nico Schertler, Dorfstrasse 19, 9306 Freidorf, Switzerland (the "controller" within the meaning of Art. 4(7) GDPR and the Swiss Federal Act on Data Protection, FADP/revDSG).
For any privacy-related question or to exercise your rights, contact info@bondigo.ai.
1. Information We Collect
a) Information You Provide
- Account Data: Name, email address, password or login credentials, optional phone number, and optional personal notes.
- Contact Information: Data synced from your device’s address book, including names, phone numbers, email addresses, birthdays, addresses, company details, and tags you add.
- Notes & Voice Memos: Text notes, summaries, and audio recordings created by you. Notes and audio may be processed by AI solely to transcribe them and generate summaries.
- Early-access & contact forms: Email address and, for spam protection, technical signals required by the CAPTCHA service (see section 3).
b) Information Collected Automatically
- Device type, operating system, and app version.
- Usage logs and interactions within the app.
- Aggregated, privacy-friendly product and performance analytics (see section 5).
c) Information Collected Automatically on Sign-up Forms
When you submit an early-access or contact form, we receive your IP address, browser/user-agent and approximate region together with the form data, so that we can deliver the service and protect it from abuse.
2. How We Use Your Information & Legal Bases
We process personal data for the following purposes and on the following legal bases (Art. 6(1) GDPR; the corresponding provisions of the Swiss FADP apply in parallel):
- Providing the service — creating and operating your account, syncing, storing and organizing your contacts and notes: performance of a contract, Art. 6(1)(b).
- AI transcription & summaries — transcribing voice memos and generating summaries from content you choose to process: performance of a contract, Art. 6(1)(b), and, where you actively enable AI processing of specific content, your consent, Art. 6(1)(a) (withdrawable at any time).
- Payments & subscriptions — processing purchases and keeping invoices: performance of a contract Art. 6(1)(b) and compliance with legal (tax/accounting) obligations Art. 6(1)(c).
- Security & abuse prevention — CAPTCHA, logging, fraud and spam prevention: our legitimate interests, Art. 6(1)(f).
- Product & performance analytics — understanding aggregate usage to improve the service: our legitimate interests, Art. 6(1)(f) (see section 5).
- Essential communication — service, security and account updates: performance of a contract Art. 6(1)(b) / legitimate interests Art. 6(1)(f).
- Legal compliance — meeting our legal obligations: Art. 6(1)(c).
3. Service Providers & International Transfers
We do not sell personal data. We use the following processors/service providers, each only to the extent necessary and bound by a data processing agreement:
- OpenAI (USA) — AI summarization of notes and transcripts. Content is not used to train models.
- Deepgram (USA) — speech-to-text transcription of voice memos.
- Stripe (USA/EU) — payment and subscription processing. We never receive your full card details.
- Cloudflare Turnstile — CAPTCHA / bot protection on our sign-up forms; receives the technical signals needed to verify the challenge.
- Vercel (USA/EU) — hosting of this website and privacy-friendly web analytics (see section 5).
Where a provider processes data outside the EU/EEA or Switzerland (e.g. in the USA), the transfer is safeguarded by the EU Standard Contractual Clauses and/or the provider’s certification under the EU–U.S. / Swiss–U.S. Data Privacy Framework, providing an adequate level of protection under Art. 44 ff. GDPR.
We also share data where required to comply with a legal obligation, or where necessary to protect the integrity of the service or prevent misuse.
4. Data Storage & Security
Application data is stored on secure, access-controlled servers located in Germany (European Union), with encryption in transit (TLS). We apply strict access controls and modern security standards to protect your information. Some processors named in section 3 may process data in other locations under the safeguards described there.
5. Web Analytics
Our website uses Vercel Web Analytics, a privacy-friendly, cookieless analytics service. It collects aggregated usage statistics (such as page views and referrers) and does not set cookies or build cross-site profiles. The legal basis is our legitimate interest in understanding and improving site usage (Art. 6(1)(f) GDPR). Data may be processed by Vercel under the safeguards described in section 3.
6. Your Rights
Subject to applicable law (GDPR and Swiss FADP), you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate information
- Request deletion of your data
- Request export (data portability)
- Restrict or object to processing based on legitimate interests
- Withdraw consent for AI-based processing at any time, without affecting prior processing
To exercise any of these rights, contact info@bondigo.ai. You also have the right to lodge a complaint with a supervisory authority — in Switzerland the Federal Data Protection and Information Commissioner (FDPIC/EDÖB), and within the EU the data protection authority of your country of residence.
7. Data Retention
- Account, contacts & notes: kept while your account is active. After deletion they are removed from production within 30 days and purged from backups within 90 days.
- Billing & invoice data: retained for the period required by applicable tax and accounting law (generally up to 10 years).
- Logs & analytics: kept only for a short period in aggregated or pseudonymized form.
You may delete your account and associated data at any time — see our account deletion page.
8. Swiss Data Protection (FADP / revDSG)
As the controller is based in Switzerland, the revised Swiss Federal Act on Data Protection (revDSG) applies in addition to the GDPR where relevant. The rights and safeguards described above apply equally under Swiss law, and the competent Swiss supervisory authority is the FDPIC/EDÖB (www.edoeb.admin.ch).
9. Children’s Privacy
Bondigo is not intended for users under 16 years old. We do not knowingly collect data from minors.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be published on this page with an updated effective date.
11. Contact
For privacy-related questions, contact:
Nico Schertler — Bondigo
Email: info@bondigo.ai
