Privacy Policy

Congratulations and thank you for purchasing and using your Bond Touch bracelets to keep in touch with your loved ones. We are honored that you are trusting us with being a part of your close relationships. For Bond Touch bracelets to work, we collect and use information that is important to you. This Privacy Policy explains how we use that information.

Here we describe the privacy practices for our bracelets, other devices, apps, chat and other functionality, software, websites, products, and services (the “Services”). We discuss the data we collect, how we use it, the controls we give you over your information, and the measures we take to keep it safe.

1. Legal Bases for Collecting, Processing, and Using Information

Our legal bases for collecting, processing, and using information from you in connection with the Services are as follows:

(a) Consent

Your purchase, activation, or use of a bracelet, your opening of an account with us, your use of our website, your logging onto or use of our app, or your use of any of our Services, constitutes your legal consent to collection, processing, and use of information by us in accordance with this Privacy Policy under US law, the GDPR, the CCPA, or any other applicable law in your jurisdiction.

Where we rely on consent as a legal basis – including for Presence+ location data and SMS marketing – you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

(b) Necessity

Collection and use of information by us in accordance with this Privacy Policy is necessary for these purposes:

(c) Performance of a Contract (GDPR Art. 6(1)(b))

Processing of account information, saved places, subscription status, and device information is necessary to provide the Services you have contracted for, including the Presence+ feature.

(d) Legitimate Interests (GDPR Art. 6(1)(f))

We may process limited technical and operational data to maintain service security, reliability, fraud prevention, and service improvement, where our interests are not overridden by your data protection rights.

2. Information We Collect

When you use our Services, we collect the following types of information.

(a) Information You Provide Us

Account Information

Some information is required to create an account on our Services and to use such Services, such as your name, mobile telephone number, mobile carrier, password, email address, social media accounts, date of birth, residential address, and photo. The person that will exchange touches, chats, text messages, photos, or any other media or content with you through the bracelets will also create an account on our Services and will provide the same information to us.

Age-Related Information

We collect age-related information for the purpose of complying with applicable laws regarding online access for children and obtaining the consent of a parent or legal guardian. See Section 7 “Our Policies for Children” for full details.

Additional Information

To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information, such as access to your contact list on your mobile device. If you contact us or participate in a survey, contest, or promotion, we collect the information you submit such as your name, contact information, and messages.

If you choose to connect your account on our Services to your account on another service, we may receive information from the other service (e.g., name, profile picture, age range, language, email address, and friend list from Facebook, Twitter, or Instagram).

Payment and Card Information

If you purchase Bond Touch bracelets or other merchandise on our website or an authorized seller’s website, you provide your payment information, including your name, credit or debit card number or PayPal account information, card expiration date, CVV code, and billing address. We store your shipping address to fulfill your order.

(b) Information We Receive from Your Use of Our Services

Bond Touch Device and App Information

Your Bond Touch bracelet and apps, together with your mobile device, collect data on:

Location Information

The Services include features that use location data. For standard Services, location data is collected only to a city-level of granularity, which may be obtained from GPS signals, device sensors, Wi-Fi access points, and cell tower IDs. We may also derive your approximate location from your IP address, phone number, or email address.

For the Presence+ feature, precise location data (latitude and longitude) is collected when location sharing is actively enabled. See Section 2(f) for full details on Presence+ data collection.

Usage Information

When you access or use our Services, we receive usage data including information about your interaction with the Services, such as when you turn on the Bond Touch bracelet, create or log into your account, pair your bracelet, open or interact with the Bond Touch app, log out, or turn off the bracelet.

We also collect data about the devices you use, including bracelet information, IP addresses, browser type, language, operating system, referring web pages, pages visited, location, and cookie information.

Personally Identifiable Information (PII) Relating to Touches or Chat Functionality

PII related to touch data (“Touch Data”) remains saved within the mobile app until you uninstall the app. The Touch Data is transmitted to Bond Touch’s servers to deliver touches, after which it is pseudonymized and personally identifiable aspects are deleted immediately from our servers. We keep the pseudonymized Touch Data for analytics.

Chat Data will be encrypted. All Chat Data is pseudonymized except that we will know the identity of the sender and recipient until the recipient receives the data. Chat Data is stored for a maximum of three (3) days except for up to ten (10) photos a user chooses to save. Text messages cannot be saved by a user and will be deleted within three (3) days.

(c) Cookies and Similar Technologies

Like many online products, we use cookies, pixels, local storage, and software development kits (“SDKs”) to remember things about you so that we can improve our Services. We and our partners use these technologies for:

See Section 5(a) for your options relating to cookies and similar technologies.

(d) Presence+ Feature – Additional Data Collected

This section applies only if you use the Presence+ feature. Sources: GDPR Art. 6(1)(a), (b), (f); CCPA/CPRA §1798.100 et seq.; Bond Touch Presence+ Privacy Supplement (April 2026).

When the Presence+ feature is enabled, we collect and process the following additional categories of information:

Precise Location Data

We collect your device’s precise location, including latitude and longitude, when location sharing is active. This data is based on your explicit consent and is shared only with your paired partner while sharing is enabled.

Saved Places

We store places you create within the app, including associated details such as name, icon, category, and notification preferences.

Presence Sharing Status

We process information indicating whether location sharing is enabled or disabled between you and your partner.

Partner Subscription Status

We process limited information about your partner’s subscription status to determine access to Presence+ functionality.

Device Information

We may process information about your device operating system (e.g., iOS or Android) to support feature functionality.

Arrival Events

We process event-based information when a user arrives at a saved place in order to trigger notifications and related features.

Important limitations of Presence+:

3. How We Use Information

We use the information we collect to provide, improve, and develop our Services.

(a) Providing, Improving, and Developing Services

We deliver the Services, improve them, and research and develop new ones using the information we collect. For example, we use the information to:

(b) Communicating with You

We use your information to send you Service notifications and inform you of new features or products. You can control marketing communications and most Service notifications by changing your account settings or via the “Unsubscribe” link in an email. We also use your information to respond to you when you contact us.

(c) Promoting Safety and Security

We use the information we collect to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.

(d) Inferences

We may draw inferences from any of the information received from you in connection with the Services and this Privacy Policy.

4. How Information Is Shared

We do not share your information, including your PII, except in the limited circumstances described below.

(a) When You Agree or Direct Us to Share

You may direct or authorize us to share your information with others, for example, by choosing to connect to any of your social media accounts or to a third-party app. If you do so, their use of your information will be governed by their privacy policies and terms. You can revoke your consent to share with third-party apps by changing your account settings.

(b) Presence+ – Sharing with Your Paired Partner

When Presence+ is active, your precise location is shared with your paired partner. Likewise, your partner’s location may be shared with you. Each user:

We do not provide access to your partner’s personal data beyond what is displayed within the Presence+ feature. We do not sell or share Presence+ data with third parties for advertising purposes.

(c) For External Processing

A list of processors and the data processed by them is set out in Exhibit A at the end of this Privacy Policy. We may engage additional third-party processors from time to time at our discretion to maintain and enhance the quality of the Services.

(d) For Legal Reasons or to Prevent Harm

We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person.

Touch Data and Chat Data may be monitored for objectionable or illegal content through a BlackBox process in which we will not have access to the substance or content of such data except for time, location (if enabled), properties and details of touches, photos, or text messages. The BlackBox process may involve applicable law enforcement agencies.

We will notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of that period. Exceptions include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury.

We may share non-personal information that is aggregated or pseudonymized so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third-party partners under agreement with us.

If we are involved in a merger, acquisition, or sale of assets, we will continue to take measures to protect the confidentiality of personal information and give affected users notice before transferring any personal information to any new entity.

5. How to Access or Delete Your Personal Information

We provide you with account settings and tools to access and manage the personal information associated with your account. You can also download certain account information, including data about your activities.

We store information associated with your account until your account is deleted. You can delete your account at any time by contacting us at [email protected].

Steps to Delete a Bond Touch Account

Data Retention – General

Upon account deletion, personal data will be deleted or anonymized without undue delay and within 30 days, unless retention is required by law.

We delete accounts that have been inactive for nine (9) months after the last account activity. All PII of the users of inactive accounts is also deleted.

Data Retention – Presence+ Specific

Source: Bond Touch Presence+ Privacy Supplement (April 2026); GDPR Art. 5(1)(e) (storage limitation).

For Presence+ data, we apply the following specific retention periods:

(a) Your Options Relating to Cookies and Similar Technologies

You have a number of options to control or limit how we and our partners use cookies and similar technologies, including for advertising:

Our websites do not respond to Do Not Track signals because we do not track our users over time and across third-party websites to provide targeted advertising.

6. Analytics and Advertising Services Provided by Others

We work with partners that provide us with analytics and advertising services. This includes helping us understand how users interact with the Services, serving ads on our behalf across the internet, and measuring the performance of those ads. These companies may use cookies and similar technologies to collect information about your interactions with the Services and other websites and apps.

(a) Use of Visitor Action Pixels from Facebook

We use the “visitor action pixels” from Facebook Inc. (or Facebook Ireland Ltd. for EU users) on our website. This allows user behavior to be tracked after they have been redirected to our website by clicking on a Facebook ad, enabling us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, but is stored and processed by Facebook, which may link it to your Facebook account. The legal basis is Art. 6(1)(f) GDPR. You may object at: https://www.facebook.com/settings?tab=ads.

(b) Use of Visitor Action Pixels from Twitter

We use the “visitor action pixels” from Twitter Inc. for remarketing campaigns. Twitter sets a minimum size limit for a tailored audience to 100 users. The legal bases are GDPR Art. 6(1)(a) (consent) and Art. 6(1)(f) (legitimate interests). You can opt out at: https://support.twitter.com/articles/20170405.

7. Our Policies for Children and Age-Related Information

We take additional measures to protect children’s privacy. Persons under the age of 13 in the United States, or 16 in the European Union, or the equivalent minimum age in the relevant jurisdiction, are not permitted to create accounts unless a parent or legal guardian has consented in accordance with applicable law and this Privacy Policy.

All new users are required to submit information regarding their age before being able to set up an account. We may also require existing users who have not submitted age information to do so as a condition of continued use.

If a user’s age is below the applicable age of consent, that underage user’s parent or legal guardian must provide us with written consent. We will request additional information to verify their identity. If an underage user’s parent or legal guardian does not provide such consent, the underage user may not set up an account or use the Services.

If we learn that we have collected the personal information of an underage user without parental consent, we will take steps to delete the information as soon as possible and disable any associated account. Parents or legal guardians who believe their child has set up an account without consent should contact us promptly.

8. Information Security

We use a combination of technical, administrative, and physical controls to maintain the security of your data. No method of transmitting or storing data is completely secure, however. If you have a security-related concern, please contact [email protected].

9. European Privacy Disclosures (GDPR)

If you live in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, or are a citizen, national, or permanent resident of the European Union, please review these additional privacy disclosures under the EU’s General Data Protection Regulation (“GDPR”).

Bond Touch is a corporation organized under the laws of the State of Delaware, United States of America, and is a “Controller” for the purposes of GDPR Regulation (EU) 2016/679.

We recognize the potentially sensitive nature of Touch Data as it may constitute “personal data” in connection with your personal relationships for purposes of Article 9 of the GDPR. The Touch Data is therefore pseudonymized and stored and processed separately from other PII to ensure that it cannot be used to identify you or any person with whom you exchange touches.

(a) Presence+ – Legal Bases Under GDPR

Source: Presence+ Privacy Supplement (April 2026); GDPR Art. 6(1)(a), (b), (f).

We process your personal data in connection with Presence+ on the following legal bases:

(b) International Data Transfers

We operate internationally and may transfer information collected within the EEA and Switzerland to the United States for the purposes described in this Privacy Policy. Where required by law, we implement appropriate safeguards, including:

You may request further information about the safeguards we apply by contacting us at [email protected].

(c) Legal Bases for Processing Personal Data

For personal data subject to the GDPR, we rely on the legal bases described in Section 1 of this Privacy Policy (Consent, Necessity/Performance of a Contract, and Legitimate Interests).

(d) Your Rights Under the GDPR

Under the GDPR, you have the following rights:

To exercise these rights, contact us at [email protected]. You also have the right to lodge a complaint with your local data protection authority (e.g., the CNPD in Portugal, or the ICO in the United Kingdom).

As of the date of this Privacy Policy, we do not have a Data Protection Officer for purposes of Article 37 GDPR, as we do not conduct regular and systematic monitoring of users on a large scale or process special categories of PII on a large scale.

10. California Privacy Disclosures (CCPA/CPRA)

If you are a California resident, please review the following additional privacy disclosures under the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”).

(a) Your Rights Under the CCPA/CPRA

As a California resident, you have the right to:

We do not sell or share personal data for advertising purposes. You may exercise these rights by reviewing and changing your account settings as described in Section 5, or by contacting us at [email protected].

(b) Presence+ – Sensitive Personal Information (CPRA)

Source: CPRA §1798.121; Presence+ Privacy Supplement (April 2026).

Under the CPRA, precise geolocation data is classified as “sensitive personal information.” For Presence+, you have the right to limit our use of your precise location to the purposes for which it is collected (i.e., enabling location sharing with your paired partner). We do not use your precise location data for any purpose beyond providing the Presence+ feature. You may disable Presence+ location sharing at any time within the app.

(c) Types of Information We Collect, Use, and Disclose for Business Purposes

We collect the types of information listed in Section 2 and in Exhibit A. We receive this information from you, your device, your use of the Services, third parties (including social media accounts linked to your account), and as otherwise described in this Privacy Policy. We use and disclose these types of information for the business purposes described in Sections 3 and 4.

11. SMS Marketing and Compliance

Bond Touch is committed to adhering to all legal and regulatory guidelines associated with SMS marketing, as mandated by the Telephone Consumer Protection Act (TCPA).

(a) Consent

We require explicit written consent from users before engaging in SMS marketing. Consent can be obtained through our website or mobile application where users can opt in to receive SMS communications from us.

(b) Disclosure

Upon obtaining consent, we will provide a clear disclosure regarding the nature and scope of the SMS communications users will receive. This includes, but is not limited to, the frequency of messages and the type of content to be shared.

(c) Opt-Out

Users have the right to opt out of SMS communications at any time. An opt-out option will be included in every SMS communication sent. Users can also opt out by contacting our customer support.

(d) Reporting and Revocation

Users have the right to report any violations or revoke consent at any time. Any concerns or reports regarding our SMS communications can be directed to our customer support.

(e) Penalties for Non-Compliance

Non-compliance with TCPA regulations can result in significant penalties, including fines and legal actions. Bond Touch is committed to strict adherence to these regulations to ensure the privacy and satisfaction of our users.

12. Changes to This Privacy Policy

We will notify you before we make material changes to this Privacy Policy and give you an opportunity to review the revised Privacy Policy before deciding if you would like to continue to use the Services.

13. How to Contact Us

If you have questions about this Privacy Policy, or about our use of your information, please contact us at:

Bond Touch Inc.

4223 Glencoe Ave, Ste C215-519

Marina del Rey, CA 90292-8800 USA

Email (general): [email protected]

Email (privacy): [email protected]

Website: https://www.bond-touch.com/

For a full and current list of processors, including those supporting the Presence+ feature, please contact [email protected].

PRESENCE+ PRIVACY SUPPLEMENT

Supplementary Privacy Notice – Effective April 5, 2026

This Presence+ Privacy Supplement (“Supplement”) forms part of the Bond Touch Privacy Policy and provides additional detail about how we collect, use, and protect personal data when you use the Presence+ feature. In the event of any conflict between this Supplement and the main Privacy Policy, this Supplement prevails in respect of Presence+ data processing.

P1. What Is Presence+?

Presence+ is an optional feature that allows you and your paired partner to share your real-time precise location with each other through the Bond Touch app. Location sharing is entirely voluntary and controlled by each user independently.

P2. Data We Collect via Presence+

Precise Location Data

We collect your device’s precise location (latitude and longitude) when location sharing is active. This data is shared in real time with your paired partner only. We do not store precise location data beyond an active sharing session, except as temporarily required for feature functionality.

Saved Places

We store places you create within the app, including name, icon, category, and notification preferences. Saved places are retained until deleted by the user or upon account deletion.

Presence Sharing Status

We process information indicating whether location sharing is enabled or disabled between you and your partner.

Partner Subscription Status

We process limited information about your partner’s subscription status to determine access to Presence+ functionality.

Device Operating System

We may process information about your device operating system (iOS or Android) to support feature functionality.

Arrival Events

We process event-based information when you arrive at a saved place, in order to trigger notifications and related features. Arrival event data is retained for a limited period to support notifications and service reliability.

P3. How We Use Presence+ Data

We use Presence+ data exclusively to:

We do not use Presence+ location data for advertising, profiling beyond service provision, or any purpose unrelated to operating the feature.

P4. Legal Bases for Processing Presence+ Data

EU/EEA Users – GDPR

We rely on the following legal bases under GDPR:

California Residents – CCPA/CPRA

Precise geolocation data is classified as “sensitive personal information” under the CPRA. You have the right to limit our use of this data. We use your precise location only to provide the Presence+ feature and do not sell, share, or use it for any other purpose. You may disable location sharing at any time.

P5. Sharing of Presence+ Data

Presence+ location data is shared only with your paired partner while location sharing is active. We do not:

P6. Location Sharing Controls

Location sharing through Presence+ is subject to the following conditions:

Each user controls their own location sharing independently and must actively enable sharing. You may disable Presence+ entirely at any time within the app.

P7. Data Retention – Presence+

We apply the following retention periods to Presence+ data:

Upon account deletion, all Presence+ personal data will be deleted or anonymized without undue delay and within 30 days, unless retention is required by law.

P8. International Data Transfers

Your Presence+ personal data may be transferred to and processed in countries outside your country of residence, including the United States. Where required by law, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) or transfers to countries with adequacy decisions. You may request further information by contacting [email protected].

P9. Your Rights Relating to Presence+ Data

EEA Users

You have the right to access, correct, delete, restrict processing, request portability, and object to processing of your Presence+ data. You may also withdraw consent to location sharing at any time by disabling it in the app. Contact: [email protected]. You may also lodge a complaint with your local supervisory authority (e.g., CNPD in Portugal).

California Residents

You have the right to know, access, correct, delete, and limit use of your precise location (sensitive personal information). We do not sell or share Presence+ data for advertising purposes. Requests: [email protected]. We will not discriminate against you for exercising your rights.

P10. Data Controller

The entity responsible for processing your personal data in connection with Presence+ is:

Bond Touch Inc.

4223 Glencoe Ave, Suite C215-519

Marina Del Rey, CA 90292

Email: [email protected]

Bond Touch Inc. · [email protected] · [email protected]

Exhibit A – Third-Party Processors

The following is a list of third-party processors and the categories of data processed by them as of the effective date of this Privacy Policy. Bond Touch may update this list from time to time. This list is intended to be read together with the main body of this Privacy Policy.