Skip to content

Privacy Policy

Last updated: March 2026

1. Data Controller

Controller within the meaning of the GDPR:

Igor Baum
c/o IP-Management #8358
Ludwig-Erhard-Straße 18
20459 Hamburg, Germany
Email: team@solobond.app

The controller is a private individual (not a registered business entity). A Data Protection Officer (DPO) is not required and has not been appointed. As the controller is based in the European Union, the General Data Protection Regulation (GDPR, EU 2016/679) applies as the primary legal framework.

2. What SoloBond Does

SoloBond is a personal safety app that enables users to perform a daily check-in and designate a trusted contact. If no check-in is received within a defined timeframe, the trusted contact is automatically notified.

We do not use analytics tools, advertising tracking, profiling, or data selling. There are no third-party ad networks or behavioral tracking technologies.

3. What Data We Process

A) User Account Data

  • Push notification token (Apple device token).

B) Check-in Data

  • Timestamps of daily check-ins.
  • Check-in status (to determine escalation alerts).

C) Trusted Contact Data

  • Email address of the designated trusted contact.
  • Randomly generated invite code.

D) Technical Metadata

  • IP address (in server/hosting logs).
  • User agent (browser/device information).
  • Timestamps.

We do NOT collect names, phone numbers, GPS/location data, health data, photos, contacts from your address book, biometric data, or payment information.

4. Purposes and Legal Basis

Provide and operate the service (check-ins, escalation alerts, account management).

Legal basis: Art. 6(1)(b) GDPR — performance of contract.

Escalation notifications to trusted contacts.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in ensuring user safety.

Push notifications.

Legal basis: Art. 6(1)(a) GDPR — consent via device-level permission.

Security and abuse prevention.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in technical stability and security.

5. Service Providers and Safeguards

We use the following service providers and have concluded data processing agreements (DPAs) where required under Art. 28 GDPR:

  • Supabase (EU hosting — Frankfurt region).
  • Netlify (website hosting and backend functions).
  • Resend (transactional email delivery).
  • Apple Push Notification Service (APNs).

Where US-based providers are involved, safeguards such as Standard Contractual Clauses (SCCs) and/or participation in the EU-U.S. Data Privacy Framework (DPF) apply. Despite these safeguards, a residual risk of access by US authorities cannot be fully excluded.

6. Data Sharing

We share data only:

  • With your designated trusted contact (core functionality).
  • With listed service providers.
  • If legally required.

We do not sell or share personal data for advertising purposes.

7. Payments

All payments are processed exclusively via the Apple App Store. SoloBond does not collect or store payment information.

8. Data Retention

Active accounts: Data is stored as long as necessary to provide the service.

Account deletion: Data is deleted from our primary database immediately upon deletion request. Automated backups may retain data for up to 7 days before being overwritten.

Technical logs may be retained by providers for security and operational purposes. Where configurable, we aim to minimize retention periods.

9. Trusted Contact — Consent and Opt-Out

Users confirm that they have obtained the trusted contact's consent before adding their email address.

The trusted contact's email is used solely for safety alerts and initial invitation.

Trusted contacts may unsubscribe via the link in alert emails or contact us directly for deletion.

10. Your Rights (GDPR)

You have the right to access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent.

Requests can be sent to team@solobond.app. We respond within 30 days.

You may lodge a complaint with the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI).

11. Additional Rights by Region

California (USA): We do not sell or share personal information as defined by the CCPA/CPRA.

United Kingdom and Switzerland: Data protection rights equivalent to the GDPR apply.

EEA: The GDPR applies as the primary legal framework.

12. Data Security

We implement appropriate technical and organizational measures including EU-based hosting, encrypted transmission (HTTPS/TLS), and Row Level Security (RLS). However, absolute security cannot be guaranteed.

13. Children

SoloBond is not intended for users under 16. In jurisdictions where a lower threshold applies (e.g., 13 under COPPA), the respective local threshold applies.

14. Cookies and Tracking

The app does not use cookies, tracking pixels, or analytics tools. The website may use strictly necessary cookies only.

15. Changes to This Policy

We may update this Privacy Policy from time to time. The current version is always available at solobond.app/privacy.

16. Contact

Igor Baum
c/o IP-Management #8358
Ludwig-Erhard-Straße 18
20459 Hamburg, Germany
Email: team@solobond.app