Legal

Privacy Policy

Last updated: May 25, 2026

This Privacy Policy explains what information our mobile applications (each, an “App”) collect, how that information is used, and the choices you have about it. It applies to every iOS application published by Zhi Yao Tan (“we”, “us”, or “our”), including but not limited to Bondify. By downloading or using an App, you agree to this Privacy Policy.

The short version. We do not ask you to create a named account. We do not sell your data. We do not track you across other companies’ apps or websites. We use a random per-install identifier so your in-app activity (such as favorites and history) stays with you, and you can delete everything from inside the App at any time.

1. Who we are

Each App is published by Zhi Yao Tan, an independent developer. You can reach us at kelvin.vins@gmail.com for any privacy-related question.

2. Information we collect

2.1 Anonymous installation identifier

When you first launch an App, we generate a random UUID and store it in your device’s Keychain. This identifier is used solely to associate in-app activity (e.g. favorites, history, subscription status) with your install. It is not your real name, email, phone number, or Apple ID, and we do not link it to any external identifier.

2.2 In-app activity

Depending on which App you use, we may store the following on our servers (Google Cloud Firestore) under that anonymous identifier:

Cards, questions, or items you mark as favorites.
Recently viewed cards or content (history).
Content you create inside the App (for example, custom decks and notes).
Session reflections or recap entries you choose to save.
Free-trial / opt-in unlock entitlements and their expiry.
Anonymous, aggregate feedback you submit (e.g. thumbs up / thumbs down on a card).
Preference flags (such as theme choice or accessibility settings) that are stored locally on your device.

2.3 Diagnostic and performance data

We use Google Firebase (Crashlytics, Performance Monitoring, Analytics) to record crashes, errors, and aggregate usage information. This may include your device model, iOS version, app version, language, country, time zone, and the in-app screens you visited. We use this only to fix bugs and improve the App. It is not used to advertise to you.

2.4 Purchase information

If you purchase a subscription or other in-app purchase, payment is processed by Apple. We receive a receipt from Apple (via Adapty Inc., our subscription management provider) confirming that an active entitlement exists for your install. We never receive your credit card or full Apple ID.

2.5 Advertising data (only in Apps that show ads)

Some Apps may display optional rewarded video ads from Google AdMob. Before any ad is requested we present Google’s User Messaging Platform (UMP) consent form when required by law (e.g. in the EEA / UK). If you decline personalised ads, AdMob will serve only non-personalised ads. We do not request App Tracking Transparency permission and we do not access your Advertising Identifier (IDFA) for tracking.

2.6 Notifications

If you grant permission, an App may send local notifications (for example, a daily reminder). Notifications are scheduled and delivered by your device; they do not require us to know who you are.

2.7 SharePlay (only in Apps that support it)

If you start a SharePlay session, your device exchanges a small amount of session state (such as which card is currently visible) directly with the other participants’ devices through Apple’s GroupActivities framework. We do not see or store the contents of those messages.

3. What we do not collect

We do not ask for your name, email address, phone number, postal address, or date of birth.
We do not access your location, contacts, photos, microphone, camera, or health data.
We do not sell your personal information.
We do not track you across other companies’ apps and websites.

4. How we use your information

To provide the core functionality of each App (e.g. saving favorites so they appear next time you open the App).
To deliver and verify in-app purchases and subscriptions.
To diagnose crashes and improve stability and performance.
To understand, in aggregate, which features are used most often.
To comply with applicable laws and respond to lawful requests.

5. Service providers we share data with

We use the following third parties as data processors. Their handling of data is governed by their own privacy policies, which we encourage you to review:

Google Firebase (Firestore, Authentication, Analytics, Crashlytics, Performance, Storage) – firebase.google.com/support/privacy.
Google AdMob & User Messaging Platform (only in Apps that show ads) – policies.google.com/privacy.
Adapty Inc. (subscription receipt validation and entitlement management) – adapty.io/privacy.
Apple Inc. (StoreKit payment processing, SharePlay) – apple.com/legal/privacy.

We do not share your data with any third party for their own independent marketing purposes.

6. International transfers

Our service providers may process data on servers located outside your country of residence, including in the United States. Where required by law, we and our service providers use Standard Contractual Clauses or equivalent safeguards to protect your information.

7. Data retention

We keep in-app activity for as long as your install exists. Diagnostic and crash data are retained for the periods specified by Firebase (typically up to 90 days for performance traces and up to 90 days for crash-free user metrics; aggregate analytics may be retained for up to 14 months).

8. Your choices and rights

Delete your data. Every App offers an in-app “Delete account & data” option (typically under Settings → Account). Selecting it permanently removes your anonymous identifier, all server-side records associated with it, and any locally stored data.
Decline notifications. You can deny notification permission when prompted, or revoke it later in iOS Settings → Notifications.
Decline personalised ads. Where applicable, the UMP consent dialog lets you opt out of personalised ads at any time.
Cancel a subscription. Subscriptions are managed by Apple in iOS Settings → [your name] → Subscriptions.
Access and correction. Because we do not hold personal data tied to your real identity, we generally cannot identify you outside the App. You may, however, contact us at kelvin.vins@gmail.com and we will do our best to help you exercise any rights granted to you by applicable law (such as the GDPR, UK GDPR, CCPA, or PDPA).

9. Children

Our Apps are not directed at children under the age of 13 (or under the age of digital consent in your jurisdiction, where higher). We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us so we can delete it.

10. Security

We use industry-standard safeguards (encryption in transit via HTTPS, Firestore security rules, and Apple Keychain protection for identifiers). No method of transmission or storage over the Internet is 100% secure, and we cannot guarantee absolute security.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Material changes will be highlighted in the App or otherwise prominently communicated.

12. Contact us

Questions, comments, or requests about this policy can be sent to kelvin.vins@gmail.com.