Privacy Policy

Last updated: March 31, 2026

Summary (TL;DR)

  • Bond is a couples question game. All your game data (answers, progress) is stored locally on your device — we never upload it to our servers.
  • We use PostHog for analytics and Sentry for error tracking. Both include session replay features that record screen interactions, including text input and screenshots.
  • We use RevenueCat to manage subscriptions and in-app purchases.
  • We never sell your personal data. All third-party processors are listed below.
  • You can delete your data at any time by deleting the app from your device, or request account deletion at notjust.app/bond/delete-account.

1. Introduction

This Privacy Policy explains how NOTJUST.DEV, SL ("Company", "we", "us", or "our"), a company registered in C/ Balmes 129bis 4º 2ª, 08008 Barcelona, Spain, collects, uses, discloses, and protects your information when you use the Couple Questions Game: Bond mobile application ("App").

We are committed to protecting your privacy in accordance with:

  • GDPR — General Data Protection Regulation (EU) 2016/679
  • LOPDGDD — Spanish Organic Law 3/2018 on the Protection of Personal Data
  • CCPA/CPRA — California Consumer Privacy Act and California Privacy Rights Act
  • COPPA — Children's Online Privacy Protection Act
  • ePrivacy Directive — Directive 2002/58/EC on privacy and electronic communications

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Data Controller & DPO

The data controller responsible for your personal data is:

NOTJUST.DEV, SL
C/ Balmes 129bis 4º 2ª, 08008 Barcelona, Spain
NIF: B26785477
Email: support@notjust.app

Data Protection Officer (DPO)
For any privacy-related inquiries or to exercise your data rights, contact our Data Protection Officer at:
Email: support@notjust.app
Please include "DPO" or "Privacy Request" in your subject line.

3. Information We Collect

3.1 Information Stored Locally on Your Device

The following data is stored only on your device and is never transmitted to our servers:

  • Game Progress: Which question packs you have played, which questions you have answered, and your progress within each pack.
  • App Preferences: Settings and preferences you configure within the App.

3.2 Information Collected Automatically

  • Usage & Analytics Data: How you interact with the App, including features used, session duration, screens viewed, actions taken, and paywall interactions. Collected via PostHog, including session replays (see Section 6).
  • Device Information: Device type, operating system version, platform (iOS), unique device identifiers, language settings, and mobile network information.
  • Network Telemetry: Network request metrics captured via PostHog.
  • Purchase Data: Records of in-app purchases and subscription status, processed through RevenueCat, including purchase history, subscription status, and device identifiers.
  • Error & Performance Data: Crash reports, performance diagnostics, and session replays (on error) collected via Sentry. Sentry is configured to send default PII, including device identifiers. User feedback with screenshot capture is enabled.

3.3 Information We Do NOT Collect

  • We do not collect precise geolocation data.
  • We do not collect biometric data.
  • We do not collect your answers to questions in the App — these stay on your device.
  • We do not require account creation, email, or password.
  • We do not access your device's camera, microphone, or contacts.

4. Legal Bases for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

| Processing Activity | Legal Basis | GDPR Article | |---|---|---| | Processing payments and subscriptions | Performance of a contract | Art. 6(1)(b) | | Analytics and App improvement (PostHog) | Legitimate interest | Art. 6(1)(f) | | Session replay recording (PostHog & Sentry) | Legitimate interest | Art. 6(1)(f) | | Error tracking and diagnostics (Sentry) | Legitimate interest | Art. 6(1)(f) | | Fraud prevention and security | Legitimate interest | Art. 6(1)(f) | | Legal compliance | Legal obligation | Art. 6(1)(c) |

Where we rely on legitimate interest, we have conducted a balancing test and determined that our interests do not override your rights and freedoms. You have the right to object to processing based on legitimate interest (see Section 10).

5. How We Use Your Information

We use the information we collect to:

  • Process transactions and manage subscriptions via RevenueCat
  • Monitor App performance and fix errors via Sentry
  • Analyze usage patterns and improve the App via PostHog
  • Record session replays to identify usability issues and bugs
  • Detect, investigate, and prevent fraud and abuse
  • Respond to support requests
  • Comply with legal obligations

6. Session Replay & Screen Recording Disclosure

We use session replay technology in PostHog and Sentry to understand how users interact with the App and to diagnose issues. This means your screen interactions may be recorded.

PostHog Session Replay

  • What is captured: Screen interactions, taps, navigation, and scrolling behavior. Text input is captured (text masking is disabled). Images are captured (image masking is disabled). Network request telemetry is captured.
  • Recording frequency: Screen snapshots are captured approximately every 1 second.
  • Purpose: To analyze user behavior, identify usability issues, and improve the overall App experience.

Sentry Session Replay

  • What is captured: Session replays are recorded for 10% of normal sessions and 100% of sessions where an error occurs. Text is not masked. Images are not masked. User feedback with screenshot capture is enabled.
  • PII in error reports: Sentry is configured to send default personally identifiable information (PII), including device identifiers.
  • Purpose: To diagnose crashes, errors, and performance issues.

Your choices

  • Session replays are captured as part of the App's analytics and error tracking functionality. If you do not wish to have your sessions recorded, you may stop using the App.
  • You can request deletion of your data, including any session replays, by contacting us at support@notjust.app.

7. Data Sharing & Third-Party Processors

We do not sell your personal information. We share data with the following service providers, who process data on our behalf under data processing agreements:

| Processor | Purpose | Data Shared | Location | |---|---|---|---| | PostHog | Analytics & session replay | User behavior, session video, text input, events, network telemetry | US | | Sentry | Error tracking & session replay | Crash reports, device info, device identifiers, session replays, screenshots | US | | RevenueCat | In-app purchase management | Subscription/payment data, device identifiers | US | | Apple | App Store, payments | Apple ID, auth tokens, purchase data | US |

We may also disclose your information:

  • To comply with applicable laws, regulations, or legal processes
  • To protect the rights, property, or safety of our Company, our users, or others
  • In connection with a merger, acquisition, or sale of assets (you will be notified in advance)

8. International Data Transfers

Our Company is established in the EU (Spain), but your data is processed by service providers located in the United States. These transfers are conducted in compliance with the GDPR using one or more of the following safeguards:

  • EU-U.S. Data Privacy Framework (DPF) — where the provider is certified under the DPF
  • Standard Contractual Clauses (SCCs) — approved by the European Commission (Commission Implementing Decision (EU) 2021/914)
  • Your explicit consent to the transfer, where applicable

You may request a copy of the relevant safeguards by contacting us at support@notjust.app.

9. Data Retention

We retain your data for the following periods:

| Data Category | Retention Period | |---|---| | Local app data | Stored on your device until you delete the App. | | Analytics data (PostHog) | Retained for 12 months, then anonymized or deleted. | | Session replays (PostHog) | Retained for 30 days. | | Error logs (Sentry) | Retained for 90 days. | | Session replays (Sentry) | Retained for 90 days. | | Purchase data (RevenueCat) | Retained as long as your subscription is active, then in accordance with RevenueCat's retention policy. |

10. Your Rights (EU/EEA — GDPR)

If you are located in the EU/EEA, you have the following rights under the GDPR:

  • Access (Art. 15) — Request a copy of the personal data we hold about you
  • Rectification (Art. 16) — Request correction of inaccurate or incomplete data
  • Erasure (Art. 17) — Request deletion of your personal data ("right to be forgotten")
  • Restriction (Art. 18) — Request restriction of processing in certain circumstances
  • Data portability (Art. 20) — Receive your data in a structured, commonly used, machine-readable format
  • Object (Art. 21) — Object to processing based on legitimate interests, including session replay recording and analytics
  • Withdraw consent (Art. 7) — Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal
  • Lodge a complaint — File a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es or your local supervisory authority

To exercise any of these rights, contact us at support@notjust.app. We will respond within 30 days (or as required by applicable law). We may request verification of your identity before processing your request.

11. Your Rights (California — CCPA/CPRA)

If you are a California resident, you have the following rights:

  • Right to Know — Know what personal information we collect, use, disclose, and sell (we do not sell your data)
  • Right to Delete — Request deletion of your personal information
  • Right to Correct — Request correction of inaccurate personal information
  • Right to Opt-Out — Opt out of the sale or sharing of personal information (we do not sell or share your data for cross-context behavioral advertising)
  • Non-Discrimination — We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, contact us at support@notjust.app. We will respond within 45 days as required by the CCPA.

Categories of personal information collected (per CCPA Section 1798.100):

  • Identifiers (device IDs)
  • Internet or electronic network activity (usage data, session replays)
  • Commercial information (purchase and subscription history)

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL)
  • Local storage — your game data never leaves your device
  • Access controls and authentication for internal systems
  • Data processing agreements with all third-party processors
  • Regular security assessments

However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority (AEPD) within 72 hours of becoming aware of the breach, as required by GDPR Article 33
  • Notify affected users without undue delay when the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34
  • Document the breach, its effects, and remedial actions taken

14. Children's Privacy

  • We do not knowingly collect personal information from children under 13 (as required by COPPA).
  • We do not knowingly collect personal information from children under 16 without parental consent (as required by GDPR Article 8).

If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at support@notjust.app.

15. Cookie & Tracking Policy

The App does not use browser cookies. However, the App uses the following tracking technologies:

  • PostHog SDK: Collects analytics events, session replays (including text input and images), and network telemetry. A device identifier is used to link sessions.
  • Sentry SDK: Collects error reports, performance data, and session replays. Configured to send PII (device identifiers).
  • RevenueCat SDK: Tracks subscription and purchase events using device identifiers.

These tracking technologies are necessary for the operation and improvement of the App. By using the App, you acknowledge the use of these technologies as described in this policy.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated Privacy Policy in the App
  • Updating the "Last updated" date at the top of this page
  • For material changes affecting your rights, providing in-app notification

We encourage you to review this Privacy Policy periodically. Continued use of the App after changes constitutes acceptance of the updated policy, except where consent is required for specific processing activities.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

NOTJUST.DEV, SL
C/ Balmes 129bis 4º 2ª, 08008 Barcelona, Spain
NIF: B26785477
Email: support@notjust.app

For privacy-specific inquiries, please include "Privacy" or "DPO" in your subject line.