Privacy

We, Bonibo GmbH, Eggenacherstrasse 16, 4663 Aarburg, Switzerland, operate the Bonibo app and the website bonibo.ch and are the provider of the products and services offered through them. Bonibo is aimed both at private users (B2C) and at business users, locations, event organisers and other business partners (B2B). We are therefore the controller responsible for collecting, using and processing your personal data.

Below we explain whether, how and for which purposes we process your data. This privacy policy applies to the use of the Bonibo app, the Bonibo website, the related platform functions and the business relationship with business users, locations, event organisers and other business partners.

Bonibo is generally intended for persons aged 18 and over. The date of birth is collected during registration. If we determine that a person under 18 is using Bonibo, we may block or delete the relevant account.

Bonibo is initially aimed at the Swiss market. Technical access to, or use of, the app outside Switzerland cannot be excluded, but this does not constitute targeted offering to users in the EU. Active expansion into markets outside Switzerland, in particular the EU, may take place at a later date. Where the General Data Protection Regulation of the European Union (GDPR) applies, we also comply with its requirements in addition to the Swiss Data Protection Act (FADP).

Data processing, storage and deletion

We process only personal data that we collect directly via our website, the Bonibo app, the related applications, external platforms, so-called landing pages, or within the scope of the business relationship with our users, customers, business users, locations and other business partners. Processing takes place only where explicit consent or another legal basis exists, for example for contract performance, compliance with legal obligations, protection of our legitimate interests, or provision and security of our platform.

Within the scope of consent given by you, we process your data only within the limits of that consent, unless another legal basis applies. We expressly point out that you may withdraw your consent at any time; processing that has already lawfully taken place is not affected by the withdrawal.

The following legal bases may apply in particular:

• consent of the data subject;
• performance of a contract with the data subject as a contracting party or necessary pre-contractual measures at the request of the data subject;
• fulfilment of necessary legal obligations of our company;
• performance or exercise of a task in the public interest, where applicable;
• legitimate interests of our company, provided that the interests or fundamental rights of the data subject do not override them.

We delete personal data as soon as the purpose for which it was collected has been fulfilled and there is no need for further storage. In certain cases, however, we are legally obliged to store data for a longer period. This particularly concerns provisions of Swiss or European legislation in areas such as contract and tax law and commercial accounting. Business documents, contracts and booking records, for example, generally have to be retained for a period of 10 years. Personal data stored solely for legal reasons and no longer required for the provision of our services is blocked where possible and used only for legally prescribed purposes, in particular accounting, taxes, evidence and legal enforcement.

Verification documents from business users and locations, such as commercial register excerpts, tax or VAT documents, rental agreements, utility bills, operating licences, photos, screenshots or comparable evidence, are generally deleted 90 days after successful verification, unless legal obligations, suspicion of misuse, disputes or legitimate interests require longer storage. In particular, the verification status, verified location, date of the check, type of evidence checked and internal review notes may continue to be stored.

Backups are generally stored for 30 days unless longer storage is required due to security incidents, technical problems, legal obligations or legitimate interests. Log files and technical security data are stored for as long as necessary for security, error analysis, operation, prevention of misuse or legal traceability.

Categories of data processed in connection with Bonibo

When Bonibo is used, the following categories of data in particular may be processed:

• account and registration data, in particular username, email address, telephone number, date of birth, login data, authentication data, verification status, time of registration and information about the device used;
• profile information, in particular place of residence, occupation, languages, favourite food, favourite drink, least favourite food, relationship status, interests, hobbies, prompts, personal answers, freely chosen description, profile pictures, further pictures and group activities;
• location data, in particular GPS location data where permission has been granted and manually entered locations. Bonibo stores the last location where this is required for app functions;
• user content, in particular profile pictures, group pictures, event pictures, texts, descriptions, prompts, chat messages and other user-generated content;
• group, event and community data, in particular group memberships, group requests, invitations, approval status, event participation, event interests, interactions with groups, events and locations and uploaded images;
• chat data, in particular the content of chat messages, sender and recipient, times, group membership and technical metadata of the communication;
• data of business users and locations, in particular names and contact details of contact persons, company name, address, location information, event information, subscription information, billing data, payment status and verification documents;
• communication data, in particular name, email address, telephone number, subject, message, time of contact and communication history;
• technical data and log files, in particular IP address, date and time of access, device type, operating system, app version, browser type and browser version, internet service provider, referrer URL, log data, error messages, security events and usage data.

Users are themselves responsible for the content they create, upload or share. To the extent permitted by law, Bonibo assumes no responsibility for the legality, accuracy or appropriateness of user-generated content. It is not permitted to distribute unlawful, offensive, discriminatory, harassing, violence-glorifying, sexually impermissible, fraudulent or otherwise impermissible content through Bonibo. Users should not publish or send particularly sensitive data through Bonibo, in particular health data, identity documents, bank details, confidential access data, intimate information or other especially protected information.

Visibility of profiles, groups, events and chats

Bonibo is a social platform. Certain content may therefore be visible to other persons. Profiles are visible only to logged-in Bonibo users. Within the logged-in user base, profiles can generally be viewed by other users.

Groups are publicly visible. Joining a group is possible only if a membership request is approved or if an invitation is sent by a befriended person. Non-members can see group information and group pictures. However, they cannot see the internal chats or member lists of the group.

Events are publicly visible. They may be seen by users and, depending on the technical implementation, also by persons who are not logged in.

Chats are not publicly visible. They are intended for the participating users or group members. Chats are stored. Transmission is transport-encrypted, in particular via HTTPS/WSS, where technically provided. However, chats are not end-to-end encrypted.

Access to chat content is possible only through the admin portal and only by authorised persons. Currently, these are exclusively the co-founders. Access takes place only with an individual admin login and two-factor authentication. Chat content is accessed only where there is a legitimate reason, in particular reports, security incidents, suspicion of misuse, breach of our rules or legal obligations. Technical logging of such access is planned.

Chat messages may remain visible to other chat participants even if a user deletes their own account. Group chats are deleted when the last participant leaves the group, unless legal obligations, security reasons or legitimate interests prevent deletion. Group pictures and event pictures uploaded by a user are deleted when that user’s account is deleted, where technically possible and unless legal obligations or legitimate interests prevent this.

Disclosure to third parties

As part of order processing and the provision of our services, the use of third-party services may be necessary. It may therefore be necessary to disclose data to external service providers for contractual service provision, authentication, payment processing, hosting, sending messages, analysis, advertising, moderation or security. The legal bases for this disclosure correspond to those of lawful processing and are explained in more detail in this privacy policy.

We ensure through contractual agreements, where required, that third parties entrusted with data processing comply with data protection regulations. In certain cases, we may also be obliged by official or court orders to disclose data to government agencies or third parties.

Personal data may in particular be disclosed to the following categories of recipients: hosting providers, cloud and storage providers, database and backup service providers, payment service providers, authentication service providers, email and SMS service providers, push-notification service providers, analytics and advertising service providers, AI moderation service providers, IT and security service providers, accounting, tax advisors, legal advisors, authorities, courts or other public bodies, where required by law.

Provision of our services and creation of log files

Our system automatically collects and stores information in so-called log files as soon as you use our website, app or related services. This includes in particular the following information:

• browser type and version;
• operating system;
• IP address;
• internet service provider;
• date and time;
• device type;
• app version;
• referrer URL;
• technical error messages and security events.

The above data is not combined with other personal data without a reason. The collection and storage of this data in log files is based on our company’s legitimate interests, in particular ensuring the functionality and security of our services, error analysis, prevention of misuse and optimisation of our offerings.

The collection and storage of technical data and log files is necessary for the secure operation of our website, app and platform functions; it is therefore not possible to object fully to this process insofar as the data is technically required for operation.

Cookies, tracking, SDKs and other technologies

We use cookies, software development kits (SDKs) and comparable technologies on our website, in the app and in related services. These technologies are used in particular for technical provision, login, security, error analysis, usage analysis, performance measurement, personalised and non-personalised advertising, consent management, push notifications and fraud prevention.

You have control over the use of certain cookies and comparable technologies. By adjusting your browser, app or device settings, you can deactivate or restrict the transmission and use of certain technologies and delete data that has already been stored. Please note, however, that deactivation may restrict the functionality of our services.

Where required by law, we obtain consent before using certain cookies, SDKs or tracking technologies. This applies in particular to analytics and marketing technologies and to personalised advertising. In the app, we use in particular the AdMob consent dialog provided by Google. Users can decide when first starting the app and later in the settings whether they want to allow or reject personalised advertising. If personalised advertising is rejected, non-personalised advertising is displayed according to Google AdMob’s standard behaviour, insofar as advertising continues to be shown.

Tools, applications and other technologies used

The following services and technologies are used in connection with Bonibo:

IONOS Hosting

We use IONOS to host our website, app and platform services. According to the current status, the server location is Germany. Within the scope of hosting, technical data, log files, database content and other information required for operation may be processed. The use serves the provision, security, maintenance and technical further development of our services. The legal basis is contract performance and/or our legitimate interest in the secure and stable operation of the platform.

Further information: IONOS Privacy Policy | IONOS DPA / commissioned processing

PostgreSQL and blob storage

Bonibo’s database is based on PostgreSQL and is located on the same server as the other technical services. For images, verification documents of business users and database backups, we use blob storage, also located in Germany. In blob storage, profile pictures, group pictures, event pictures, location pictures, verification documents, database backups and other files required for operating the platform may in particular be stored. Backups are generally stored for 30 days.

Further information: IONOS Privacy Policy | IONOS DPA / commissioned processing

Firebase and Firebase Authentication

We use Firebase and Firebase Authentication from Google for technical app functionalities, authentication, login, user management and verification. Registration and login may take place via Apple, Google, email or SMS. In this context, email address, telephone number, authentication data, login information, device information and technical usage data may in particular be processed. The provider within Europe is generally Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data may also be transferred to third countries, in particular the USA. The basis for this is appropriate safeguards such as standard contractual clauses.

Further information: Firebase Privacy and Security | Firebase Data Processing and Security Terms | Google Privacy Policy

Apple Login and Google Login

Bonibo allows login via Apple Login and Google Login. If users use these services, personal data may be processed by Apple or Google and transmitted to Bonibo. This may include in particular name, email address, unique user ID and authentication information. Apple’s and Google’s own privacy policies also apply to processing by Apple and Google.

Further information: Sign in with Apple & Privacy | Apple Privacy Policy | Google Privacy Policy

Firebase Cloud Messaging

We use Firebase Cloud Messaging for push notifications. Push notifications may be used in particular for group requests, invitations, chat messages, event information, security messages, account changes and community or platform information. Push notifications are sent only if the corresponding permissions have been granted. These can be disabled through the device settings.

Further information: Firebase Privacy and Security | Firebase Data Processing and Security Terms

Google Analytics

We use Google Analytics to analyse the use of our website and app. Google Analytics may collect information about the use of our services, in particular technical data, usage data, device information and interactions. The use of Google Analytics is based on consent where required. Otherwise, we have a legitimate interest in analysing and improving our services. The provider within Europe is Google Ireland Limited. Data may also be transferred to third countries, in particular the USA. The basis for this is appropriate safeguards such as standard contractual clauses.

Further information: Google Privacy Policy | Google Analytics Terms of Service | Google Analytics Data Processing Terms

Google AdMob

We use Google AdMob to display advertising in the app. AdMob may process personal data and device information, in particular the advertising ID of the device, IP address, app interactions, device information, approximate location information, information about ad impressions, clicks and interactions, consent status and, where applicable, interest-based information for personalised advertising. When the app is first started, the AdMob consent dialog provided by Google appears. The selection can later be changed in the app settings. If personalised advertising is rejected, non-personalised advertising is displayed according to Google AdMob’s standard behaviour, insofar as advertising continues to be shown.

Further information: Google Privacy Policy | Google AdMob EU User Consent Policy | Google EU User Consent Policy

Stripe

We use Stripe for paid B2B subscriptions. Business users can take out subscriptions for one month or one year. Cancellation is possible until the end of the respective subscription. Stripe processes personal data for payment processing, fraud prevention, regulatory checks, subscription management and invoicing. This may include in particular name, email address, billing address, company data, payment information, transaction data, IP address and technical data. Bonibo generally does not receive complete credit-card data. This is processed directly by Stripe.

Further information: Stripe Privacy Policy | Stripe Data Processing Agreement

OpenAI API

We use OpenAI via an API for automated moderation of texts and images. Newly created content may be automatically transmitted to OpenAI and analysed there. This concerns in particular profile texts, group descriptions, event descriptions, images, chat messages and other user-generated content. Moderation serves to detect, review and, where necessary, take measures against unlawful, offensive, discriminatory, harassing, violence-glorifying, sexually impermissible, fraudulent or otherwise impermissible content. According to the current status, Bonibo does not permanently store moderation results unless this is necessary in an individual case for security, misuse prevention, enforcement of our rules or legal traceability. We take appropriate contractual, technical and organisational measures to structure processing via OpenAI in compliance with data protection law.

Further information: OpenAI Privacy Policy | OpenAI Data Processing Addendum | OpenAI Enterprise Privacy

Contact form

Our website has a contact form. Name, email address, telephone number, subject and message may be transmitted and processed. The information sent to us is used to handle your request, contact you and document the communication. By sending the request, you consent to the described data processing unless another legal basis exists. You may withdraw consent at any time; processing already carried out is not affected by the withdrawal.

Newsletter, planned

A newsletter is not currently active but may be introduced in the future. The specific newsletter tool has not yet been determined. If we offer a newsletter, it will generally be sent only with consent. For the newsletter, email address, name, interests, language, registration date, consent status and opening and click data may in particular be processed. Each newsletter email contains an unsubscribe option. Withdrawal of consent applies for the future.

Third-party links

Our app or website may contain links to external websites, platforms or third-party services. We are not responsible for their content or data protection practices. The privacy policies of the respective providers apply.

Location data

Bonibo processes location data to show users relevant events, groups and locations nearby. Location data may arise through GPS permission or manual input. According to the current status, Bonibo stores the last location where this is required for using the app and providing location-based functions. Users can disable location permission through their device settings. If location permission is disabled, certain functions may be restricted.

AI-supported moderation, reports and bans

Bonibo uses automated moderation mechanisms, in particular through the OpenAI API, to check text and image content for potentially impermissible content. Despite automated moderation, Bonibo cannot guarantee that all impermissible content will be detected. Users can additionally report content, groups, profiles or behaviour.

Bonibo may in particular take the following measures: review reported content, restrict visibility, delete content, warn users, block users, temporarily or permanently suspend accounts, delete accounts and place email addresses or telephone numbers on a blacklist to prevent renewed abusive registration.

If an account is deleted or suspended, certain data may continue to be stored insofar as this is required to prevent misuse, enforce our rights, comply with legal obligations or prevent renewed unlawful use. Blacklist data such as email address or telephone number is stored for as long as necessary to prevent misuse. Necessity is reviewed periodically.

Data security

We use appropriate technical and organisational security measures to protect personal data against loss, misuse, unauthorised access, alteration or disclosure. These may include in particular: transport encryption via HTTPS/WSS, access restrictions, individual admin logins, two-factor authentication for admin access, role and permission concepts, backups, server location Germany, organisational access controls, moderation mechanisms, reporting and blocking functions and regular technical development.

We expressly point out that, according to the current technical status, chats are not end-to-end encrypted.

Automated processing and profiling

Bonibo may use automated systems, in particular for moderating texts and images, detecting potentially impermissible content, detecting misuse or security risks, serving personalised or non-personalised advertising and displaying relevant content, events, groups or locations.

Where decisions with legal effect or similarly significant impact are made solely by automated means, this takes place only where legally permissible. As a rule, automated systems support moderation, security, advertising and personalisation.

Right of access

As a data subject, you may request confirmation from us as to whether personal data concerning you is processed by us. If this is the case, you have the right of access to the following information:

• the purposes for which the personal data is processed;
• the categories of personal data that are processed;
• the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
• the planned storage period for the personal data concerning you or, if this is not possible, the criteria for determining that period;
• the existence of a right to rectification or deletion of the personal data concerning you or to restriction of processing by us, or a right to object to such processing;
• the existence of a right to lodge a complaint with a supervisory authority;
• all available information about the origin of the personal data that was not collected from you;
• the existence of automated decision-making, including profiling, and meaningful information about the logic involved and the scope and intended effects of such processing for the data subject, where applicable.

You also have the right to request information as to whether personal data concerning you is transferred to a third country or an international organisation; in this case you have the right to be informed about the appropriate safeguards relating to the transfer.

Right to rectification and deletion

You have the right to request from us without delay the correction and/or completion of inaccurate and/or incomplete personal data concerning you.

You also have the right to request that personal data concerning you be deleted without delay if one of the following reasons applies:

• the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
• you withdraw your consent and there is no other legal basis for the processing;
• you object to the processing for reasons arising from your particular situation and there are no overriding legitimate grounds for the processing, or you object to processing for direct marketing;
• the personal data concerning you has been processed unlawfully;
• deletion of the personal data concerning you is required to comply with a legal obligation;
• the personal data concerning you was collected in relation to information-society services offered pursuant to Art. 8(1) GDPR.

The right to deletion may be restricted if further storage is necessary to comply with legal obligations, for accounting and bookkeeping, to prevent misuse, to enforce terms of use, to assert, exercise or defend legal claims, for platform security or to protect other users.

Right to restriction of processing

As a data subject, you have the right to request restriction of processing if one of the following conditions applies:

• the accuracy of the personal data is contested. Restriction may be requested for the period that allows us to verify the accuracy of the personal data;
• the processing is unlawful and you request restriction instead of deletion;
• we no longer need the personal data for processing, but you need it for asserting, exercising or defending legal claims;
• you object to the processing.

If processing of personal data concerning you is restricted, we may process such data, apart from storing it, only with your consent or for asserting, exercising or defending legal claims, protecting the rights of another natural or legal person, or for reasons of public interest.

If you have obtained restriction of processing under the above conditions, we will inform you before this restriction is lifted.

Information and notification obligation towards third parties

If we have made your personal data public and are obliged to delete it under the legal requirements, we take appropriate measures, including technical measures, taking into account available technology and implementation costs, to inform other controllers and processors processing this data that you have requested deletion of all links to this personal data or of copies or replications of this data.

We inform all recipients to whom your personal data has been disclosed of any rectification or deletion of this data and of restrictions on its processing, except where this is impossible or involves disproportionate effort. In such cases, we endeavour to communicate clearly the reasons for non-notification and to ensure that your rights are nevertheless protected.

Exceptions to the right to deletion

The right to deletion does not exist where processing is necessary to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or for asserting, exercising and/or defending legal claims.

Right to data portability

As a data subject, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, where the processing is based on consent or on a contract and is carried out by automated means.

You also have the right to have the personal data concerning you transmitted directly by us to another controller, where technically feasible. The rights and freedoms of other persons must not be adversely affected.

Right to object

As a data subject, you have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you that is based on Art. 6(1)(e) or (f) GDPR. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms. An additional exception exists for processing for the assertion, exercise or defence of legal claims.

If we process personal data concerning you for direct marketing, you have the right to object at any time to processing for such advertising purposes. If you object to processing for the aforementioned purpose, we will no longer use personal data concerning you for it.

You have the right to withdraw your consent at any time. The withdrawal does not affect the lawfulness of lawful processing already carried out. Depending on the function, withdrawal may take place through the app settings, device settings, unsubscribe links or by contacting Bonibo.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular at your place of residence (EU/CH), place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR or the FADP.

The competent authority for Switzerland is: Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Bern.

Where the GDPR applies, you may also contact a competent data protection supervisory authority in the EU. The supervisory authority with which the complaint was lodged informs the complainant about the status and outcome of the complaint, including the possibility of a judicial remedy.

Data protection contact person

The internal contact persons for data protection matters are the co-founders of Bonibo. Data subjects should use the following contact address for data protection requests: info@bonibo.ch. Bonibo has currently not appointed a formal data protection officer.

Changes to this privacy policy

We may amend this privacy policy at any time, in particular if we further develop our services, introduce new functions, use new service providers or legal requirements change. The current version will be published in the app or on the website. In the event of material changes, we may also inform users additionally.