Last Updated: December 17, 2025
This Data Processing Agreement ("DPA") forms part of the contract between you ("Data Subject" or "User") and DevOrbitLabs ("Data Controller" or "we") for the use of BondAlchemy mobile application ("Service").
This DPA supplements our Privacy Policy and Terms of Use, providing additional details on data processing activities for compliance with:
For the purposes of this DPA:
BondAlchemy processes the following categories of personal data:
| Data Category | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Personal Name | App personalization and user experience | Contractual necessity |
| Personality Preferences | Personalized insights and compatibility analysis | Contractual necessity |
| Relationship Values | Compatibility matching and AI coaching | Contractual necessity |
| Journal Entries | Dream analysis and pattern recognition | Contractual necessity |
| AI Conversations | Life coaching and relationship guidance | Contractual necessity |
| Compatibility Data | Relationship compatibility analysis | Contractual necessity |
| Subscription Data | Access control and billing (handled by Apple) | Contractual necessity |
| Device Identifiers | Subscription verification only (RevenueCat) | Legitimate interest |
Personality data and relationship preferences may be considered sensitive data under GDPR Article 9. We process this data with your explicit consent when you complete the onboarding questionnaire in the app.
We engage the following sub-processors to provide the Service:
| Sub-processor | Purpose | Data Shared | Location |
|---|---|---|---|
| Apple Inc. | iCloud sync, In-App Purchases | User-controlled iCloud data, transaction receipts | USA (GDPR-compliant) |
| OpenAI LLC | AI-powered features (GPT models, DALL-E 3) | Anonymized queries (no PII) | USA (GDPR-compliant) |
| RevenueCat Inc. | Subscription management | Anonymous device ID, subscription status | USA (GDPR-compliant) |
| Mixpanel Inc. | Analytics (anonymized) | Anonymized usage events (no PII) | USA (GDPR-compliant) |
All sub-processors:
Under GDPR, you have the following rights regarding your personal data:
You can access all your personal data directly within the BondAlchemy app. Navigate to Profile > Settings to view your stored information.
You can edit and correct your personal information at any time within the app's Profile section.
You can delete your data by:
You can disable specific features or stop using the app at any time to restrict processing.
Currently, data export is limited to share functionality. We are developing a comprehensive data export feature for future releases.
You can object to data processing by discontinuing use of the Service and deleting your data.
You may withdraw consent at any time by deleting your data or uninstalling the app. This does not affect the lawfulness of processing before withdrawal.
California residents have additional rights under the California Consumer Privacy Act:
See Section 3 for categories of personal data collected and purposes of processing.
Same as GDPR Right to Erasure (Section 6.3).
We do NOT sell personal information. We have never sold personal data and will never sell your data to third parties.
We do not discriminate against users who exercise their CCPA rights.
We implement industry-standard security measures to protect your data:
Personal data is retained according to the following schedule:
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Local Core Data | Until you delete the app or clear data | User-initiated or app uninstall |
| iCloud Data | Until you disable iCloud sync and delete from Apple account | User-initiated via Apple iCloud settings |
| AI Requests (OpenAI) | Not stored (processed in real-time) | Automatic (no retention) |
| Subscription Data (RevenueCat) | Duration of subscription + 1 year | Automatic deletion after retention period |
In the unlikely event of a data breach:
Your data may be transferred to and processed in the following locations:
All transfers comply with GDPR Chapter V requirements (Standard Contractual Clauses or adequacy decisions).
BondAlchemy is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us immediately at halimozturk@windowslive.com.
We may update this DPA from time to time to reflect changes in our data processing practices or legal requirements. We will notify you of material changes through:
Continued use of the Service after changes constitutes acceptance of the updated DPA.
For questions about this Data Processing Agreement, to exercise your data rights, or to file a complaint:
If you are in the European Economic Area and wish to contact our EU representative, please email us at the address above for representative contact details.
You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.
By using BondAlchemy, you acknowledge that you have read, understood, and agree to this Data Processing Agreement in conjunction with our Privacy Policy and Terms of Use.