Bonding Bowls

Privacy Policy

Updated March 2026

Who We Are

Bonding Bowls is built by Redot Innovations, a Singapore-based startup. We're committed to helping people make genuine connections. Privacy isn't a legal checkbox for us—it's the foundation of everything we do.

What Information We Collect

Your Identity (via Singpass)

You sign up using Singapore's Singpass system, which verifies your identity through government records (Myinfo). We get your name, age, and citizenship status. We don't store your ID permanently—just enough to verify you're you.

Your Profile

Photos, bio, interests, where you're from—whatever you choose to share. Voice prompts if you use that feature (encrypted). Location data is optional and only as detailed as you make it.

Conversations & Interactions

Your messages, likes, matches—we keep these to run the app and prevent bad actors. Messages are encrypted.

How Photos Work

When you upload a photo, we run a quick check on your phone (not our servers) to confirm there's a real face. This cuts down on catfishing. We don't use facial recognition to spy on you—just "yep, that's a face" and done.

Technical Stuff

Your IP, device type, crash reports. The boring stuff that helps us keep the app from breaking.

Payments

We see your transaction history and subscription status. Credit card details? Stripe/PayPal handles that, not us—they follow PCI standards so we never see your full card number.

Why We Need Your Data

Keep it simple:

  • To make the app work: Showing you matches, letting you message, managing your profile
  • To keep it safe: Blocking scammers, catching bots, protecting users
  • Legal compliance: Singapore law requires we keep certain things for a while
  • To improve the App: Crash reports help us fix bugs

Who Sees Your Data

We don't sell your information. Period. But we work with a few trusted services:

  • Firebase: Notifications and crash tracking
  • Stripe/PayPal: Subscription processing
  • Cloud servers: Where your data lives (encrypted)
  • Law enforcement: Only when they have a warrant or court order

How Long We Keep It

  • While you're active: Everything stays
  • After you delete your account: 90 days, then permanently gone
  • Messages: 12 months (in case someone disputes a transaction or reports abuse)
  • Tax records: 7 years (Singapore requires it)
  • Face data: Deleted immediately after checking your photo

Your Rights

Singapore's PDPA gives you control:

  • See it: Get a copy of everything we have on you
  • Fix it: Tell us something's wrong, we'll correct it
  • Delete it: Wipe your account
  • Stop us: Withdraw consent for certain processing

Email dpo@redotinnovations.com and we'll handle it within 30 days.

Security

We use proper encryption (TLS for data moving, AES-256 for data resting). Passwords are hashed and salted. Payment info goes through Stripe/PayPal, not us. We're not invincible—nothing is—but we work hard to protect you.

About Singpass

Singpass is Singapore's official identity system. We trust it. We don't get your raw ID number—just a verification that you're who you say you are. Think government seal of approval.

Kids

You must be 18+. We'll delete any account from someone younger.

We May Update This

If something big changes, we'll email you and let you know in-app. Check back occasionally.

Questions?

support@bondingbowls.com
DPO: dpo@redotinnovations.com
Usual response: 30 days

Found something wrong? Complain to Singapore's PDPC at pdpc.gov.sg.