Privacy Policy

1. Introduction

1STBOND LLC (“we,” “our,” or “us”) provides tools designed to enhance safety and trust during in-person interactions. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

We are committed to transparency and responsible handling of personal data, including sensitive categories such as biometric and location data. We collect only the minimum information necessary to provide the Services.

2. Information We Collect

2.1 Personal Identifiers

• Full legal name
• Email address
• Date of birth (used to verify you are 18 or older via government-issued ID)
• Username and @handle (publicly visible to other verified users, searchable on the platform)
• Profile photo (optional, uploaded from your photo library or taken with your camera, visible to other verified users)
• Profile banner photo (optional, uploaded from your photo library or taken with your camera, displayed as a background on your profile, visible to other verified users)
• Profile bio (optional, written by you, visible to other verified users)
• Meetup codes (alphanumeric identifiers generated for each meetup session, linked to your account and meetup record)
• Password (stored in encrypted form; we do not have access to your plain-text password)

2.2 Identity Verification Data

• Government-issued identification (e.g., driver’s license, passport)
• Selfie images and verification photos submitted during onboarding

Identity verification is performed by a third-party identity verification provider acting as a data processor on our behalf under a data processing agreement. When you submit a government-issued ID, our verification provider processes the full contents of that document, which may include your full legal name, date of birth, ID or license number, issuing jurisdiction, expiration date, and residential address as printed on the document.

1STBOND LLC does not store your residential address, ID number, or expiration date in our own systems. Identity data is matched against your face scan through our secure cloud infrastructure and the result is stored in our database. We may access or request full ID data from our verification provider only in limited circumstances: (a) investigating suspected fraud or identity impersonation; (b) responding to a valid legal request, court order, or law enforcement inquiry; or (c) resolving a safety incident where identity confirmation is necessary to protect users or comply with applicable law.

2.3 Biometric Information

We collect and process biometric identifiers and biometric information in two contexts:

Onboarding identity verification: when you first create your account, we collect facial geometry and liveness detection data to verify your identity against your government-issued ID. Liveness detection confirms that verification is being performed by a live person and not a photograph or spoofed image.

Pre-meetup face scan: before each meetup session begins, we perform a real-time face scan to confirm that the person initiating the meetup is the same verified account holder. This scan matches your face against your verified ID photo and generates a timestamp verification. The face scan window opens 6 hours before the designated meetup time and closes 10 minutes before the meetup. If you do not complete the face scan before the 10-minute mark, 1STBOND marks the meetup as Unverified and discloses to all parties to proceed at their own discretion.

All biometric data is used solely for identity verification and meetup authentication. We do not use biometric data for advertising, profiling, or any purpose beyond these functions. Biometric verification is initially processed by our third-party identity verification provider (Didit). The resulting face match data and verification record are then stored securely in 1STBOND LLC’s own database and used to authenticate your identity for pre-meetup face scans throughout your use of the platform. Raw government ID biometric data (such as the photo on your ID document) is held by Didit and is not stored directly in 1STBOND’s own systems.

2.4 Messaging Data

1STBOND LLC provides in-app messaging to facilitate coordination between users. Messages are visible only to the two parties in a conversation and are stored on our servers to enable delivery and to support safety review in the event of a reported incident. Message content may be accessed by 1STBOND staff only when necessary for safety enforcement, violation investigation, or legal compliance in connection with a reported incident. We do not use message content for advertising or sell it to third parties.

When a meetup code is shared within the app messaging system, a direct Join Meetup button is automatically generated within that message thread, specific to that meetup code.

2.5 Location Data

We request access to your device location in the following contexts:

• Current location for meetup creation: when creating a meetup, you may tap ‘Use my current location’ to set your current position as the meetup destination. Location access is requested only when you initiate this action.
• Address autocomplete: as you type a meetup address, our mapping and navigation services provider populates a dropdown of matching address suggestions.
• Navigation: when a meetup is confirmed, built-in GPS navigation to the meetup location is available to all users on both Free and Premium tiers.
• Route options: when navigating, you may select routing preferences including Fastest route, No Tolls, No Highways, and similar options. These preferences are used solely to generate your navigation route and are not stored.
• Open in Maps App: you may optionally open your meetup destination in a third-party mapping application. If you use this option, your meetup destination address is passed to the app you select, subject to that app’s own privacy policy. 1STBOND LLC does not control how third-party mapping apps handle this data.
• Live tracking (Premium meetups only): Premium meetup hosts receive live updates including recommended departure time and the other party’s estimated time of arrival (ETA). The other party in a Premium meetup does not need to be a Premium member to participate. Free tier meetups include navigation only, with no live tracking.

Location data collected for navigation and live tracking is used only for the duration of the relevant meetup session. We do not track your location in the background outside of an active meetup session. You may revoke location permissions at any time in your device settings, though doing so will disable navigation and live tracking features.

2.6 Camera and Photo Library Access

• Identity verification and face scan: your camera is used to scan your government-issued ID and perform face scans during onboarding and pre-meetup verification. This is required to use the platform.
• Profile photo and banner photo: you may use your camera to take a photo or select an image from your photo library to set your profile photo or profile banner. This is optional.

Camera access for identity verification is required. Camera and photo library access for profile photos is optional. You may revoke either permission in your device settings at any time, though revoking camera access will disable identity verification and face scan functionality.

2.7 Ratings and Feedback

After completing a meetup, you may leave a star rating on the other party. 1STBOND LLC stores that rating in association with both your account and the rated user’s account. Ratings are displayed to other verified users as part of our trust and safety features.

We do not use ratings data for advertising or profiling, and we do not sell ratings data to third parties. Ratings submitted in violation of these Terms may be removed and may result in account action.

2.8 Subscription and Billing Data

Subscription billing is managed through a third-party subscription management platform in connection with the Apple App Store and Google Play Store. The free tier includes 2 meetups per week. A Premium subscription provides unlimited meetups and live tracking. When you subscribe to a paid plan, we receive and store your subscription status (active, cancelled, expired), purchase date, and renewal date. We do not receive, store, or process your payment card number or bank account details. All billing is handled by Apple or Google.

We offer a Restore Purchases feature as required by Apple and Google, which allows you to restore a previously purchased subscription on a new device or after reinstalling the app. For billing disputes or refund requests, contact Apple or Google directly.

2.9 Safety Reports and User Actions

You may report or block other users from their profile or from an active message thread. When you submit a report, we collect the reason for the report (harassment, fake identity, suspicious behavior, or other), the reported user’s account identifier, and any supporting context you provide. Reports are sent to our safety team at support@1st-bond.com for review. When you block a user, we store a record of that block to prevent future contact.

2.10 Device and Usage Data

• IP address
• Device type and model
• Operating system
• App interaction and diagnostic data
• Push notification token (used to send meetup reminders at 6 hours, 1 hour, and 20 minutes before your meetup, partner scan alerts, and new message notifications; you may disable notifications at any time in your device settings)

3. How We Use Your Information

We collect only the minimum personal information necessary to provide the Services. We use your information to:

• Verify your identity during account creation and authenticate your presence before each meetup via pre-meetup face scan
• Process identity verification through our third-party verification provider and secure cloud infrastructure
• Enable built-in GPS navigation and live tracking using our mapping and navigation services provider
• Enable in-app messaging between users
• Automatically generate a Join Meetup button when a meetup code is shared in a message thread
• Maintain and display your user profile, including name, username, bio, photos, verification badges, and ratings
• Make your profile discoverable and searchable by name or @username to other verified users
• Enable meetup creation with address autocomplete, date, time, and code generation
• Allow users to share meetup codes via SMS or in-app message
• Mark meetups as Verified or Unverified based on face scan completion status
• Process and display star ratings after completed meetups
• Manage subscription status and restore purchases via our subscription management platform
• Process user account actions including password change, email change, username change, account deletion, and meetup history deletion
• Enable report and block functionality for user safety
• Prevent fraud, abuse, and unauthorized activity
• Respond to support requests and resolve disputes
• Comply with applicable laws and legal obligations
• Improve the functionality and performance of our Services

We do not sell, rent, or use your personal data for advertising or marketing purposes.

4. Third-Party Service Providers

We use trusted third-party service providers that act as data processors on our behalf, including:

• Third-party identity verification provider (Didit) — processes your government ID and performs the initial biometric face match during onboarding. The resulting verified face match data is then stored in 1STBOND LLC’s own secure database for use in pre-meetup authentication. Raw government ID biometric data is retained by Didit. Didit does not use your data for independent purposes.
• Secure cloud infrastructure — stores and processes account data, profile information, meetup records, messages, ratings, and subscription data
• Mapping and navigation services provider — powers built-in GPS navigation, address autocomplete for meetup creation, and live tracking for Premium meetups
• Subscription management platform — tracks subscription status, purchase dates, and renewal dates in connection with Apple App Store and Google Play Store billing
• Error monitoring and diagnostics provider — collects diagnostic and app interaction data to help us identify and fix technical issues
• Web infrastructure providers — host and secure our website and web-based services

Each provider is contractually restricted from using your data for any purpose other than providing services to 1STBOND LLC. We conduct vendor due diligence and require data processing agreements with all providers handling personal or biometric data. You may contact privacy@1st-bond.com to request information about the specific third-party service providers we use.

5. Consent

5.1 General Consent

By creating an account and using 1STBOND, you consent to the collection and use of your information as described in this Privacy Policy.

5.2 Biometric Consent (Separate Affirmative Consent Required)

Onboarding consent: before we collect biometric data during account creation, you will be presented with a dedicated in-app Biometric Data Consent screen disclosing: (a) the specific data being collected (facial geometry and liveness detection data); (b) the purpose (identity verification and ongoing pre-meetup authentication); (c) that initial verification is processed by our third-party identity verification provider and the resulting face match data is stored securely in 1STBOND LLC’s database; and (d) the retention and destruction schedule (deleted within 90 days of account closure). You must affirmatively tap “I Agree — Continue to Verification” to proceed.

Pre-meetup scan consent: by agreeing to these Terms and initiating a meetup session, you consent to pre-meetup face scans as a condition of each meetup. You will be shown a Pre-Meetup Scan screen before each scan describing its purpose. Declining the scan will result in the meetup being marked Unverified.

You may withdraw biometric consent at any time by contacting privacy@1st-bond.com, though doing so will prevent access to identity-verified features and meetup functionality.

5.3 Location Consent

We request location permission for GPS navigation and live tracking. You may revoke location access at any time in your device settings, though doing so will disable navigation and live tracking features.

5.4 Camera and Photo Library Consent

We request camera access for identity verification (required) and profile photo uploads (optional). We request photo library access for profile and banner photo uploads (optional). You may manage these permissions in your device settings.

6. Data Retention

We retain different categories of data for defined periods:

• Identity verification data: retained during active account life, deleted within 30 days of account closure
• Biometric data (face match data stored in 1STBOND’s database from onboarding verification, and pre-meetup face scan records): deleted within 90 days of account closure. Raw government ID biometric data held by our third-party identity verification provider is subject to their retention policy, which we contractually require to align with our 90-day destruction schedule.
• Messaging data: retained while your account is active and for up to 90 days following account closure, unless required longer for an open dispute or legal matter. Messages are only visible between the two parties in a conversation.
• Meetup records (including scheduled time and date, participating accounts, meetup location, meetup code, face scan status, and associated safety events): retained for up to 90 days after the scheduled meetup date. When you clear your meetup history, the record is hidden from your account view but not immediately deleted from our systems during the 90-day window.
• Location and navigation data: not retained beyond the active meetup session for which it was used
• Account and profile data: retained while your account is active, deleted within 30 days of closure
• Subscription and billing data: subscription status, purchase date, and renewal date retained while your account is active, deleted within 30 days of account closure
• Safety reports: retained for the duration of any active investigation and for up to 12 months following resolution
• Block records: retained while your account is active, deleted within 30 days of account closure

You may request deletion of your data at any time (see Section 9). We will acknowledge your request within 10 business days and complete deletion within 45 calendar days. Some data may be retained longer if required by law or to resolve a pending legal dispute.

7. Data Security

We implement commercially reasonable safeguards including:

• Encryption of data in transit (TLS) and at rest
• Access controls limiting employee access to personal data on a need-to-know basis
• Contractual security obligations with all third-party vendors
• Multi-factor authentication for administrative access to production systems

In the event of a data breach affecting your personal information, we will notify you as required by applicable state and federal law.

8. Sharing of Information

We do not sell personal data. We may share your information only:

• With service providers acting as data processors on our behalf (see Section 4)
• To comply with a legal obligation, court order, or lawful government request
• To protect the safety of users or to investigate or prevent fraud or abuse, including requesting identity data from our verification provider where necessary to confirm identity in connection with a safety investigation or fraud case
• In connection with a merger, acquisition, or asset sale, provided the successor agrees to honor this Privacy Policy

Law Enforcement and Legal Requests: We respond to law enforcement and other legal requests only to the extent required by applicable law. Where permitted, we require a valid subpoena, court order, or warrant before disclosing personal data. We may make exceptions in emergency situations involving an imminent risk of serious harm. Where legally allowed and practicable, we will notify affected users before disclosing their information.

9. Your Privacy Rights

9.1 General Rights (All Users)

You have the right to:

• Access a copy of the personal data we hold about you
• Request correction of inaccurate personal data
• Request deletion of your personal data, available in-app via Settings → Account → Delete Account, or via 1st-bond.com/delete-account, or by contacting privacy@1st-bond.com
• Clear your meetup history within the app at any time (Meetup → Past → Clear History)
• Change your email, password, or username within the app at any time via Account Settings
• Withdraw consent for biometric data collection at any time
• Block or report other users at any time via their profile or message thread

To exercise these rights, contact: privacy@1st-bond.com. We will acknowledge your request within 10 business days and complete your request within 45 calendar days.

9.2 California Residents — CCPA / CPRA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months
• Right to Delete: Request deletion of personal information we have collected from you
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is currently required, but you may contact us to confirm this in writing
• Right to Limit Use of Sensitive Personal Information: We use sensitive personal information, including biometric data and precise geolocation, only as necessary to provide the Services
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights

To submit a CCPA/CPRA request, contact privacy@1st-bond.com with the subject line “CCPA Request.” We will acknowledge your request within 10 business days and complete it within 45 calendar days.

9.3 Do Not Track

California’s CalOPPA requires disclosure of how we respond to browser Do Not Track (DNT) signals. We do not currently respond to DNT signals, as no universal compliance standard has been established. We do not use your data for cross-site behavioral tracking.

9.4 Illinois Residents — BIPA Rights

Illinois residents have the right to receive our biometric data retention policy in writing prior to data collection, and to seek relief under BIPA for violations. See Section 2.3 for our full BIPA disclosure.

10. Account Management

You may manage your account at any time through the Settings menu in the app:

• Change password: available in Account Settings
• Change email address: available in Account Settings
• Change username: available in Account Settings
• Delete account: available in Settings → Account → Delete Account, or at 1st-bond.com/delete-account
• Clear meetup history: available in the Meetup → Past tab
• Restore purchases: available in Settings if you have a previous subscription
• Block or report users: available on any user profile or message thread
• Search for users: available via the Search tab by name or @username

11. International Users

1STBOND LLC is operated in the United States. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence. By using the Services, you consent to the transfer and processing of your information in the United States.

We do not currently direct the Services at users in the European Union or other international jurisdictions with distinct regulatory frameworks. If this changes, this policy will be updated accordingly with at least 30 days’ advance notice.

12. Children’s Privacy

1STBOND LLC is intended for users who are 18 years of age or older. Age is verified through our identity verification process, which requires a valid government-issued ID. A self-declaration alone is not sufficient to access the Services. We do not knowingly collect personal information from individuals under 18.

If we become aware that a user under 18 has created an account, we will terminate that account and delete their information promptly. Parents or guardians with concerns should contact privacy@1st-bond.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, including the introduction of new data collection practices such as payments or new location features, we will provide at least 30 days’ advance notice via in-app notification and email to the address associated with your account.

The updated policy will be posted at 1st-bond.com/privacy with a revised effective date. Continued use of 1STBOND after the effective date constitutes acceptance.

14. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the State of Colorado, without regard to conflict of law provisions. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the courts located in Denver County, Colorado.

15. Contact

For privacy inquiries, data access or deletion requests, or consent withdrawal: