BONE
DE EN

Legal

Privacy policy

As of: June 2026

This policy explains which personal data we process when you use the BONE app, for which purposes, on which legal basis, and to whom we pass it on. It is deliberately written to be readable — if anything remains unclear, just ask us.

In short: We do not sell user data. We do not pass it to advertising data brokers. Chat content is end-to-end encrypted; even we cannot read it in plain text. For clearly delimited purposes (photo verification, AI-powered bot profiles, email delivery, hosting) we work with processors — listed by name below.

1. Controller

The controller within the meaning of the GDPR is Waystar ROYCO GmbH, Grellstraße 37, 10409 Berlin, Germany (full provider information in the Imprint).

Data-protection enquiries reach us at info@bone-app.com.

2. Your rights

Regardless of whether you are still a BONE user, you have the following rights:

  • Access to the data we hold about you (Art. 15 GDPR)
  • Rectification of incorrect data (Art. 16 GDPR)
  • Erasure ("right to be forgotten", Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing based on legitimate interests (Art. 21 GDPR)
  • Withdrawal of previously given consent with effect for the future (Art. 7 GDPR)
  • Lodging a complaint with a data-protection authority; competent for us: the Berlin Commissioner for Data Protection and Freedom of Information

3. What data we process — and for what

3.1 Registration and account

On registration we collect email address, a hashed password and your year of birth (for age verification). With "Sign in with Apple", Apple forwards us your relay email address.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

3.2 Profile

We process the content of your profile — display name, photos, voluntary self-descriptions and filter attributes — in order to show your profile to other users according to your visibility settings.

Legal basis: Art. 6(1)(b) GDPR.

3.3 Chat communication

Message contents are encrypted on your device (Signal Protocol) and handed to our servers only in that form. We cannot read the content of your chats in plain text. What we do process is metadata — for instance, who messaged whom at what time — to the extent necessary for delivery and spam prevention.

Legal basis: Art. 6(1)(b) GDPR.

3.4 Location data

If you grant the location permission, we process your approximate location to show you profiles nearby and to calculate distance indications. During an active Date Check-In, we additionally process location heartbeats for the duration you choose, in order to be able to communicate your last known location to your emergency contacts in an escalation. Transmission to emergency contacts only happens if you do not respond to the check-in within the set time window.

Legal basis: Art. 6(1)(a) GDPR (consent — revocable in app and OS settings).

3.5 Push notifications

For push notifications we use the Apple Push Notification service (APNs). A device-specific token is created by Apple and processed by us. Push contents for encrypted messages are transmitted such that they are only decrypted on your device.

Legal basis: Art. 6(1)(b) GDPR; for marketing push: Art. 6(1)(a) GDPR.

3.6 Photo verification

To confirm that your profile photo shows a real person and matches you, you can take a verification photo. For the biometric comparison we use AWS Rekognition (see section 5). The verification photo is deleted after comparison; the profile photo remains. A verification result (passed / not passed) is recorded on your profile.

Legal basis: Art. 6(1)(a) GDPR (consent) together with Art. 9(2)(a) GDPR (biometric data).

3.7 AI-powered bot profiles

BONE offers a small number of AI-powered bot profiles for entertainment and onboarding purposes. When you chat with such a bot, the message contents are transmitted to an AI provider (Mistral AI), processed there, and the generated response is sent back to you. Bots are clearly marked as such in the app. Chats with humans remain end-to-end encrypted throughout and are never routed to AI providers.

Legal basis: Art. 6(1)(b) GDPR.

3.8 Advertising

We may display advertising in parts of the app. Delivery may be personalised based on general profile attributes (e.g. approximate location, app language). We do not pass personally identifying identifiers, chat contents or precise location data to ad networks. Paid premium features may reduce or disable ad delivery.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in refinancing); for tracking-based ads: Art. 6(1)(a) GDPR.

3.9 Security and abuse prevention

To prevent abuse (spam, fake accounts, harassment) we process connection metadata (e.g. IP address during the session, device model, app version) as well as reported content and reporting histories.

Legal basis: Art. 6(1)(f) GDPR; where there is a statutory reporting obligation: Art. 6(1)(c) GDPR.

4. Disclosure to third parties

We do not sell personal data and do not pass it to advertising data brokers. Disclosure only occurs in the following cases:

  • to the processors listed below (section 5),
  • to your emergency contacts in the event of a Date Check-In escalation (section 3.4),
  • to law-enforcement or supervisory authorities to the extent we are legally obliged.

5. Processors and service providers

We use the following providers. With each of them a data-processing agreement (Art. 28 GDPR) is in place:

  • Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany) — server hosting of the backend. Processing exclusively on servers in Germany.
  • Cloudflare, Inc. (San Francisco, USA) — R2 object storage for encrypted image and video files and CDN. Data transfer to the USA on the basis of the EU Standard Contractual Clauses; see section 6.
  • Apple Inc. (Cupertino, USA) — app distribution, in-app purchases, push notifications (APNs), Sign in with Apple. Data transfer to the USA on the basis of the EU-US Data Privacy Framework.
  • Amazon Web Services EMEA SARL (38 Avenue John F. Kennedy, L-1855 Luxembourg; processing in region eu-central-1, Frankfurt am Main) — SES for transactional email delivery (e.g. escalation notices to emergency contacts) and Rekognition for photo verification (section 3.6).
  • Mistral AI SAS (15 rue des Halles, 75001 Paris, France) — AI inference for the bot profiles described in section 3.7.
  • dbpg deutsche Bühnenproduktionsgesellschaft mbH & Co. KG (Turnerstraße 44, 81827 Munich, Germany) — supplementary AI and image-processing services for photo verification and automated content moderation. Their processing takes place within the EU.

6. Transfer to third countries

Transfer to countries outside the EU/EEA only occurs to the US providers named above (Cloudflare, Apple). We base these transfers on the EU-US Data Privacy Framework and, subsidiarily, on EU Standard Contractual Clauses (Art. 46 GDPR), supplemented by appropriate technical safeguards such as client-side encryption of content prior to handover.

7. Retention periods

  • Account data: until you delete your account. After deletion, personal data is removed or anonymised within 30 days; statutory retention obligations remain unaffected.
  • Chat metadata and encrypted contents: until delivery to all recipient devices, then promptly removed after delivery.
  • Location heartbeats of a Date Check-In: until the end of the respective check-in, plus a limited retention period for escalation traceability.
  • Photo verification: the comparison photo is deleted immediately after comparison; the verification result remains on the profile until account deletion.
  • Security and abuse logs: up to 90 days after the last relevant event.

8. Data security

Connections between the app and the backend are TLS-encrypted throughout. Chat contents are additionally end-to-end encrypted (Signal Protocol). Passwords are stored exclusively as a hash. We implement appropriate technical and organisational measures pursuant to Art. 32 GDPR to protect your data from unauthorised access.

9. Minors

BONE is intended exclusively for persons aged 18 and over. We do not knowingly process data of minors. If we become aware of an account held by a minor, we delete it without delay.

10. Changes to this policy

We may adjust this policy where the legal framework, processing purposes or processors used change. The current version is always available at this URL. Material changes are additionally communicated in the app.