Legal

Privacy Policy

Effective March 1, 2026 · Also see our Terms of Service

Overview

Bondshake (“we”, “us”, “our”) operates the Bondshake platform at bondshake.com. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what choices you have.

By using Bondshake, you agree to the practices described here. If you don't agree, please don't use the service.

Information we collect

Account information

When you create an account we collect your name, email address, and a hashed password (or a Google OAuth token if you sign in with Google). We never store your Google password.

Billing information

If you subscribe to a paid plan, payments are processed by Stripe. We do not store your full card number, CVV, or bank details — Stripe holds these on their PCI-compliant infrastructure. We receive and store a Stripe customer ID, subscription ID, plan tier, and billing status to manage your account.

Portal content

Content you add to a portal — links, checklist items, text, and uploaded files (images, documents, etc.) — is stored on our behalf by Cloudflare R2. This content may include information about your clients or projects. You control who receives the portal link.

Client and viewer data

People who visit a portal you share do not need to create an account. If they choose to create a free Bondshake account (e.g. to leave comments or upload files), we collect their name and email. We log portal view events (timestamp, approximate country) to provide analytics to you as the portal owner. We do not collect viewer IP addresses beyond what is necessary for security and rate-limiting.

Usage data

We collect standard server logs (pages visited, timestamps, browser type, referring URL) and application-level events (portal created, file uploaded, link added) to operate and improve the service. These logs are retained for a maximum of 90 days.

How we use it

We use the data we collect to:

  • Create and manage your account and projects
  • Process subscription payments via Stripe
  • Deliver the service — store your content, serve portal pages, send email notifications
  • Provide portal analytics to you (view counts, geographic breakdown)
  • Send transactional emails (receipt, password reset, portal comment notification)
  • Respond to support requests
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell your data. We do not use your portal content to train machine-learning models. We do not serve third-party advertising on Bondshake.

Who we share it with

We share data only with the service providers needed to operate Bondshake. Each sub-processor handles data under a data processing agreement and only for the purposes listed.

ProviderPurposeData shared
StripePayment processingEmail, billing address, subscription status
CloudflareFile storage (R2) & CDNUploaded files, portal content
GoogleOAuth sign-in (if used)Name, email (read-only)
ResendTransactional emailEmail address, notification content

We may also disclose data if required by law, court order, or to protect the rights, property, or safety of Bondshake, our users, or the public.

Storage & security

All data is stored within Cloudflare's global infrastructure. Data in transit is encrypted via TLS. Files stored in Cloudflare R2 are encrypted at rest.

We use industry-standard practices including access controls, secret rotation, and monitoring. No method of transmission over the internet is 100% secure. We will notify affected users promptly in the event of a breach that affects their personal data.

Cookies & analytics

Bondshake uses session cookies to keep you signed in. We use a small number of cookies that are strictly necessary for the service to function. We do not use third-party advertising cookies.

We collect aggregate usage statistics (page views, feature usage) using our own infrastructure. We do not use Google Analytics or other third-party tracking scripts that share your behaviour data with external parties.

Your rights

Depending on your location you may have the right to access, correct, export, or delete your personal data. You can:

  • Update your account — name and email — from your account settings at any time
  • Export your data — email us at contact@bondshake.com and we will send you a machine-readable export within 30 days
  • Delete your account — email the address above. We will delete your account and personal data within 30 days, subject to the data retention rules below
  • Opt out of marketing — all marketing emails include an unsubscribe link. Transactional emails (receipts, security alerts) cannot be opted out of while your account is active

If you are in the EU/EEA or UK, you also have the right to lodge a complaint with your local supervisory authority.

Data retention

We retain your account data for as long as your account is active. If you delete your account we delete your personal data within 30 days. Portal content (files, links, text) is deleted at the same time unless a client account is still associated with the portal — in which case we delete that content within 60 days.

We may retain anonymised, aggregated usage statistics indefinitely. We retain billing records as required by applicable tax law (typically 7 years).

Children

Bondshake is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

Changes to this policy

We may update this policy from time to time. When we do, we will update the effective date at the top of this page and, for material changes, notify you by email or a notice in the dashboard. Continued use of Bondshake after a change constitutes acceptance of the updated policy.

Contact

Questions about this policy or your data? Email us at contact@bondshake.com. We aim to respond within 5 business days.