This Privacy Policy applies to the 1STBOND LLC mobile application and all related services ("Services"). By creating an account or using 1STBOND, you agree to the practices described in this policy. Where required by law — including for biometric data — we will obtain your separate, affirmative consent before collection.
Note: This policy reflects the current version of 1STBOND. In-app payments and live GPS session tracking are planned for future releases and are not currently active. User-entered meetup location addresses (entered when creating or joining a meetup) are collected and stored as part of meetup records as described in Section 6. This policy will be updated before payment or GPS tracking features launch.
1STBOND ("we," "our," or "us") provides tools designed to enhance safety and trust during in-person interactions. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.
We are committed to transparency and responsible handling of personal data, including sensitive categories such as biometric information. We collect only the minimum information necessary to provide the Services.
Identity verification services are provided by DIDIT, acting as a data processor on our behalf under a data processing agreement. When you submit a government-issued ID for verification, DIDIT processes the full contents of that document on our behalf, which may include your full legal name, date of birth, ID or license number, issuing jurisdiction, expiration date, and residential address as printed on the document. 1STBOND LLC does not store your residential address, ID number, or expiration date in our own systems and does not use that information in our day-to-day platform operations. This data is retained solely by DIDIT in accordance with their privacy policy and our data processing agreement. We may access or request this information from DIDIT only in limited circumstances, including: (a) investigating suspected fraud or identity impersonation; (b) responding to a valid legal request, court order, or law enforcement inquiry; or (c) resolving a safety incident where identity confirmation is necessary to protect users or comply with applicable law.
We collect and process biometric identifiers and biometric information in two contexts: (1) during onboarding identity verification, and (2) during pre-meetup face scans. Specifically, we collect facial geometry and liveness detection data derived from images and real-time captures in both of these contexts.
Onboarding identity verification: when you first create your account, we collect facial geometry and liveness detection data to verify your identity against your government-issued ID. Liveness detection confirms that verification is being performed by a live person and not a photograph or spoofed image.
Pre-meetup face scan: before each meetup session begins, we perform a real-time face scan to confirm that the person initiating the meetup is the same verified account holder. This scan matches your face against your verified ID photo and generates a timestamp verification. This is a required step to activate each meetup session.
All biometric data is used solely for identity verification and meetup authentication purposes. We do not use biometric data for advertising, profiling, or any purpose beyond these functions. Raw biometric data is processed by DIDIT on our behalf and is not stored directly by 1STBOND LLC.
If you are a resident of Illinois, we collect biometric identifiers and biometric information as defined under the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/.
This notice satisfies our obligation to provide a written, publicly available retention policy prior to collection.
If you are a resident of Texas, we collect biometric identifiers as defined under the Texas Capture or Use of Biometric Identifier Act (CUBI), Tex. Bus. & Com. Code § 503.001.
If you are a resident of Washington, we collect biometric data that may be regulated under the Washington My Health My Data Act (MHMDA), RCW 70.372, to the extent it constitutes consumer health data.
To facilitate coordination between users, 1STBOND LLC provides in-app messaging. Message content is stored on our servers to deliver communications between users and to enable safety review in the event of a reported incident. Message content is accessed by 1STBOND staff only when necessary for safety enforcement, violation investigation, or legal compliance. We do not use message content for advertising or sell it to third parties.
Features Not Yet Active: In-app payments, live GPS session tracking, and background location are planned for a future version of 1STBOND LLC. Note: user-entered meetup location addresses (street address or place name entered when creating or joining a meetup) are currently collected and stored as part of meetup records. Live device GPS tracking is not active. This policy will be updated with applicable disclosures before those features are enabled. You will be notified of any material changes before they take effect.
When you submit a star rating or other feedback about another user or a meetup, 1STBOND LLC stores that rating in association with both your account and the rated user's account. Ratings are displayed to other verified users as part of our trust and safety features (for example, the star rating shown on a user's profile and meetup details screen).
We do not use ratings data for advertising or profiling, and we do not sell ratings data to third parties. Ratings submitted in violation of these Terms — for example, defamatory or harassing ratings — may be removed and may result in account action.
When you subscribe to a paid plan, 1STBOND LLC receives and stores the following data from the Apple App Store or Google Play Store: subscription status (active, cancelled, expired), purchase date, and renewal date. We do not receive, store, or process your payment card number, bank account details, or any other financial credentials. All billing and payment processing is handled entirely by Apple or Google on your device's platform. For billing disputes or refund requests, you must contact Apple or Google directly.
Subscription status data is retained while your account is active and deleted within 30 days of account closure. We do not use subscription data for advertising or sell it to third parties.
We collect only the minimum personal information necessary to provide the Services. We use your information to:
We do not sell, rent, or use your personal data for advertising or marketing purposes.
We use the following trusted service providers that act as data processors on our behalf:
Each provider is contractually restricted from using your data for any purpose other than providing services to 1STBOND LLC. We conduct vendor due diligence and require data processing agreements with all providers handling personal or biometric data. An up-to-date list of our sub-processors is maintained at https://1st-bond.com/sub-processors. We will provide at least 14 days' advance notice via in-app notification or email before adding any new sub-processor that handles personal or biometric data.
By creating an account and using 1STBOND, you consent to the collection and use of your information as described in this Privacy Policy.
We collect biometric data in two contexts, each requiring your consent:
Onboarding consent: before we collect biometric data during account creation, you will be presented with a dedicated in-app Biometric Data Consent screen disclosing: (a) the specific biometric data being collected (facial geometry and liveness detection data); (b) the purpose of collection (identity verification only); (c) how the data is processed (by DIDIT on our behalf, not stored directly by 1STBOND LLC); and (d) the retention and destruction schedule (deleted within 90 days). You must affirmatively tap "I Agree — Continue to Verification" to proceed.
Pre-meetup scan consent: by agreeing to these Terms and initiating a meetup session, you consent to pre-meetup face scans as a condition of each meetup. You will be shown a Pre-Meetup Scan screen before each scan that describes the purpose (confirming it is still you before the meetup). You may decline the scan, but doing so will prevent the meetup session from activating.
You may withdraw biometric consent at any time by contacting privacy@1st-bond.com, though doing so will prevent access to identity-verified features and meetup functionality.
We retain different categories of data for defined periods:
You may request deletion of your data at any time (see Section 9). We will acknowledge your request within 10 business days and complete the deletion within 45 calendar days. Some data, including meetup records involved in an open safety investigation or legal dispute, may be retained longer if required by law or to resolve a pending legal matter.
We implement commercially reasonable safeguards including:
In the event of a data breach affecting your personal information, we will notify you as required by applicable state and federal law, including within the timeframes mandated by your state of residence. We periodically review our security controls and restrict administrative access to production systems using multi-factor authentication. We may engage independent security assessments as our platform and user base grows.
We do not sell personal data. We may share your information only:
Law Enforcement and Legal Requests. We respond to law enforcement and other legal requests only to the extent required by applicable law. Where permitted, we require a valid subpoena, court order, or warrant before disclosing personal data. We may make exceptions in emergency situations involving an imminent risk of serious harm to any person. Where legally allowed and practicable, we will notify affected users before disclosing their information in response to a legal request.
You have the right to:
To exercise these rights, contact: privacy@1st-bond.com. We will acknowledge your request within 10 business days and complete your request within 45 calendar days.
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
To submit a CCPA/CPRA request, contact privacy@1st-bond.com with the subject line "CCPA Request." We will acknowledge your request within 10 business days and complete it within 45 calendar days. You may designate an authorized agent to make requests on your behalf by providing written authorization.
California's CalOPPA requires disclosure of how we respond to browser Do Not Track (DNT) signals. We do not currently respond to DNT signals, as no universal compliance standard has been established. We do not use your data for cross-site behavioral tracking.
Illinois residents have the right to receive our biometric data retention policy in writing prior to data collection, and to seek relief under BIPA for violations. See Section 2.3 for our full BIPA disclosure.
1STBOND LLC is operated in the United States. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence. By using the Services, you consent to the transfer and processing of your information in the United States.
We do not currently direct the Services at users in the European Union or other international jurisdictions with distinct regulatory frameworks. If this changes, this policy will be updated accordingly with at least 30 days' advance notice.
1STBOND LLC is intended for users who are 18 years of age or older. Age is verified through our identity verification process, which requires a valid government-issued ID. A self-declaration alone is not sufficient to access the Services. We do not knowingly collect personal information from individuals under 18.
If we become aware that a user under 18 has created an account, we will terminate that account and delete their information promptly. Parents or guardians with concerns should contact privacy@1st-bond.com.
We may update this Privacy Policy from time to time. For material changes — including the introduction of new data collection practices such as payments or location tracking — we will provide at least 30 days' advance notice via in-app notification and email to the address associated with your account.
The updated policy will be posted at https://1st-bond.com/privacy with a revised effective date. Continued use of 1STBOND after the effective date constitutes acceptance. If you do not agree to a material change, you may close your account before it takes effect.
This Privacy Policy is governed by the laws of the State of Colorado, without regard to conflict of law provisions. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the courts located in Denver County, Colorado.
For privacy inquiries, data access requests, consent withdrawal, or to report a concern:
For general support and in-app help: support@1st-bond.com
Note: The Privacy & Security screen within the 1STBOND app provides a plain-language summary of our data practices. In the event of any conflict between the in-app summary and this Privacy Policy, this Privacy Policy controls.
Email: privacy@1st-bond.com
Website: https://1st-bond.com/privacy
Mailing Address: 1500 N Grant St Ste N, Denver, Denver County, CO 80203