Bondi Club Pty Ltd – Privacy Policy

Updated: 11 June 2026

Bondi Club Pty Ltd (“Club Bondi”, “Bondi”, “we”, “us”, “our”) operates the Club Bondi mobile application (the “App”) — a vetted dating service for residents of Sydney’s Eastern Suburbs. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices and rights you have.

By using the App you accept the practices described here. If you do not agree, please stop using the App and delete your account.

This policy is governed by the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you are based in the European Union, United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and UK GDPR apply to you and give you additional rights described in Section 10. If you are a California resident, the California Consumer Privacy Act (CCPA) applies and gives you the rights described in Section 11.

Who we are

The data controller for the personal information we collect through the App is:

Bondi Club Pty Ltd

ABN: 12 345 678 901 Suite 4, 130 Curlewis Street Bondi NSW 2026, Australia

Contact: [email protected]

For privacy-related questions, contact our Privacy Officer at the email above.

The information we collect

We collect the following categories of personal information, all of which are necessary to provide a safe, vetted dating service.

2.1 Information you give us directly

  • Account details — Phone number, email address
  • Application details — Instagram username, suburb of residence
  • Profile details — First name, date of birth, gender, height, dating intent, the suburbs and people you are open to dating, workplace, job title, hometown
  • Photos — Profile photos you upload (minimum 4)
  • Prompt answers — Free-text responses to dating prompts you choose to display on your profile
  • Messages — Text content of chats you send to matches
  • Reports & safety reports — The content and context of any report you submit about another member
  • Referrals (optional) — Names and phone numbers of friends you add as referrals to support your application

2.2 Information we collect automatically

  • Device & system info — iOS version, device model, App version, language
  • Approximate location — Country and rough region derived from your IP address
  • Usage events — Screen views, taps on key actions (e.g. like sent, message sent, profile edited)
  • Diagnostics — Crash reports, performance metrics

2.3 Information from third parties

  • Apple — Subscription transaction receipts, anonymous transaction identifiers
  • Twilio — SMS delivery status of verification codes

We do not buy lists of users from third parties. We do not collect information about you from social networks beyond what you choose to share through your Instagram handle (which we use only to verify your application — we do not import your Instagram content).

Sensitive information

Australian law and the GDPR classify some categories as “sensitive” or “special category” personal information. The following sensitive information is collected with your explicit consent when you provide it during profile setup:

  • Information about your sex life or sexual orientation — inferred from the gender(s) you are open to dating
  • Health information — only if you voluntarily include it in a prompt answer or message

We process this information solely to operate the matching service. We do not use it for any other purpose.

How we use your information

We process your personal information for the following purposes and on the following lawful bases (where GDPR applies):

  • Verify your identity and confirm you are at least 18 — Necessary to perform the contract; compliance with legal obligation
  • Operate matching, browsing, and messaging — Necessary to perform the contract
  • Vet applications and curate the community — Legitimate interest (maintaining a safe, vetted member base)
  • Process subscription payments via Apple — Necessary to perform the contract
  • Detect, prevent, and respond to fraud, harassment, and prohibited content — Legitimate interest in member safety; compliance with legal obligation
  • Provide customer support — Necessary to perform the contract
  • Send service announcements and safety notices — Legitimate interest in member safety
  • Improve the App through anonymised analytics — Legitimate interest in service improvement
  • Comply with legal obligations and respond to lawful requests — Compliance with legal obligation

We will not use your information for any purpose materially different from those listed above without notifying you and, where required, obtaining your consent.

What other members see

When your application is approved and your profile is active, the following information is visible to other approved members in your geographic area:

  • First name, age, height, gender
  • Photos you have uploaded
  • Workplace, job title, hometown (each can be individually hidden in Edit Profile)
  • Connection type (dating intent), shown if visible
  • Prompt answers you have selected

The following information is never visible to other members:

  • Phone number
  • Email address
  • Last name
  • Exact date of birth
  • IP address or approximate location
  • Reports you have submitted
  • Profiles you have blocked
  • Profiles you have passed on or liked privately

Photos and content moderation

We may use automated and manual review to identify content that violates our Community Guidelines or applicable law. This includes:

  • Automated photo moderation at upload to detect nudity, violence, and other prohibited imagery
  • Human review of reports submitted by members
  • Review of messages and prompts that are reported

Content that fails moderation is removed and the responsible member may be suspended or permanently removed. We review every report within 24 hours. Reports are confidential.

Who we share your information with

We do not sell or rent your personal information.

We share personal information only with the parties below, and only for the purposes described:

  • Apple Inc. — Process App Store subscription payments and validate purchase receipts. United States.
  • Supabase Inc. — Cloud database, authentication, file storage, edge function execution. United States and Singapore.
  • Twilio Inc. — SMS delivery of phone verification codes. United States.
  • Professional advisors — Legal, accounting, audit, and insurance. Australia.
  • Law enforcement, regulators, or courts — Where required by law, regulation, court order, or to protect member safety.

We require each of these recipients to handle your information consistently with this Privacy Policy and to apply at least the same level of protection as we do.

International transfers of your information

Bondi is operated from Australia. The third-party services we use are located in the United States, Singapore, and other countries. By using the App you consent to your personal information being transferred to and processed in those countries.

When we transfer personal information out of the European Union, United Kingdom, or Switzerland, we use Standard Contractual Clauses approved by the European Commission, the UK Information Commissioner, or the equivalent local authority, to provide an adequate level of protection.

How long we keep your information

We retain personal information only for as long as we need it for the purposes described in this Privacy Policy:

  • Active accounts: for as long as your account is active
  • After account deletion: profile, photos, messages, matches, likes, passes, blocks, and referrals are removed within 30 days
  • Legal, tax, fraud-prevention, and safety records: kept as long as required by law (typically 7 years for transaction records)
  • Reports and the content they refer to: kept for as long as needed to enforce our Community Guidelines and protect other members
  • Anonymised analytics: kept indefinitely; cannot be re-associated with you

You can delete your account at any time from Settings → Delete Account. The action is permanent and immediate.

Your rights (GDPR / UK GDPR)

If you are located in the European Union, United Kingdom, or Switzerland, you have the following rights under the GDPR or UK GDPR:

  • Access — Request a copy of the personal information we hold about you
  • Rectification — Ask us to correct inaccurate information
  • Erasure — Ask us to delete your information (we already provide one-tap deletion in the App)
  • Restriction — Ask us to limit how we use your information while a dispute is resolved
  • Portability — Receive a copy of the information you have provided to us, in a machine-readable format
  • Objection — Object to processing that we rely on for our legitimate interests
  • Withdraw consent — Where we rely on consent, withdraw it at any time
  • Lodge a complaint — With your local data protection authority — e.g. the Information Commissioner’s Office in the UK

To exercise any of these rights, email [email protected]. We will respond within 30 days. We may need to verify your identity before acting on a request.

Your rights (California — CCPA)

If you are a California resident, you have the following rights under the CCPA / CPRA:

  • The right to know what personal information we collect, use, and share
  • The right to delete your personal information
  • The right to correct inaccurate personal information
  • The right to opt out of any sale or sharing of your personal information — we do not sell or share personal information for purposes of cross-context behavioural advertising
  • The right to limit use of sensitive personal information
  • The right to non-discrimination — we will not deny you services or charge different prices for exercising your rights

To exercise any right, email [email protected].

Australian Privacy Principles

We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). If you have a complaint about how we have handled your personal information, please email [email protected] first so we can try to resolve it.

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner

Web: oaic.gov.au Phone: 1300 363 992

Children

Bondi is strictly for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If we learn that an account belongs to someone under 18, we will delete it and ban the device.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact [email protected] immediately.

Security

We protect your personal information with the following measures:

  • TLS encryption in transit for all network traffic
  • Encryption at rest for the database, file storage, and backups
  • Row-Level Security (RLS) policies that restrict access to your data based on your authenticated identity
  • Access controls on Bondi’s internal team — only members of the safety team can access individual reports, and access is logged
  • Bug-bounty channel — please email [email protected] to report security vulnerabilities responsibly

No system is impervious to breach. If we ever become aware of a personal data breach that is likely to result in harm to you, we will notify you and the relevant authorities in accordance with applicable laws.

Cookies, identifiers, and tracking

The App does not use web cookies. We use the following device-level identifiers:

  • Apple’s Advertising Identifier (IDFA) — not used. We do not request tracking permission and we do not track you across other apps or websites.
  • Anonymous installation ID — used for crash reporting and to detect repeat sign-up abuse from the same device.

Communications

We may send you push notifications and emails for the following purposes:

  • Service notices (e.g. account, security, safety)
  • Match notifications (when someone new matches with you)
  • Message notifications (when someone sends you a message)

You can disable push notifications in iOS Settings. You can opt out of marketing communications (if we send any) using the unsubscribe link in those emails.

Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in the App or in the law. If we make material changes, we will:

  • Update the “Last updated” date at the top
  • Notify you in-app and, where appropriate, by email
  • Where required by law, ask for your renewed consent

We encourage you to review this Privacy Policy periodically.

Contact us

For all privacy-related enquiries, requests, or complaints:

Email: [email protected] Bondi Club Pty Ltd Suite 4, 130 Curlewis Street Bondi NSW 2026, Australia

We respond within 30 days, and faster in most cases.

©2026 Club Bondi

Terms of Service

Privacy Policy