Privacy Policy

Last updated: February 14, 2026

PinkyBond, a product of Veronata, Inc. (“we,” “our,” or “us”), is committed to protecting your privacy and the privacy of your partner. This policy explains what data we collect, what we don't collect, and how our encryption architecture ensures your most intimate data remains yours.

1. Zero-Knowledge Architecture

PinkyBond uses a zero-knowledge architecture. This means we cannot read, access, or decrypt the data that flows between PinkyBloom (her app) and PinkyBond (your app). All data is encrypted on-device using AES-256-GCM before transmission. Our server (the Blind Relay) stores only encrypted blobs it cannot decrypt.

2. What Our Server Stores

Our Convex backend stores the following for each message or data snapshot:

  • Pairing ID: A SHA256 hash of sorted public keys. Not tied to any identity.
  • Ciphertext: Base64-encoded AES-256-GCM encrypted data we cannot read.
  • Message type: “chat” or “snapshot” (we know the type but not the content).
  • Sender role: “bloom” or “bond” (we know which app sent it).
  • Timestamp: When the message was sent.
  • Delivery status: Whether the message has been delivered.

Encrypted blobs are purged from our server after 30 days or upon delivery, whichever comes first.

3. What We Do NOT Collect

  • Names, email addresses, or phone numbers
  • Cycle data, mood data, or health information (in readable form)
  • Journal entries, voice recordings, or AI conversations
  • Location data
  • Device identifiers or advertising IDs
  • Browsing history

4. Encryption Details

Key exchange: Curve25519 ECDH via in-person QR code scanning. No server-mediated key exchange.

Encryption: AES-256-GCM with HKDF-SHA256 key derivation (salt: “PinkyBond-v1”).

Key storage: Shared secrets are stored in the iOS Keychain, protected by the Secure Enclave. Keys never leave the device.

Nonce: 12 bytes, randomly generated per message to prevent pattern analysis.

5. Safety Mode

PinkyBloom includes a Safety Mode feature that sends synthetic (fake) data to PinkyBond when activated. This data is encrypted and transmitted through the same relay as real data, making it indistinguishable. Safety Mode is controlled entirely by the PinkyBloom user. The PinkyBond user is not notified when Safety Mode is active.

6. Subscription and Billing

PinkyBond subscriptions ($5/month) are processed through Apple In-App Purchase. We do not collect or store payment information. Apple handles all billing. You can cancel anytime through your Apple ID settings.

7. Analytics

We collect minimal, anonymous analytics to improve the app: crash reports, feature usage counts (not content), and aggregate Safety Mode usage statistics. All analytics are opt-in and contain no personally identifiable information.

8. Data Deletion

You can delete your PinkyBond account at any time from the app settings. This permanently destroys the pairing, removes all locally stored data, and deletes any encrypted blobs associated with your pairing ID from our server.

9. Law Enforcement Requests

If we receive a valid legal request, we can only provide the encrypted data described in Section 2. We cannot decrypt this data. We do not possess decryption keys. We will notify affected users of legal requests unless prohibited by law.

10. Children's Privacy

PinkyBond is not intended for use by anyone under the age of 17. We do not knowingly collect data from children.

11. Changes to This Policy

We will notify users of material changes through the app. Continued use after notification constitutes acceptance.

12. Contact

For privacy questions or data deletion requests, please reach out through our contact form.

Veronata, Inc.
2261 Market Street STE 22406
San Francisco, CA 94114

Coming Soon to the App Store