Privacy Policy Summary

Your data is private and is only used for the purpose of providing the features and services that are used by our apps. We don't sell your data to anyone.

We’ve designed the applications in the Bonobo Studio suite to respect your privacy and secure your data. Our apps are supported by our user’s memberships - we don’t believe in selling your data, showing you ads/special offers, or annoying you with tricks or pop-ups.

Our full legal privacy policy can be found below, but to help cut through the legal jargon we’ve written a high level summary below of how our apps work, what data they collect, and what we use it for. If you have any concerns about any of this then please get in touch with us at support@studiobonobo.com - we’re happy to answer any questions.

  • All three apps use our membership service, which is a way to allow you to log in securely and allow the apps access to your preferences, content and memberships across iOS, Android and the web. There are currently three different ways to login: Google, Apple, or via email and password. We request only the minimum permissions from Google - your email address, your name and profile picture. Sign in with Apple allows you to choose to hide your email address, by generating a random anonymous email that looks like xxxxxxxxx@privaterelay.appleid.com. This data is encrypted in transit and at rest, and your password is hashed using Scrypt - an industry standard method for securing passwords.

  • In March 2021 we removed the Facebook SDK from our iOS apps. Our accounts site still has the Facebook SDK, to allow users who currently can only log in via Facebook to set a password for their account.

  • The first time you sign in, we’ll ask you if you’d like to opt-in to receive emails from us. If you dismiss the prompt or choose no then we’ll never ask you again. If you grant us permission to send you emails then we’ll securely transmit your name, email, language and information about which app memberships you have to our email service. We use a 3rd party service called Customer.io for this - you can read about their security here.

Timepage

  • When Timepage is first opened you are asked for permission to access your calendar and contacts. Timepage will then sync with your iOS calendar locally - we never transmit or store your events, contacts and calendar data.

  • In order to provide weather information, rain, transit time to events and time to leave alerts, Timepage asks for permission for your location while you’re using the app. If you grant this permission then Timepage will periodically request up to date weather data from our API. Our API anonymises your location by rounding the latitude and longitude to the nearest ~10km for your privacy. We use a weather service called Aeris Weather, who receives only your anonymised location.

  • There is an option in Timepage to sync your Actions and Flow data in order to show your Actions and Flow documents on your timeline.

Actions

  • Actions securely transmits and stores your Actions, lists and notes in the cloud using Firebase, a Google Cloud Platform product. (The terms of service for Firebase limit Google’s data usage to provide the services and other functionality stated in the ToS - so your data won’t be read by Google and used to show you ads!) We use Firebase to provide realtime syncing across devices and platforms, and security and permissions features that allow for sharing Actions/Lists between users.

Flow

  • Flow documents, pens and collections are securely transmitted and stored using Firebase. We use Firebase to provide realtime syncing across devices and platforms, and security and permissions features that allow for sharing documents between users.

  • Document thumbnails are securely transmitted and stored using Google’s Cloud Storage.

Analytics and crash reporting

  • In order to support, maintain and improve our apps we use Google Analytics, Firebase Analytics and Firebase Performance Monitoring (all Google services). We send anonymised tracking events to these services to help us understand general trends in usage and performance of various features in the apps. We don’t send anything personally identifiable - none of your Actions, Flow or Timepage data is transmitted.

    Here are some of the kinds of questions that these tools help us answer:

    • Are new users discovering how to create Actions? (or do we need to improve how we explain this in onboarding?)
    • How often do users start creating an event in Timepage and then cancel? (Is there something that people find confusing? How can we make this clearer?)
    • How long does syncing calendar data in Timepage take? Has this improved with the latest update?
  • We also use Crashlytics (another Google service) and Sentry for tracking crashes and app stability. This lets us see anonymised data about the number and type of errors so we can fix them - e.g. if the app is using too much memory on older devices, or if there’s a bug that only shows up on the new version of iOS.

  • In June 2023 we moved our web analytics over from Google Analytics to Fathom Analytics, a fast, ethical, privacy-friendly web analytics tool. Fathom Analytics is very lightweight, doesn’t store IP address or any user-specific information (not even a user ID!), doesn’t store cookies (so we don’t need a cookie banner), and doesn’t integrate with ad-tracking networks.

— The MDS Team