Last Updated: November 2025
1. Introduction
This Cookie Policy explains how Bondi (“we”, “us”, or “our”) uses cookies and similar tracking technologies when you visit our website and use our services. This policy should be read in conjunction with our Privacy Policy.
As a US-based company offering services globally, we comply with applicable data protection regulations including the EU General Data Protection Regulation (GDPR) and the ePrivacy Directive. We use analytics tools for service improvement and performance monitoring but do not actively market to, target, or profile EU residents through tracking technologies. We are committed to transparency about the technologies we use and your rights regarding your personal data.
2. What Are Cookies?
Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They serve various purposes, including remembering your preferences, enabling essential functionality, and analyzing how you use our platform to improve service quality.
Cookies can be “persistent” (remain on your device for a set period) or “session” (deleted when you close your browser).
3. Legal Basis for Using Cookies
Under GDPR Article 6(1), we process cookie data based on:
- Consent (Article 6(1)(a)) - for analytics, marketing, and non-essential functional cookies
- Legitimate Interest (Article 6(1)(f)) - for essential cookies necessary for service delivery
- Contractual Necessity (Article 6(1)(b)) - for cookies required to provide our SaaS platform
4. Categories of Cookies We Use
4.1 Strictly Necessary Cookies
These cookies are essential for our platform to function and cannot be switched off. They are usually only set in response to actions you take, such as logging in, setting security preferences, or filling in forms.
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
bondi_session | Maintains your authenticated session | Session | Bondi |
csrf_token | Prevents cross-site request forgery attacks | Session | Bondi |
__Secure-auth-token | Secure authentication token | 7 days | Bondi |
cookie_consent | Stores your cookie consent preferences | 12 months | Bondi |
lb_affinity | Load balancing - ensures requests go to same server | Session | AWS |
Legal Basis: Legitimate interest and contractual necessity - these cookies are required to provide our services securely.
4.2 Analytics & Performance Cookies
These cookies help us understand how visitors interact with our website and platform to improve service quality and user experience. All information collected is aggregated and anonymous. We implement privacy-enhanced analytics with IP anonymization and do not use these tools for cross-site tracking or user profiling.
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
_ga | Distinguishes unique users (anonymized) | 2 years | Google Analytics |
_ga_* | Stores and counts pageviews (GA4, anonymized) | 2 years | Google Analytics |
_gid | Distinguishes users (anonymized) | 24 hours | Google Analytics |
_gat | Throttles request rate | 1 minute | Google Analytics |
mp_* | Tracks product usage and feature adoption | 1 year | Mixpanel |
mp_optout | Stores analytics opt-out preference | 5 years | Mixpanel |
Legal Basis: Consent (GDPR Article 6(1)(a))
Privacy-Enhanced Configuration:
- Google Analytics: Configured with IP anonymization (
anonymizeIP: true) to mask the last octet of IP addresses before processing - Mixpanel: Configured with privacy-first settings and provides clear opt-out mechanism
- No Profiling: These tools are used solely for aggregate analytics and performance monitoring, not for behavioral targeting or user profiling
Third-Party Data Processing: Google Analytics data is processed by Google LLC (USA) and Mixpanel data is processed by Mixpanel Inc (USA). Data transfers are covered by Standard Contractual Clauses (SCCs) approved by the European Commission.
Opt-Out:
- Use our cookie consent tool to withdraw consent at any time
- Google Analytics: Google Analytics Opt-out Browser Add-on
- Mixpanel: Mixpanel Opt-out Page
4.3 Marketing & Advertising Cookies
We do not use marketing or remarketing cookies for visitors from the European Union. Our service does not employ behavioral advertising, retargeting, or cross-site tracking technologies for EU residents.
Marketing tools and advertising pixels may be employed for visitors from other geographic markets (non-EU) in compliance with applicable local regulations. If you are accessing our service from the EU, you will not be subject to marketing cookies or tracking for advertising purposes.
4.4 Functional Cookies
These cookies enable enhanced functionality and personalization, such as remembering your preferences and choices.
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
theme_preference | Remembers dark/light mode choice | 1 year | Bondi |
language | Stores language preference | 1 year | Bondi |
sidebar_state | Remembers sidebar collapse state | 30 days | Bondi |
recent_workspaces | Quick access to recent workspaces | 30 days | Bondi |
Legal Basis: Consent (GDPR Article 6(1)(a)) - though these enhance your experience, they are not strictly necessary.
5. How to Manage Your Cookie Preferences
5.1 Cookie Consent Manager
When you first visit our website, you will see a cookie banner allowing you to accept or reject different categories of cookies. You can access this tool at any time by:
- Clicking “Cookie Settings” in the website footer
- Visiting our cookie preference center at
/cookie-settings
You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
5.2 Browser Settings
Most web browsers allow you to control cookies through their settings. However, blocking all cookies may impact your ability to use our platform effectively.
Common browsers:
5.3 Do Not Track (DNT)
While we respect Do Not Track signals, there is no universal standard. We recommend using our cookie consent tool for the most reliable control over your preferences.
6. Your Rights Under GDPR
As a data subject in the EU, you have the following rights regarding cookies and personal data processing:
- Right to Access (Article 15) - Request information about what data we collect
- Right to Rectification (Article 16) - Correct inaccurate personal data
- Right to Erasure (Article 17) - Request deletion of your data (“right to be forgotten”)
- Right to Restrict Processing (Article 18) - Limit how we use your data
- Right to Data Portability (Article 20) - Receive your data in a structured format
- Right to Object (Article 21) - Object to processing based on legitimate interests
- Right to Withdraw Consent (Article 7(3)) - Withdraw cookie consent at any time
- Right to Lodge a Complaint (Article 77) - File a complaint with your supervisory authority
7. International Data Transfers
As a US-based company, some of our service providers (Google LLC, Mixpanel Inc) process data in the United States. Data transfers from the European Economic Area (EEA) to countries outside the EEA are protected by:
- Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914)
- Adequacy Decisions where applicable
- Supplementary measures to ensure data protection equivalent to EU standards
Our analytics tools are configured with privacy-enhanced settings (including IP anonymization) to minimize data collection and processing of personal information.
8. Cookie Retention Periods
We retain cookie data only as long as necessary for the purposes outlined in this policy:
- Essential cookies: Deleted when you close your browser or after the session expires
- Analytics cookies: Maximum 2 years (Google Analytics), 1 year (Mixpanel); aggregated data retained for historical analysis
- Functional cookies: Maximum 1 year, deleted if you clear your preferences
We do not use marketing cookies for EU visitors, so no marketing cookie retention applies.
9. Updates to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in:
- The cookies we use
- Legal requirements
- Our business practices
- New technologies
When we make material changes, we will notify you by updating the “Last Updated” date at the top of this policy. For significant changes, we may seek your consent again.
10. Contact Us & Data Protection
If you have questions about our use of cookies, wish to exercise your GDPR rights, or want to contact our Data Protection Officer:
Email: privacy@heybondi.com
Data Protection Officer: dpo@heybondi.com
Registered Address: Bondi Labs, Inc., 2803 Philadelphia Pike, Suite B #356, Claymont, DE 19703, United States
EU Representative Status
As a US-based company, we process personal data of EU residents on an occasional basis through privacy-enhanced analytics tools only (no systematic monitoring, profiling, or targeting of EU residents). Under GDPR Article 27(2)(a), we qualify for the exception to the EU representative appointment requirement because:
- Our processing of EU personal data is occasional (not regular or systematic)
- We do not engage in large-scale processing of special categories of data
- We do not conduct systematic monitoring or behavioral targeting of EU residents
- Our analytics tools are configured with IP anonymization and privacy-first settings
Note: This assessment is based on current operations as of November 2025 and may be revised as our business evolves.
We remain fully committed to GDPR compliance and data subject rights. EU residents can contact us directly at the email addresses above for any privacy-related inquiries or to exercise their rights.
Supervisory Authority: EU residents have the right to lodge a complaint with their local data protection authority if they believe we have not complied with GDPR requirements.