Privacy Policy
Last updated: May 23, 2026
1. What we collect
We collect the information you give us and the information that running Bonnie reasonably requires:
- Account information — your name, email address, and a hashed copy of your password. We never store your password in plaintext.
- Business profile — the business name, type, fiscal year configuration, and any other details you enter during onboarding.
- Source documents — files you upload (bank statements, credit-card statements, receipts, formation documents). We keep the file bytes only while we need them to process the document; after processing, we retain the extracted data and document metadata.
- Transactions and bookkeeping data — the ledger we build for you: transactions, categorizations, journal entries, chart of accounts, review notes, and change-history records of edits to your books.
- Bank and card connectivity (via Plaid) — when you link an institution, we store an encrypted Plaid access token, the institution name, an account identifier, and the last few digits (mask) of each linked account. We do not store your bank login credentials.
- Billing identifiers (via Stripe) — your Stripe customer ID and subscription ID, plus the card brand, last four digits, and expiration shown to you in the app. Your full card number is held by Stripe, not by us.
- Operational logs — minimal request logs and error traces used to keep Bonnie running.
2. How we use your data
We use the data above to:
- Run the Bonnie service for you — ingest documents, draft categorizations, produce reports.
- Generate AI-assisted suggestions (categorization proposals, document extraction). When we call an AI provider, we send only the data needed to produce a response for your request.
- Send you transactional email (sign-in confirmations, billing receipts, system notifications).
- Keep Bonnie secure and operational, including diagnosing errors and preventing abuse.
- Comply with our legal obligations.
We do not sell your data, and we do not use it to market unrelated services to you or anyone else. We do not train AI models on your data; when we send data to an AI provider (OpenAI, Anthropic) to produce a response, we use their API under terms that prohibit training on API submissions.
3. Plaid
We use Plaid Inc. to connect your bank and credit-card accounts. When you link an institution, Plaid collects your banking credentials directly — we never see them — and provides Bonnie with the transaction and account data you authorize. Bonnie stores the encrypted Plaid access token plus the account metadata described above under What we collect.
Plaid's collection and use of your data is governed by Plaid's End User Privacy Policy. You can disconnect a linked institution from inside Bonnie at any time.
4. Subprocessors we rely on
Bonnie relies on a small set of vendors to operate. Each handles a slice of your data under its own terms and security commitments. We list every vendor by name so a question about a single provider (e.g., "what does Plaid actually see?") has a single line to read.
- Plaid — Bank and card connectivity.What it receives: Banking credentials (entered directly with Plaid, never stored by Bonnie); transaction and account data you authorize Plaid to share.
- Stripe — Subscription billing and payment processing.What it receives: Your full card number (held by Stripe, not Bonnie); your Stripe customer ID, subscription ID, card brand, last four digits, and expiration.
- Resend — Transactional email delivery.What it receives: Your email address and the contents of the transactional emails Bonnie sends to you (e.g., confirmation links, billing receipts, system notifications).
- OpenAI — AI provider used for categorization assistance and document extraction.What it receives: Only the data needed to produce a response for your request — typically a transaction description or a portion of an uploaded document. We do not send your full ledger.
- Anthropic — AI provider used for categorization assistance and document extraction.What it receives: Only the data needed to produce a response for your request — typically a transaction description or a portion of an uploaded document. We do not send your full ledger.
- Cloud hosting provider — Runs the Bonnie servers and database.What it receives: All data Bonnie stores in order to operate is held on infrastructure operated by our hosting provider, under its physical and operational security controls.
6. Data retention and deletion
We keep your data for as long as your account is active. If you close your account, or if you ask us to delete your data, we will remove your business data and personally identifying information within a reasonable period, except where we need to retain a record for legal, accounting, or security reasons (for example, billing records we are required to keep).
Bonnie also lets you choose how long we hold your bookkeeping records while your account is active. During onboarding (and from your account settings), you can pick one of three retention preferences:
- Default — we keep your books online for the ordinary period needed to run the service for you and to satisfy our own record-keeping obligations.
- Long-term — we keep your books online for an extended period so prior years stay easy to reference inside the app.
- Downloaded-then-removed— once you've downloaded your records, we remove the corresponding data from active storage on the schedule the option describes in the app, subject to the same legal record-keeping exceptions above.
To request deletion or to export your data, write to [email protected] from the email address on your account.
7. Security
We use industry-standard practices to protect your data — encrypted connections in transit, encrypted storage of sensitive credentials such as the Plaid access token, role-based access controls, and a change-history record of edits to your books. No system is perfectly secure; if we learn of an incident that affects you, we'll notify you in accordance with applicable law.
8. Children's privacy
Bonnie is intended for adult business owners. We don't knowingly collect data from anyone under 18. If we discover that we have, we'll delete it.
9. U.S.-only service
Bonnie is built for small businesses operating in the United States, and the service is offered from the United States. If you access Bonnie from outside the United States, you understand that the information you give us will be handled in the United States under the practices described in this policy. For specific regional notes, see Your regional rights below.
10. Changes to this policy
We may update this policy from time to time. When we do, we'll change the "last updated" date above and, for material changes, give you notice in the app or by email.
11. Your regional rights
California residents. If you live in California, you can ask us what personal information we hold about you, ask us to delete it, and ask us to correct it. You can also ask us not to share your personal information for cross-context behavioral advertising — Bonnie does not engage in that activity. To make any of these requests, email [email protected] from the address on your account.
EEA and UK residents. Bonnie is a U.S.-based service and is not specifically directed at residents of the European Economic Area or the United Kingdom. If you live in the EEA or the UK and use Bonnie, you can email [email protected] to ask what information we hold about you, to ask us to correct it, or to ask us to delete it. Using Bonnie from the EEA or the UK means your information will be processed in the United States by us and by the subprocessors listed above under Subprocessors we rely on.
12. Contact
Questions about this policy or about your data? Write to [email protected]. You can also reach us through our support page.