Privacy Policy

Last updated: July 8, 2026

Bonnie is a product of Canopus Financial LLC ("we," "us," or "our"). This policy explains how we handle your information when you use Bonnie (the "Service").

1. What we collect

We collect the information you give us and the information that running Bonnie reasonably requires:

  • Account information — your name, email address, and a hashed copy of your password. We never store your password in plaintext.
  • Business profile — the business name, type, fiscal year configuration, and any other details you enter during onboarding.
  • Source documents — files you upload (bank statements, credit-card statements, receipts, formation documents). We store your uploaded files and the data we extract from them in encrypted cloud storage so you can view and download them from your dashboard. We keep them for up to 3.5 years unless you delete them or close your account.
  • Transactions and bookkeeping data — the ledger we build for you: transactions, categorizations, journal entries, chart of accounts, review notes, and change-history records of edits to your books.
  • Bank and card connectivity (via Plaid) — when you link an institution, we store an encrypted Plaid access token, the institution name, an account identifier, and the last few digits (mask) of each linked account. We do not store your bank login credentials.
  • Billing identifiers (via Stripe) — your Stripe customer ID and subscription ID, plus the card brand, last four digits, and expiration shown to you in the app. Your full card number is held by Stripe, not by us.
  • Operational logs — minimal request logs and error traces used to keep Bonnie running.

2. How we use your data

We use the data above to:

  • Run the Bonnie service for you — ingest documents, draft categorizations, produce reports.
  • Generate AI-assisted suggestions (categorization proposals, document extraction). When we call an AI provider, we send only the data needed to produce a response for your request.
  • Send you transactional email (sign-in confirmations, billing receipts, system notifications).
  • Keep Bonnie secure and operational, including diagnosing errors and preventing abuse.
  • Comply with our legal obligations.

We do not sell your data, and we do not use it to market unrelated services to you or anyone else. Some of the information we collect — such as your financial account and transaction data — is sensitive; we use it only to provide the Service to you, and never for advertising or profiling.

3. Plaid

We use Plaid Inc. to connect your bank and credit-card accounts. When you link an institution, Plaid collects your banking credentials directly — we never see them — and provides Bonnie with the transaction and account data you authorize. Bonnie stores the encrypted Plaid access token plus the account metadata described above under What we collect.

Plaid's collection and use of your data is governed by Plaid's End User Privacy Policy. You can disconnect a linked institution from inside Bonnie at any time.

4. Subprocessors we rely on

Bonnie relies on a small number of service providers to operate. Each handles one category of your data, under its own terms and security commitments:

  • Bank and card connectivity — We use Plaid to let you link your financial institutions. Plaid receives the banking credentials you enter directly with it (never stored by Bonnie) and the transaction and account data you authorize it to share. See Plaid above.
  • Payment processing— We use Stripe to process subscription billing. Stripe receives your full card number (held by Stripe, not Bonnie) along with billing identifiers such as your customer and subscription IDs and your card's brand, last four digits, and expiration.
  • Transactional email — Our email provider delivers the account and billing emails Bonnie sends you. It receives your email address and the contents of those messages.
  • AI categorization and document extraction — Our AI provider generates categorization suggestions and extracts data from your documents. It receives only the data needed to produce a response for a given request — typically a transaction description or a portion of an uploaded document — never your full ledger.
  • Cloud hosting and storage— Our hosting and storage providers run Bonnie's servers, database, and encrypted document storage. They hold the data Bonnie stores in order to operate, under their physical and operational security controls.

If you'd like to know the specific provider behind any of these categories, email us at [email protected].

5. Cookies and tracking

To keep you signed in, Bonnie keeps a short-lived access token in your browser's memory and a longer-lived refresh token in a secure, http-only cookie that scripts on the page cannot read. Both are cleared when you sign out. We don't run third-party advertising trackers in the app, and we don't build profiles of you for ad targeting. Visiting our marketing pages (e.g., the home page, pricing) may set minimal analytics cookies for basic traffic measurement.

6. Data retention and deletion

We keep your data for as long as your account is active. If you close your account, or if you ask us to delete your data, we will remove your business data and personally identifying information within a reasonable period, except where we need to retain a record for legal, accounting, or security reasons (for example, billing records we are required to keep).

To request deletion or to export your data, write to [email protected] from the email address on your account.

7. Security

We use industry-standard practices to protect your data — encrypted connections in transit, encrypted storage of sensitive credentials such as the Plaid access token, role-based access controls, and a change-history record of edits to your books. No system is perfectly secure; if we learn of an incident that affects you, we'll notify you in accordance with applicable law.

8. Children's privacy

Bonnie is intended for adult business owners. We don't knowingly collect data from anyone under 18. If we discover that we have, we'll delete it.

9. U.S.-only service

Bonnie is built for small businesses operating in the United States, and the service is offered from the United States. If you access Bonnie from outside the United States, you understand that the information you give us will be handled in the United States under the practices described in this policy. For specific regional notes, see Your privacy rights below.

10. Changes to this policy

We may update this policy from time to time. When we do, we'll change the "last updated" date above and, for material changes, give you notice in the app or by email.

11. Your privacy rights

U.S. state privacy rights.Depending on your state of residence, you may have the right to ask us what personal information we hold about you, to access or receive a copy of it, to correct it, to delete it, and to opt out of the "sale" or "sharing" of your personal information or its use for targeted advertising or certain profiling. Bonnie does not sell or share your personal information and does not use it for targeted advertising, so there is generally nothing to opt out of in that respect. Where we detect a Global Privacy Control (GPC) signal, we treat it as a valid request to opt out of any such activity. To exercise any of these rights, email [email protected] from the address on your account. We will not discriminate against you for exercising your rights, and — where your state provides an appeal process — you may ask us to reconsider a decision on your request.

EEA and UK residents. Bonnie is a U.S.-based service and is not specifically directed at residents of the European Economic Area or the United Kingdom. If you live in the EEA or the UK and use Bonnie, you can email [email protected] to ask what information we hold about you, to ask us to correct it, or to ask us to delete it. Using Bonnie from the EEA or the UK means your information will be processed in the United States by us and by the subprocessors listed above under Subprocessors we rely on.

12. Contact

Bonnie is operated by Canopus Financial LLC. Questions about this policy or about your data? Write to [email protected]. You can also reach us through our support page.