Privacy Policy

Last updated: July 9, 2026

Bonnie is a product of Canopus Financial LLC ("we," "us," or "our"). This policy explains how we handle your information when you use Bonnie (the "Service").

1. What we collect

We collect the information you give us and the information that running Bonnie reasonably requires:

  • Account information — your name, email address, and a hashed copy of your password. We never store your password in plaintext.
  • Business profile — the business name, type, fiscal year configuration, and any other details you enter during onboarding.
  • Source documents — files you upload (bank statements, credit-card statements, receipts, formation documents). We store your uploaded files and the data we extract from them in encrypted cloud storage so you can view and download them from your dashboard. How long we keep fiscal-year records depends on the retention choice described below.
  • Transactions and bookkeeping data — the ledger we build for you: transactions, categorizations, journal entries, chart of accounts, review notes, and change-history records of edits to your books.
  • Bank and card connectivity (via Plaid) — when you link an institution, we store an encrypted Plaid access token, the institution name, an account identifier, and the last few digits (mask) of each linked account. We do not store your bank login credentials.
  • Billing identifiers (via Stripe) — your Stripe customer ID and subscription ID, plus the card brand, last four digits, and expiration shown to you in the app. Your full card number is held by Stripe, not by us.
  • Operational logs — minimal request logs and error traces used to keep Bonnie running.

2. How we use your data

We use the data above to:

  • Run the Bonnie service for you — ingest documents, draft categorizations, produce reports.
  • Generate AI-assisted suggestions (categorization proposals, document extraction). When we call an AI provider, we send only the data needed to produce a response for your request.
  • Send you transactional email (sign-in confirmations, billing receipts, system notifications).
  • Keep Bonnie secure and operational, including diagnosing errors and preventing abuse.
  • Comply with our legal obligations.

We do not sell your data, and we do not use it to market unrelated services to you or anyone else. Some of the information we collect — such as your financial account and transaction data — is sensitive; we use it only to provide the Service to you, and never for advertising or profiling.

3. Plaid

We use Plaid Inc. to connect your bank and credit-card accounts. When you link an institution, Plaid collects your banking credentials directly — we never see them — and provides Bonnie with the transaction and account data you authorize. Bonnie stores the encrypted Plaid access token plus the account metadata described above under What we collect.

Plaid's collection and use of your data is governed by Plaid's End User Privacy Policy. You can disconnect a linked institution from inside Bonnie at any time.

4. Subprocessors we rely on

Bonnie relies on a small number of service providers to operate. Each handles one category of your data, under its own terms and security commitments:

ProviderPurposeInformation handled
PlaidBank and card connectivityCredentials entered directly with Plaid, plus the account and transaction data you authorize Plaid to share with Bonnie.
StripeSubscription billingPayment details entered directly with Stripe, billing contact details, and Bonnie customer, subscription, and payment-status identifiers.
ResendTransactional emailYour email address and the contents of account, security, billing, support, and service-notification messages.
OpenAIAI-assisted categorization and document extractionThe transaction descriptions, business context, or relevant document text or images needed for the specific bookkeeping request.
RailwayApplication, API, and database hostingThe account, business, bookkeeping, and operational data Bonnie stores and processes to run the Service.
CloudflareWebsite delivery, encrypted object storage, and privacy-focused traffic measurementUploaded files stored in R2 and limited website request and traffic information used to deliver and operate Bonnie.
Google AnalyticsAggregate measurement on public marketing and early acquisition-funnel pagesA sanitized page path, page title, and referrer plus browser, device, and network information. Bonnie does not send URL query strings or fragments, and disables measurement on account, credential, onboarding, billing, dashboard, and provider-return routes.

This list reflects Bonnie's current production data flows. Questions about a provider or data flow can be sent to [email protected].

5. Cookies and tracking

To keep you signed in, Bonnie keeps a short-lived access token in your browser's memory and a longer-lived refresh token in a secure, http-only cookie that scripts on the page cannot read. We do not run third-party advertising trackers or build advertising profiles from your books.

Cloudflare Web Analytics measures initial page loads on an explicit list of public marketing and early acquisition-funnel pages, with automatic single-page-app route tracking disabled. Google Analytics measures page views on that same allowlist, including Bonnie's demo, signup, and get-started pages. Bonnie sends Google a sanitized path and referrer without URL query strings or fragments, disables advertising signals, deduplicates client-side page views, and disables measurement after navigation into authentication, onboarding, billing, dashboard, or provider-return routes. Google Analytics may use analytics identifiers to distinguish visits.

6. Data retention and deletion

Bonnie supports three choices for fiscal-year source documents, transactions, journal entries, and generated reports:

  • Default— records remain available until the fiscal year's retention deadline, normally 3.5 years after that fiscal year begins, and are then eligible for removal. Bonnie sends reminders as the deadline approaches.
  • Long-term — fiscal-year records are exempt from deadline-based removal while this choice remains active. They remain subject to account deletion and any records we must retain for a legal, security, or dispute-related reason.
  • Downloaded-then-removed — after a fiscal-year copy is marked downloaded, the records remain available until their retention deadline and are then eligible for removal.

Account, security, billing, and change-history records can follow different schedules where needed to operate the Service, prevent abuse, resolve disputes, or meet a legal obligation. Closing your account or asking us to delete it starts removal of your account and business data from Bonnie and its service providers, except for the limited records we must retain for one of those reasons.

To request deletion or to export your data, write to [email protected] from the email address on your account.

7. Security

We use industry-standard practices to protect your data — encrypted connections in transit, encrypted storage of sensitive credentials such as the Plaid access token, role-based access controls, and a change-history record of edits to your books. No system is perfectly secure; if we learn of an incident that affects you, we'll notify you in accordance with applicable law.

8. Children's privacy

Bonnie is intended for adult business owners. We don't knowingly collect data from anyone under 18. If we discover that we have, we'll delete it.

9. U.S.-only service

Bonnie is built for small businesses operating in the United States, and the service is offered from the United States. If you access Bonnie from outside the United States, you understand that the information you give us will be handled in the United States under the practices described in this policy. For specific regional notes, see Your privacy rights below.

10. Changes to this policy

We may update this policy from time to time. When we do, we'll change the "last updated" date above and, for material changes, give you notice in the app or by email.

11. Your privacy rights

California residents.California residents may have the right to know the categories and specific pieces of personal information we collected, the sources and business purposes described in this policy, and the categories of service providers that receive it. They may also have rights to access, correct, or delete personal information; to receive a portable copy; to limit certain uses of sensitive personal information; and to opt out of sale, sharing, targeted advertising, or qualifying profiling. Bonnie does not sell personal information or use it for targeted advertising. We will not discriminate against you for exercising a privacy right. You may use an authorized agent, although we may need to verify your identity and the agent's authority before completing a request.

Other U.S. state privacy rights.Depending on your state of residence, you may have the right to ask us what personal information we hold about you, to access or receive a copy of it, to correct it, to delete it, and to opt out of the "sale" or "sharing" of your personal information or its use for targeted advertising or certain profiling. Bonnie does not sell or share your personal information and does not use it for targeted advertising, so there is generally nothing to opt out of in that respect. To exercise any of these rights, email [email protected] from the address on your account. We will not discriminate against you for exercising your rights, and — where your state provides an appeal process — you may ask us to reconsider a decision on your request.

EEA and UK residents. Bonnie is a U.S.-based service and is not specifically directed at residents of the European Economic Area or the United Kingdom. If you live in the EEA or the UK and use Bonnie, you can email [email protected] to ask what information we hold about you, to ask us to correct it, or to ask us to delete it. Using Bonnie from the EEA or the UK means your information will be processed in the United States by us and by the subprocessors listed above under Subprocessors we rely on.

12. Contact

Bonnie is operated by Canopus Financial LLC. Questions about this policy or about your data? Write to [email protected]. You can also reach us through our support page.