top of page

Privacy Policy

BONSAI.IO PRIVACY POLICY

VERSION: 1.0

EFFECTIVE DATE: JANUARY 2, 2026

1. INTRODUCTION

This Privacy Policy (“Policy”) explains how Bonsai.io (“we,” “our,” “us”) collect, use, and protect your personal information. We prioritize Data Minimization: we only collect what is strictly necessary to render your interior design vision.

2. INFORMATION COLLECTION

  • Account Identity: Email and phone number (verified via Twilio OTP).

  • User-Generated Content: Uploaded room photos, generated designs, and "Sticker" cutouts created with the Magic Lasso tool.

  • Spatial Metadata: Numerical coordinates (bounding boxes) and design preferences (styles, budgets) associated with your room.

  • Usage & Analytics: Feature interaction logs, crash reports, and anonymized device identifiers.

  • Payment Data: Transactions are processed securely through Apple StoreKit and Stripe. We do not store raw credit card numbers; Stripe processes this data under its own 2026 Privacy Standards.

  • Biometric Data: If enabled, the App utilizes iOS FaceID/TouchID for secure Keychain access. Bonsai.io never accesses, collects, or stores your biometric data. All authentication occurs locally via the iOS Secure Enclave.

3. DATA USAGE & TRAINING POLICY

  • Core Service: To process your photos into designs using generative neural networks.

  • Persistence: To allow you to "lift" and "stamp" objects across sessions by storing your "Closet" items and room metadata on our secure AWS servers.

  • No-Training Guarantee: Bonsai.io does not use your uploaded photos or private room designs to train our base AI models or any third-party models. Your home data remains isolated to your account.

4. SHARING AND DISCLOSURE

We do not sell your personal data. We share information only with essential service providers:

  • AWS: Secure U.S.-based hosting and encrypted image storage.

  • Stripe / Apple: Payment processing and entitlement management.

  • Twilio: Transactional SMS for account security.

  • Affiliate Partners: If you click a "shoppable link," a randomized tracking token may be shared with the retailer to attribute the design-match commission.

5. DATA STORAGE AND SECURITY

  • Encryption: Data is protected by AES-256 at rest and TLS 1.3 in transit.

  • Local Security: We utilize the iOS Keychain for sensitive tokens and SwiftData for local design caching.

  • Residency: All backend processing occurs on AWS nodes located within the United States.

6. YOUR RIGHTS (NJDPA & DELETE ACT)

In compliance with the New Jersey Data Protection Act and the California DELETE Act:

  • Right to Erasure: Deleting your account via the App Settings triggers an automated "Hard Purge." Your PII, photos, and metadata will be permanently erased from our active servers and backups within 30 days.

  • Right to Appeal: If a data request is denied, you may appeal the decision by contacting support@bonsai-app.com.

  • Symmetry of Choice: We respect iOS App Tracking Transparency (ATT). If you decline tracking, we use only functional identifiers required for security.

7. CONTACT US

Email: hello@bonsai-app.io

Jurisdiction: State of New Jersey, USA

Owners: Joshua Fried and Samuel Minkov-Temis

bottom of page