top of page

Privacy Policy

Owner/Controller: Bonsai Products, LLC


Version: 1.0 


Effective Date: February 17, 2026

​

Last Updated: February 17, 2026
​

This Privacy Policy (“Policy”) explains how Bonsai Products, LLC (“Bonsai,” “we,” “our,” or “us”) collects, uses, shares, and protects information when you use the Bonsai.io mobile application (the “App”) and related services (collectively, the “Service”).

 

This Policy applies to information collected through the App, through customer support communications, and through authorized third-party integrations used to operate the Service.

 

We designed Bonsai around data minimization. We collect and process only the information reasonably necessary to provide and secure your interior design experience — including generating AI-powered room designs from your uploaded photos and enabling object cutouts (“stickers”) and spatial design tools.

 

This Privacy Policy is incorporated into and forms part of our Terms of Service.

 

1. SCOPE & KEY DEFINITIONS

 

Scope

 

This Privacy Policy applies to Personal Information collected:

​

  • Through the Bonsai.io iOS mobile application and its in-app features

  • Through our customer support communications (including email correspondence)

  • Through authorized third-party services and integrations used to operate the Service (such as payment processors and SMS verification providers)

 

This Policy does not apply to information collected by third-party websites, applications, or services that are not operated or controlled by Bonsai Products, LLC.

 

Definitions

 

For purposes of this Policy:

 

Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your device.

 

User Content” means photos you upload, AI-generated designs created from your content, and object cutouts (“stickers”) or related spatial design assets you create within the App.

 

Service Providers” means third-party vendors and contractors engaged by us to support operation of the Service, including hosting, storage, analytics, payment processing, and account verification services.

 

Controller” or “Business” refers to Bonsai Products, LLC, which determines the purposes and means of processing Personal Information under applicable data protection laws.

 

2. INFORMATION WE COLLECT

 

We collect information in the categories described below. Some information is required to provide the Service. If you choose not to provide certain information, some features may not function properly.

 

A. Information You Provide Directly

 

Account Information

  • Email address

  • Phone number (if you elect to use phone-based verification)

  • Verification status (e.g., confirmation of one-time passcode (OTP) authentication; we do not store message content)

 

User Content

  • Room photos you upload

  • AI-generated room designs derived from your content

  • Object cutouts (“stickers”) created using Magic Lasso or related object selection tools

  • Optional notes, preferences, or design constraints you provide (e.g., style selections, budgets, saved “closet” items)

 

Support Communications

  • Information you provide when contacting support, including emails, attachments, screenshots, and related correspondence

 

B. Information Collected Automatically

 

Device & Technical Information

  • Device type and model

  • Operating system and version

  • App version

  • Language settings and approximate time zone

  • IP address (primarily for security and fraud prevention)

  • Device or app instance identifiers used for security, analytics, and fraud prevention

 

Usage & Diagnostic Information

  • Feature interaction events (e.g., screen views, tool usage, taps)

  • Performance metrics

  • Crash logs and diagnostic reports

 

C. Room & Design Metadata
 

To power object placement, sticker functionality, and cross-session persistence, we may process structured room metadata, including:

​

  • Object bounding boxes and spatial coordinates

  • Placement and transformation metadata for design elements

  • Saved style preferences, budgets, and “closet” collections

  • Design history associated with your account

 

This metadata is functional in nature and is stored to preserve your designs and enable continued editing across sessions. Because Bonsai allows you to save designs across sessions, your User Content (Photos and Designs) is linked to your account identity via a unique internal identifier. This is required to provide the "Gallery" and "Staging Area" features.

 

D. Payments & Subscriptions

 

Payments and subscription entitlements are processed by third-party providers:

  • Apple StoreKit (for in-app purchases and subscription management through the App Store)

  • Stripe (if applicable for web-based or alternative payment processing)

We do not store raw credit card numbers in our systems. Payment processors handle payment information in accordance with their own privacy policies and security standards.

 

E. Biometrics (Face ID / Touch ID)

 

If you enable Face ID or Touch ID:

  • The App may use iOS biometric authentication solely to unlock credentials stored securely in the iOS Keychain.

  • Bonsai does not access, collect, receive, or store biometric identifiers or biometric information.

  • Biometric authentication occurs locally on your device via Apple’s Secure Enclave.

 

3. HOW WE USE INFORMATION

 

We use the information we collect for the following purposes:

 

A. Provide and Operate the Service

​

  • Create, maintain, and manage your account

  • Verify identity and secure logins (including one-time passcode (OTP) authentication, if enabled)

  • Process room photos to generate AI-powered designs and visual transformations

  • Enable object cutouts (“stickers”), placement tools, and spatial editing functionality

  • Save, retrieve, and synchronize your designs, stickers, and preferences across sessions and devices

 

B. Improve Performance and Reliability

​

  • Diagnose and resolve technical issues, crashes, and errors

  • Improve feature usability, design workflows, and overall performance

  • Monitor system load, stability, and infrastructure reliability

 

C. Security and Fraud Prevention

​

  • Protect accounts from unauthorized access

  • Detect, investigate, and prevent abuse, bot activity, or fraudulent behavior

  • Enforce our policies, agreements, and acceptable use standards

 

D. Communications

​

  • Send transactional messages, including verification codes and security alerts

  • Respond to customer support inquiries and requests

  • Provide important Service-related notices, including updates to policies or security practices

 

E. Legal and Compliance

​

  • Comply with applicable laws, regulations, and lawful requests

  • Resolve disputes and enforce our agreements

 

4. AI & MODEL TRAINING POLICY (NO-TRAINING GUARANTEE)

A. Core Processing

Your uploaded photos and related room information are processed to generate designs, edits, and visual transformations within the Service. This processing may involve artificial intelligence and machine learning systems, including generative models and image transformation pipelines.

 

B. No-Training Guarantee

 

Bonsai does not use your uploaded photos, private room designs, stickers, or associated room metadata to train our base AI models or any third-party foundation models.

 

Your content is processed solely to provide the Service to you and remains logically isolated to your account.

 

C. Human Review

 

We do not routinely access or review your private room photos or generated designs.

 

Limited human access may occur only in the following circumstances:

  • You request support and voluntarily share content with us

  • Security investigations or abuse prevention activities

  • Legal compliance or lawful requests

 

Where access occurs, it is restricted to authorized personnel and subject to internal access controls and logging procedures.

 

5. HOW WE SHARE INFORMATION

 

We do not sell your Personal Information.

We share information only in the circumstances described below:

 

A. Service Providers

 

We may share Personal Information with third-party service providers that support operation of the Service, including:

  • Cloud hosting and storage providers (e.g., AWS for secure hosting and encrypted image storage)

  • SMS and verification providers (e.g., Twilio for OTP delivery and account security)

  • Payment processors (e.g., Apple StoreKit and Stripe)

  • Analytics or crash reporting providers, if enabled

 

We use Google Vertex AI as our primary AI sub-processor. Photos uploaded for design generation are transmitted to Google’s secure servers in the United States. These photos are processed in a "stateless" manner as per our No-Training Guarantee.

 

These service providers are authorized to access and use Personal Information only as necessary to perform services on our behalf and in accordance with contractual confidentiality and data protection obligations.

 

B. Affiliate / Shoppable Links

 

If you click a “shop” or “buy” link within the App:

  • We may share a pseudonymous referral identifier (such as a randomized tracking token) with the retailer or affiliate network to attribute commission.

  • We do not intentionally share your uploaded room photos, generated designs, stickers, or room metadata with retailers for advertising or tracking purposes.

  • Retailers and affiliate networks operate independently and maintain their own privacy policies governing their data practices.

 

C. Legal, Safety, and Enforcement

 

We may disclose Personal Information if we believe in good faith that disclosure is necessary to:

  • Comply with applicable laws, regulations, legal processes, or governmental requests

  • Protect the safety, rights, or property of users, Bonsai Products, LLC, or others

  • Detect, prevent, or address fraud, security vulnerabilities, or abuse

 

D. Business Transfers

 

In the event of a merger, acquisition, financing, reorganization, bankruptcy, sale of company assets, or similar corporate transaction, Personal Information may be transferred as part of that transaction, subject to appropriate confidentiality and legal protections.

 

6. DATA STORAGE, LOCATION

& SECURITY

 

A. Storage & Processing Location

 

Our backend infrastructure is hosted in the United States, and Personal Information is processed and stored in the United States. If you access the Service from outside the United States, you acknowledge that your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

 

B. Security Measures

 

We implement administrative, technical, and physical safeguards designed to protect Personal Information, including:

  • Encryption in transit (e.g., TLS)

  • Encryption at rest for sensitive data

  • Access controls and role-based permissions

  • Secure storage of credentials and tokens (including use of the iOS Keychain where applicable)

  • Monitoring systems designed to detect suspicious activity and unauthorized access

 

While we take reasonable measures to protect Personal Information, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

 

7. DATA RETENTION

 

We retain Personal Information only for as long as reasonably necessary to:

  • Provide the Service and maintain your account

  • Comply with legal obligations

  • Resolve disputes and enforce agreements

  • Maintain security, integrity, and prevent abuse

 

Account Deletion / “Hard Purge”

 

Users can initiate account deletion at any time via Profile > Settings > Manage

Account. Upon confirmation:

​

  • Your Personal Information and User Content will be removed from active systems; and

  • Deletion from backup systems will occur in accordance with our backup lifecycle and retention processes.

​

Deletion from active systems and backup environments is generally completed within thirty (30) days, unless a longer retention period is required by law or reasonably necessary for security, fraud prevention, dispute resolution, or other legitimate business purposes.

​

8. YOUR PRIVACY RIGHTS & CHOICES

 

Depending on your jurisdiction, you may have certain rights regarding your Personal Information. Where feasible, we extend core privacy controls to all users.

 

A. Access, Deletion, Correction, and Portability

 

Subject to applicable law, you may have the right to request:

  • Access to certain Personal Information we maintain about you

  • Deletion of your account and associated Personal Information

  • Correction of inaccurate or incomplete Personal Information

  • A copy of your Personal Information in a portable format, where technically feasible

 

B. Opt-Out of Certain Processing

 

Where applicable, you may have the right to opt out of:

  • Targeted advertising

  • The sale or sharing of Personal Information (as defined by applicable law)

  • Certain profiling activities that produce legal or similarly significant effects

At this time, Bonsai does not engage in the sale of Personal Information or targeted advertising.

 

C. App Tracking Transparency (ATT)

 

We respect Apple’s App Tracking Transparency (ATT) framework. If you decline tracking permissions, we do not override your choice and will use only functional identifiers necessary for security and core Service operations.

 

D. Verification of Requests

 

To protect your privacy and security, we may require verification of your identity before processing certain requests. Verification may include confirming account credentials, email address, or phone number associated with your account.

 

E. Authorized Agents

 

Where permitted by applicable law, you may designate an authorized agent to submit requests on your behalf. We may require written authorization and reasonable verification of both your identity and the agent’s authority.

 

9. NEW JERSEY (NJDPA) DISCLOSURES

 

If you are a New Jersey resident, you may have certain rights under the New Jersey Data Privacy Act (“NJDPA”), including the right to:

  • Confirm whether we are processing your Personal Information

  • Access Personal Information we maintain about you

  • Correct inaccuracies in your Personal Information

  • Delete Personal Information provided by or obtained about you

  • Obtain a copy of your Personal Information in a portable format

  • Opt out of certain processing activities, including targeted advertising, sale of Personal Information (if applicable), or certain profiling

 

The NJDPA is enforced by the New Jersey Attorney General and became effective on January 15, 2025.

 

Appeals

 

If we deny your request, you may appeal the decision by contacting us at hello@bonsai-app.io with the subject line “NJDPA Appeal.” We will review and respond to your appeal in accordance with applicable law.

 

10. CALIFORNIA DISCLOSURES (INCLUDING DELETE ACT CONTEXT)

 

A. California Consumer Privacy Rights

 

If you are a California resident, you may have certain rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”), including the right to:

  • Know what Personal Information we collect, use, disclose, or retain

  • Request deletion of Personal Information, subject to certain exceptions

  • Request correction of inaccurate Personal Information

  • Access specific pieces of Personal Information we maintain about you

  • Opt out of the sale or sharing of Personal Information, as defined by California law

  • Limit the use of certain sensitive Personal Information, where applicable

 

Bonsai does not sell or share Personal Information as those terms are defined under California law.

 

B. DELETE ACT / DROP (Data Broker Tool)

 

California’s DELETE Act established a centralized deletion mechanism known as the Data Broker Requests and Opt-Out Platform (“DROP”). DROP became available beginning January 1, 2026, and data brokers are subject to processing obligations beginning August 1, 2026, subject to applicable regulations.

 

Bonsai Products, LLC operates as a first-party service provider to its users and is generally not considered a “data broker” under California law. Nevertheless, we honor deletion requests submitted directly through our account deletion process and privacy request channels described in this Policy.

 

11. CHILDREN’S PRIVACY

 

The Service is not directed to children under the age of 13, and Bonsai does not knowingly collect Personal Information from children under 13.

 

If we become aware that Personal Information has been collected from a child under 13 without verified parental consent, we will take reasonable steps to delete such information promptly.

 

If you believe that a child under 13 has provided Personal Information to us, please contact us at hello@bonsai-app.io so that we may investigate and take appropriate action.

 

12. THIRD-PARTY LINKS & SERVICES

 

The Service may contain links to third-party websites, retailers, affiliate networks, or external services that are not owned or controlled by Bonsai.

 

This Privacy Policy applies solely to Personal Information collected by Bonsai through the Service. We are not responsible for the privacy practices, policies, or content of third-party websites or services.

 

We encourage you to review the privacy policies of any third-party websites or services you access through the Service.

 

13. CHANGES TO THIS PRIVACY POLICY

 

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs.

 

When we make updates, we will revise the “Effective Date” at the top of this Privacy Policy. If we make material changes, we may provide additional notice, such as through an in-app notification or other reasonable means.

 

Your continued use of the Service after any updates become effective constitutes acceptance of the revised Privacy Policy.

​

14. CONTACT US

 

If you have questions about this Privacy Policy or our privacy practices, you may contact us at:

 

Email: hello@bonsai-app.io

 

Owner / Controller: Bonsai Products, LLC
Jurisdiction: New Jersey, United States

​

​

​

​

​

​

​

​

​

bottom of page