What we keep, why, and for how long.
Bonsai stores the minimum amount of data needed to negotiate your bills on your behalf. Your data is yours — you can export or delete it at any time from Settings → Account.
1. What we store
- Account: your email address and a hashed password (argon2id — we never see the plaintext).
- Bills you upload: the original PDFs/images and the structured audit Bonsai derives from them.
- Negotiation history: the email threads and call transcripts the agent generates with providers, plus any feedback you give the agent.
- Settings: tone, channels, savings floor, notification preferences.
2. What we don't store
We don't sell your data, share it with advertisers, or use it to train external models. Bonsai uses the Anthropic Claude API for agent reasoning; per Anthropic's terms, API inputs and outputs are not used to train their models.
3. Subprocessors
Bonsai uses these vendors to deliver the service:
- Anthropic — Claude API for the auditing and negotiation agents.
- Resend — transactional and negotiation email delivery.
- ElevenLabs — voice synthesis for outbound calls.
Each vendor receives only the data needed to perform its task (e.g. Resend sees the email body and recipient; it does not see your bill PDFs).
4. Identifying you to companies
When the agent contacts a billing department, it identifies itself as negotiating on your behalf and uses the account-holder name on the bill to reach the right account. It does not impersonate you or pretend to be you. You're CC'd on every outbound and see a transcript of every call.
5. Retention
We retain your data for as long as your account is active. When you delete your account, all associated bills, transcripts, threads, and settings are permanently deleted within 30 days. Aggregate, non-identifying logs (e.g. "X negotiations succeeded this month") may be retained.
6. Your rights
You can export everything Bonsai has stored for your account from Settings → Account → Export, and delete your account from the same screen. If you have additional rights under your local jurisdiction (GDPR, CCPA), reply to any Bonsai email and we will honor them.
7. Security
Passwords are hashed with argon2id. Sessions are HTTP-only, same-site cookies. Inbound webhooks (Resend reply mailbox) are verified via svix HMAC signatures. Bonsai is in active development — if you spot a security issue, tell us first; we'll credit you and fix it before publishing.
8. Changes
If we materially change this policy we'll notify you by email before the change takes effect.