Privacy policy
DRAFT — pending review by legal counsel before public launch. Effective date: [TO BE SET AT LAUNCH].
- We don't sell your data. We never will.
- No ads, no data brokers — nothing about you is for sale.
- Everything you log is private to your account. You can export or delete all of it, any time.
Who we are
Blue Bonsai is operated by [OPERATING ENTITY — to be set] (“we,” “us”). For privacy questions, contact [CONTACT EMAIL — to be set].
What we collect
We collect only what we need to operate the App for you:
- Account info. Your email address (for sign-in via emailed one-time link) and a small profile (onboarding answers like your goals or known triggers, if you choose to share them, plus app preferences).
- Your entries. What you log — journal entries, check-ins, ratings, notes, reflections, practice attempts. This content is private to your account.
- Derived signals. Patterns the app computes from your entries (e.g. “X tends to help when Y”). Derived from your data, never sold.
- Basic operational data. Standard request metadata (timestamps, error logs) needed to run a reliable service, plus privacy-preserving traffic analytics (no cross-site tracking, no advertising identifiers).
What we don't collect
- No third-party advertising trackers, no data brokers.
- No precise location.
- No contacts, microphone, or camera data.
How we use what we collect
- To run the App for you — store your entries, show them back to you, compute the patterns the App is built around.
- To process specific requests on your behalf (e.g. when you tap to get an AI reflection on something you wrote, that text is sent to our AI provider to generate a response).
- To keep the App working and safe (security, abuse prevention, debugging).
We do not use your content to advertise to you. We do not sell your content. We do not share it with third parties for their own purposes.
Your per-entry privacy control
Every journal entry has a per-entry privacy toggle: keep it fully private to you (the default for sensitive entry types like reflections and flashback sessions), or allow it to inform the pattern engine. The toggle is honored absolutely; private entries are never sent to AI processing or included in pattern computation.
Who processes your data
We use a small set of service providers to operate Blue Bonsai. They process data on our behalf under their own security and privacy commitments; they are not permitted to use it for their own purposes.
- Supabase — authentication and database (your account, entries, and derived data live here).
- Anthropic — AI features. When you trigger an AI feature, the relevant text is sent to Anthropic's API to generate a response. Anthropic's commercial API terms govern how they handle that input.
- Vercel — hosting, plus privacy-preserving traffic and performance analytics (page views and Core Web Vitals; no cross-site tracking or advertising identifiers).
Export and delete
You can export everything you've logged as a JSON file at any time, from Settings → Your data. You can also delete your account and all associated data at any time, from Settings → the Danger Zone. Deletion is permanent and includes your account, entries, derived patterns, and any related records.
Retention
We keep your account and content for as long as your account exists or as needed to provide the App to you. When you delete your account, we delete the data described above. Operational backups roll over on a normal cycle (typically within 30 days).
Security
We use industry-standard technical and organizational measures to protect your data, including row-level security on the database so each user's data is isolated to their account. No system is perfectly secure; if we become aware of a breach affecting your data, we will notify you as required by applicable law.
Children
Blue Bonsai is not intended for users under [FOUNDER DECISION — see Terms; 18 recommended] years old. We do not knowingly collect data from anyone below that age. See the Terms of Service for the eligibility rule.
Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the “Effective date” above and take reasonable steps to notify you (e.g. an in-app notice on next sign-in).
Contact
Privacy questions, or to exercise rights you may have under applicable law (access, correction, deletion), contact [CONTACT EMAIL — to be set].