Privacy Policy

Last updated: October 14, 2025

This Privacy Policy governs your use of Bonsai (the “Application”) and our website bonsaiapp.co (collectively referred to as the “Product”). It explains how Rhythmic, Inc. (“Company,” “we,” “us,” or “our”) collects, uses, and discloses your information when you use our services and outlines your rights and choices regarding that information.

By using the Product, you agree to the terms of this Privacy Policy.

1. Interpretation and Definitions

Interpretation

Words with initial capitalization have meanings defined below. These definitions apply equally to the singular and plural forms.

Definitions

• Account – A unique account created for you to access our Service or parts of it.

• Affiliate – An entity that controls, is controlled by, or is under common control with the Company.

• Application – The Bonsai app provided by the Company.

• Company – Rhythmic, Inc., registered in Michigan, United States.

• Country – Refers to Michigan, United States.

• Device – Any device that can access the Service (e.g., smartphone, tablet, or computer).

• Personal Data – Any information that relates to an identified or identifiable individual.

• Service Provider – A third-party company or individual that processes data on behalf of the Company.

• Usage Data – Information automatically collected when using the Service (e.g., device type, usage duration).

• You – The individual using the Service, or the legal entity represented by that individual.

2. Information We Collect

We collect both information you provide voluntarily and data collected automatically when you use our Product.

Information You Provide

• Profile Data: Your email address, password, and any optional profile details.

• Payment Data: When you make purchases, payment information is processed by third-party providers (e.g., Apple, Google, Stripe). We do not store your full payment credentials.

• Support & Feedback: Any information you provide when contacting us for support, completing surveys, or giving feedback.

Data Collected Automatically

• Usage Data: How you interact with the app, including features accessed, session duration, and frequency.

• Device & Browser Data: IP address, device type, OS version, time zone, and language settings.

• Referrer & Campaign Data: Information on how you discovered Bonsai (e.g., ad source, referral link).

• Cookies & Similar Technologies: Used to maintain sessions and measure product performance. You can control cookies through your browser settings.

Tracking and Advertising Identifiers

We may collect your Apple Identifier for Advertisers (IDFA) or Google Advertising ID (AAID) for analytics and marketing attribution via third-party partners such as Singular.
These identifiers help us measure campaign effectiveness and understand where users discover Bonsai.
You can reset or disable these identifiers in your device settings. We do not use them to serve personalized ads without your consent.

3. How We Use Your Information

We process your Personal Data for the following purposes:

• To Provide and Maintain the Service: Enable app functionality, troubleshoot issues, and authenticate users.

• To Personalize Your Experience: Understand how you use Bonsai to improve usability and provide tailored recommendations.

• To Analyze and Improve the Product: Conduct research, monitor app performance, and optimize engagement.

• To Communicate with You: Send updates, onboarding tips, service notices, and occasional marketing messages (you may opt out anytime).

• To Process Payments: Handle in-app purchases via trusted third-party processors.

• To Enforce Terms and Prevent Fraud: Detect and prevent abuse, fake accounts, or unauthorized access.

• To Comply with Legal Obligations: Cooperate with authorities as required by law.

How We Use Your Personal Data

We process your personal data for the following purposes:

1. To Provide and Improve the Service

We use your data to operate, maintain, and enhance the Bonsai experience. This includes enabling core functionality, troubleshooting technical issues, authenticating users, and ensuring secure access to your account.

To improve our AI assistant experience, we process general information about how you interact with chat features (e.g., refresh actions, viewed prompts, or usage frequency). This helps us understand engagement patterns and improve usability.
We do not collect or store the actual content of your messages.

We partner with OpenAI to deliver AI-powered chat functionality. Chat metadata may be processed by OpenAI and retained for up to 30 days solely for security and misuse monitoring. OpenAI does not use this data to train or improve its models, and applies strong security measures such as encryption and access controls.

If you request a refund for a consumable in-app purchase, we may share limited usage data with Apple Inc. to verify your request. This data exchange follows Apple’s policies and is restricted to what is necessary to process the refund.

2. To Analyze and Enhance the Product

We use aggregated and anonymized data to understand how users interact with Bonsai.
This includes analyzing engagement, running surveys, testing new features, and identifying areas for improvement.
For example, if we notice certain features are rarely used, we may focus development efforts on improving them.

3. To Customize Your Experience

We use your data to personalize the Product—for instance, to determine which payment options, promotions, or recommendations to display to you. This ensures your experience feels relevant and useful.

4. To Process Payments

We rely on trusted third-party payment providers (such as Apple or Google) to process in-app purchases and subscriptions.
Your payment data is handled securely by these providers, and we do not store full payment details.

5. To Enforce Terms and Prevent Fraud

We process personal data to enforce our Terms of Service, prevent fraud, resolve disputes, and detect malicious activity.
When required by law or in cases involving fraud or legal claims, we may share relevant information with law enforcement authorities.

To communicate with you regarding your use of our Product

We may communicate with you, for example, by email or directly on the Product, including through push notifications. As a result of such processing, we may send you messages about your statistics.

6. To Communicate With You

We may contact you via email, in-app messages, or push notifications to provide updates about your account, app usage, or feature changes.
These communications may include statistics, reminders, or security notices.

7. To Send Marketing Communications

We may send you marketing messages about Bonsai’s features, offers, and events, or information about third-party services we think may interest you.
You can opt out of marketing emails at any time by clicking “Unsubscribe” in the email footer.

8. To Provide Customer Support

We use your data to respond to support inquiries, confirm transactions, send legal notices, and notify you of app status updates or product availability.

10. To Comply With Legal Obligations

We may process or share your information when required by applicable law, regulation, legal process, or government request.

4. Third-Party Services and SDKs

We use trusted third-party providers to enhance our app’s functionality and measure performance:

• Amplitude (Amplitude, Inc.) – Used for product analytics and event tracking. Amplitude helps us understand how users navigate and interact with Bonsai so we can improve functionality and engagement. Amplitude does not sell user data or use it for advertising purposes.

  • Privacy Policy: https://amplitude.com/privacy

• Singular (Singular Labs, Inc.) – Used for analytics and attribution. Singular may collect device identifiers, IP address, and limited engagement data to measure campaign effectiveness.

  • Privacy Policy: https://www.singular.net/privacy-policy/

• OpenAI – Provides our AI chat functionality (“AI Coach”). Chat data may be shared with OpenAI and retained for up to 30 days solely for security and misuse monitoring. OpenAI does not use chat data to train or improve its models.

  • Privacy Policy: https://openai.com/privacy

• Payment Processors (Apple, Google, Stripe) – Process subscription and in-app payments. We never store full credit card data.

  • Apple: https://www.apple.com/legal/privacy/

  • Google: https://policies.google.com/privacy

  • Stripe: https://stripe.com/privacy

5. App Tracking Transparency (ATT)

In accordance with Apple’s App Tracking Transparency framework, Bonsai may request your permission to track activity across apps and websites owned by other companies for advertising and attribution purposes.
If you decline, we respect your choice and disable tracking features not essential to app operation.

6. Sensitive Data

Bonsai focuses on supporting mental well-being and burnout recovery.
We do not collect or process medical records, health diagnoses, or data considered “Protected Health Information” under HIPAA.
Reflections, chat transcripts, and journaling data remain private to you and are not shared externally unless you choose to export or disclose them.

7. Legal Bases for Processing (EEA/UK Users)

If you reside in the European Economic Area or the United Kingdom, our legal bases for processing include:

• Contract performance – to deliver our Service.

• Consent – when using tracking, cookies, or marketing communications.

• Legitimate interests – to improve and secure our Service.

• Legal obligation – to comply with applicable laws.

You have the right to withdraw consent at any time.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

• Access or request a copy of your data.

• Request correction or deletion of your information.

• Withdraw consent for marketing or tracking.

• Request data portability.

• Object to processing under certain circumstances.

To exercise these rights, email us at business@bonsaiapp.co.

California Residents (CCPA/CPRA)

We do not “sell” personal data for monetary value. However, we may share identifiers with analytics providers or ad networks for measurement purposes, which may be considered “sharing” under California law.
You can opt out by contacting us at the email above.

9. Data Retention

We retain your personal data only as long as necessary for the purposes stated in this Policy.

• OpenAI chat data: up to 30 days

• Singular analytics data: up to 24 months (aggregated data may persist longer in anonymized form)

• Account data: retained until your account is deleted or as legally required

10. Data Transfers

Your information may be transferred to and processed in countries outside your residence.
We take appropriate steps to ensure your data is treated securely and in accordance with this Privacy Policy.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

11. Data Security

We use encryption, access controls, and secure servers to protect your data.
However, no internet transmission or electronic storage is completely secure, and we cannot guarantee absolute security.

12. Children’s Privacy

Bonsai is not intended for children under 13.
We do not knowingly collect data from children.
If you believe your child has provided data, please contact us to have it deleted.

13. Links to Other Websites

Our Service may contain links to third-party websites not operated by us.
We are not responsible for the content or privacy practices of those sites.
Please review their privacy policies before providing any personal data.

14. Changes to This Policy

We may update this Privacy Policy periodically.
The updated version will always be available at https://bonsaiapp.co/privacy.

15. Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

Our Service may give You the ability to delete certain information about You from within the Service.

You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.

Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

16. Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions or requests regarding this Privacy Policy, please contact us:

Rhythmic, Inc.
Attention: Privacy Officer
Email: business@bonsaiapp.co
Address: 251 Little Falls Drive, Wilmington, DE, 19808, United States