Bonsaily ("we", "us", or "our") operates bonsaily.com and the Bonsaily Chrome extension. This policy explains what data we collect, how we use it, and your rights.
1. What we collect
When you use Bonsaily, we collect:
LinkedIn profile data — your name, email address, and LinkedIn user ID, obtained via LinkedIn OAuth when you sign in.
Content you create — posts, carousels, and drafts you generate or save within Bonsaily.
Voice samples — LinkedIn posts you choose to import and posts you publish through Bonsaily, used to personalize AI generation to your writing style.
Swipe file entries — LinkedIn post text you save via the Chrome extension.
Usage data — post counts, scheduling activity, and feature usage, used to enforce plan limits and improve the product.
2. Chrome extension
The Bonsaily Chrome extension:
Stores an authentication token in chrome.storage.local on your device to connect the extension to your Bonsaily account. This token never leaves your device except to authenticate requests to bonsaily.com.
Reads LinkedIn post text only when you explicitly click the "Save" button on a post. No passive browsing data is collected.
Does not collect passwords, keystrokes, browsing history, or any data unrelated to the features described above.
3. How we use your data
To provide and personalize the Bonsaily service — specifically to generate LinkedIn posts that match your voice and writing style.
To enforce plan limits (free tier: 5 posts/month).
To process payments via Stripe (we never see or store your card details).
To send transactional emails about your account (scheduled post notifications, billing receipts).
4. What we don't do
We do not sell your data to third parties.
We do not use your data for advertising or tracking purposes.
We do not share your content with other users.
We do not use your data to determine creditworthiness or for lending purposes.
5. Data storage
Your data is stored in Supabase (hosted on AWS). All data is stored in the United States. We retain your data for as long as your account is active. You can request deletion at any time.
6. Third-party services
LinkedIn — OAuth sign-in and post publishing. Subject to LinkedIn's privacy policy.
Stripe — Payment processing. Subject to Stripe's privacy policy.
Groq — AI inference for post generation. Post content is sent to Groq's API for processing and is not stored by Groq beyond the request.
Supabase — Database and storage hosting.
7. Your rights
You may request access to, correction of, or deletion of your personal data at any time by emailing us at the address below. We will respond within 30 days.
8. Children
Bonsaily is not directed at children under 13. We do not knowingly collect data from children under 13.
9. Changes to this policy
We may update this policy from time to time. We will post the updated date at the top of this page. Continued use of Bonsaily after changes constitutes acceptance of the updated policy.