Bonfiyah Get the app — free

Privacy

Privacy Policy

This is the actual policy, not a summary. We've kept the language plain. If anything in here is unclear, email [email protected] and we'll fix the wording.

Last updated: 2026-05-13

The short version

  • We don't train AI on your conversations. Ever. Not us, and not our vendors — we opt out of model training on every provider account, backed by our agreements with them and our privacy policy with you.
  • You own the audio. We don't. Recordings upload so we can transcribe them, then the audio bytes auto-delete from our servers within 7 days. After that, the only place the audio lives is your iCloud Drive — on your Apple ID, in your custody, counting against your iCloud+ quota (not ours). Bonfiyah cannot produce audio in response to a subpoena because Bonfiyah does not hold it. Your transcripts and notes stick around in your account so you can use them — until you delete them.
  • We collect the minimum to operate the app. Email, subscription identifier from Apple, crash reports if you opt in. No ad trackers, no data brokers, no resale.
  • One tap to export everything. One tap to delete everything. Both flows live in the app, in Settings → Privacy.

1. What Bonfiyah collects, where it lives, and why

Account data. Your email address and the opaque identifier Apple gives us through Sign in with Apple — never your real Apple ID. We use it to sign you in and link your subscription. Stored on our backend so you can pick up where you left off on any of your devices. Deleted within 30 days of account deletion (usually within 24 hours).

Subscription data. Your tier (Free / Pro / Pro AI), trial status, renewal date — sourced from Apple's StoreKit. We never see your Apple Pay details or credit card.

Audio recordings. Captured on your iPhone and uploaded to our backend in short chunks so we can transcribe them and run the AI features you paid for. Raw audio is automatically deleted from our servers within seven days — once the transcript is back, the audio bytes are no longer needed. Encrypted in transit (HTTPS). Your transcript persists in your account so you can return to it across devices. After the 7-day server window, your audio files live exclusively in your iCloud Drive's Bonfiyah container — on your Apple ID, encrypted with Apple's iCloud keys, counting against your iCloud+ storage quota. Bonfiyah does not have access to that container; the operating system writes to it on your behalf. Practically, this means we cannot retrieve, copy, share, or produce your audio under legal compulsion — we don't possess it.

Transcripts, speaker labels, consent logs. The text version of your conversation, who said what, and the consent state for each speaker. Stored in your account on our backend so they're available on every device you use Bonfiyah on. Deleted with your account, or any individual story can be deleted on its own from the app.

Voice fingerprints. Bonfiyah recognizes returning voices across your conversations by comparing a short numerical fingerprint of each voice to a small library bound to your account. The fingerprint cannot be reversed into audio. It exists so the same person reads as the same person across stories. Stored in your account on our backend, isolated from every other user's library — there is no shared or global voice database. Unused fingerprints (no recording activity for 90 days) auto-purge. You can also delete any fingerprint manually at any time from Speaker Details.

AI-derived outputs. People Memory profiles, Promise Tracker entries, Truth Layer flags, Story Mode recaps, Speaker Insights, Compatibility analyses — all generated from your own transcripts and stored in your account. They go with your account when you delete it.

Story metadata via iCloud (optional). If you turn on iCloud sync in Settings, story titles, dates, and your in-app preferences sync between your devices through your private iCloud database. Apple's end-to-end encryption keeps that out of our reach. Audio and transcripts themselves do not currently sync via iCloud — they reach your other devices through your account on our backend.

Crash and diagnostic data. If you opt in, Bonfiyah collects MetricKit-format crash reports (Apple-provided, no PII) and forwards them so we can fix bugs. You can opt out in Settings → Privacy → Diagnostic Data.

Product analytics. If you opt in, Bonfiyah uses PostHog to record anonymized usage events (which features you tap, paywall views, signup funnels). We never record audio, transcript content, or identifying information through analytics. Opt out in Settings → Privacy → Product Analytics.

2. What Bonfiyah does NOT collect or do

  • We do not train AI models on your audio or transcripts, and we opt out of model training on every provider account that offers a training program; where a provider offers no-training terms, our agreement with them prohibits it.
  • We do not retain raw audio long-term. Once transcribed, audio is deleted from our servers within seven days. After that, audio lives only in your iCloud Drive — not on Bonfiyah infrastructure. We cannot retrieve it on legal compulsion because we do not have it.
  • We do not maintain a global voice database. Your voice fingerprints stay in your account and are never searched against any other user's library.
  • We do not sell, rent, or trade your data to anyone, for any purpose, ever.
  • We do not use third-party advertising trackers. Bonfiyah is paid for by subscriptions, not ads.
  • We do not access your iCloud-synced data — Apple's end-to-end encryption keeps it out of our reach.

3. Third parties

Bonfiyah uses these services to operate. Each has its own privacy policy.

  • Apple — App Store, StoreKit, iCloud, Speech framework, MetricKit. apple.com/legal/privacy
  • Railway — our backend hosting: compute, database, short-lived audio processing. railway.com/legal/privacy
  • AssemblyAI — speech-to-text transcription and speaker separation. We opt out of AssemblyAI's model-training program, and each transcript is deleted from AssemblyAI immediately after processing; transcripts carry a 1-hour TTL on anything not already deleted, uploaded audio is deleted within 48 hours, and only minimal billing metadata persists. assemblyai.com/legal/privacy-policy
  • Anthropic (Claude) — the AI model behind Bonfiyah's Pro AI features: meeting summaries, action items, People Memory, Compatibility analyses, Speaker Insights. Transcripts are sent for processing and never used for training under Anthropic's commercial API agreement; Anthropic retains API inputs and outputs only briefly for abuse-monitoring and deletes them within 30 days. anthropic.com/legal/privacy
  • RevenueCat — subscription receipt validation. revenuecat.com/privacy
  • PostHog — opt-in product analytics. posthog.com/privacy
  • ConvertKit — newsletter, if you sign up for the email list. convertkit.com/privacy

4. Your rights

Wherever you live, you have the right to (a) export the data we have about you, (b) delete the data we have about you, (c) correct anything inaccurate, (d) ask us what we do with your data and why. The export and delete flows are in the app at Settings → Privacy.

If you're in the EU/UK (GDPR/UK GDPR), California (CCPA/CPRA), Colorado, Connecticut, Utah, Virginia, or any other jurisdiction with specific data protection rights, those rights apply to you, and the in-app flows satisfy them. If you'd rather email us, write to [email protected] and we'll respond within 30 days (faster, usually).

4a. How to delete your account

Two paths, both cascade-delete the same way through our backend:

  • Self-serve (in-app): Open Bonfiyah → Settings → Privacy → Delete My Data. Confirm by typing DELETE. This wipes the local database, every audio file on-device, your iCloud-synced data, every voice signature, every transcript, every Pro AI output, and your account on our backend. You get a confirmation email when the cascade finishes (usually within 24 hours; always within 30 days).
  • By email: Write to [email protected] from the address on the account, ask to delete, and we'll process the same cascade and email you when it's complete.

Both paths call the same backend endpoint (/api/v1/admin/data-rights/delete-user), which is idempotent and writes an audit row before it removes the data, so we can prove the deletion happened if you ever need that record.

5. Children (COPPA)

Bonfiyah is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. The App Store rating reflects this, and our marketing is built around use cases — legal intake, medical visits, business conversations — that are inherently adult.

If you are a parent or guardian and you discover that your child under 13 has created a Bonfiyah account or uploaded recordings:

  1. Email [email protected] with the account's email address or the child's name. We do not require proof of guardianship for an initial deletion request — when a deletion request comes in for a minor, our default is to act on it immediately.
  2. We will pause the account within 24 hours (so no new data flows in) and permanently delete the account and every associated audio file, transcript, voice signature, and metadata row within 30 days. In practice this completes within 24–72 hours for almost every COPPA request.
  3. We will send written confirmation when the deletion completes, including the timestamp and the count of records removed.
  4. We retain an audit trail of every COPPA-driven deletion for two years (legal requirement). The audit trail records the request, the deletion action, and the timestamp — it does not retain the child's content.

If the account is on a paid tier and was charged, refunds for COPPA-driven deletions are handled by Apple via the standard refund flow; we will not contest those refund requests.

6. Security

Account credentials are hashed with bcrypt. Backend traffic is HTTPS-only. iCloud sync uses Apple's encryption. The local app database is protected by iOS file protection (NSFileProtectionComplete when locked, NSFileProtectionCompleteUntilFirstUserAuthentication when in use). Audio files use the same protection class.

If we ever discover a security incident affecting your data, we'll notify you within 72 hours of confirming the scope, in writing, with what happened and what you should do.

7. HIPAA posture

Bonfiyah is not a HIPAA-compliant service and we are not a HIPAA Business Associate. We do not currently offer Business Associate Agreements (BAAs). We build to HIPAA-aligned data-handling principles — minimum-necessary data collection, encryption in transit, audit logging on consent changes, no AI training on your content, user-controlled deletion — but those design choices do not amount to HIPAA certification.

If you are a healthcare provider, payer, or business associate already operating under a BAA, do not use Bonfiyah to capture, transmit, or store Protected Health Information (PHI) without first conducting your own compliance review. Read more on our HIPAA posture page.

8. Changes to this policy

If we change anything material about how we handle your data, we'll notify you through the app and email at least 14 days before the change takes effect. The "Last updated" date at the top of this page reflects the most recent revision.

9. Contact

Privacy questions: [email protected].
General support: [email protected].

9a. California residents — Business & Professions Code § 1789.3

For California residents under Cal. Bus. & Prof. Code § 1789.3: Bonfiyah is operated by Bonfiyah, Inc., a Delaware corporation. You can reach us for complaints, questions, or to request information about complaint resolution at [email protected] or by mail at our Delaware registered agent address, available on request. There is no charge for use of Bonfiyah's services beyond the subscription pricing disclosed at bonfiyah.com/pricing. The Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs may be contacted in writing at 1625 N. Market Blvd., Suite N 112, Sacramento, CA 95834, or by telephone at (800) 952-5210 or (916) 445-1254 (TDD: (800) 326-2297).

9b. EU/UK residents — non-waivable consumer rights

Nothing in this Privacy Policy or our Terms of Service limits any non-waivable rights you have as a consumer under the law of your country of residence in the European Economic Area, Switzerland, or the United Kingdom, including rights under the EU Consumer Rights Directive (2011/83/EU), the Digital Content Directive ((EU) 2019/770), and the GDPR/UK GDPR. EU residents may also use the EU's online dispute resolution platform at ec.europa.eu/consumers/odr.