App Privacy Notice
This App Privacy Notice (the “Notice”) describes how Bonzer ApS, CVR no. 38848267, Copenhagen, Denmark (“Bonzer”, “we”, “us”) processes personal data in the Morrison platform (the “Platform”). It provides the information required of a controller under Articles 13–14 GDPR and, in respect of Customer Data processed on your behalf, supplements the data processing terms in Section 9 of our Terms of Service.
For the privacy practices that apply to the Morrison marketing website, see the Website Privacy Policy.
1. Roles and responsibility
1.1 Account, billing, and operational data
Bonzer is the controller within the meaning of Article 4(7) GDPR for personal data processed to provide the Platform to you, manage your account, organisation, and seats, communicate with you, bill you, secure the service, and meet applicable legal obligations.
1.2 Customer Data
For personal data contained in Customer Data – for example, content crawled from your website, documents you upload, data fetched through your connected integrations, prompts, chat messages, and AI Outputs – Bonzer acts as processor within the meaning of Article 4(8) GDPR. You (or the organisation on whose behalf you use the Platform) are the controller of that data. The processing terms and instructions are set out in Section 9 of the Terms of Service, which constitute our data processing agreement under Article 28 GDPR.
1.3 Privacy contact
Bonzer ApS · Copenhagen, Denmark · CVR 38848267
Email: privacy@bonzer.io
2. Categories of personal data
The Platform processes the following categories of personal data.
2.1 Account and identity data
Provided by you and synchronised from our identity provider (Clerk): a Clerk user identifier, email address, given and family names, organisation name and slug, organisation membership and role, and account timestamps. Bonzer never sees or stores your password.
2.2 Authentication and session data
Session tokens issued by Clerk, sign-in events, IP address, user agent, and timestamps, used to authenticate API requests and secure your account.
2.3 Workspace configuration
Websites you add (URL, name, slug), data sources, crawl settings, URL segments, custom agents, agent templates, knowledge bases, workflow definitions, and per-organisation AI settings. Where you choose to supply your own AI provider keys, those keys are stored encrypted at rest.
2.4 Customer Content
Crawled pages.When you instruct the Platform to crawl a website, Bonzer fetches that website’s publicly accessible pages and stores the URL, path, title, page body, extracted meta (description, canonical, Open Graph), the last-crawled timestamp, and a rolling content history used for change detection.
Uploaded documents. Documents you upload to a knowledge base or context store (PDF, DOCX, MD, TXT) are stored in object storage (Cloudflare R2). Their extracted text is stored in our database and is chunked, embedded, and indexed for semantic search.
Embeddings. Text chunks derived from your pages and documents are converted into vector embeddings and stored in our vector database (Pinecone) so the Platform can retrieve relevant context for chat and workflows.
2.5 Connected-integration data
When you connect Google Search Console, Google Analytics 4, or another third-party integration, Bonzer stores the OAuth credentials issued by the provider (refresh token, access token, scope, expiry, selected property URL). Credentials are encrypted at rest with AES under a server-managed key. Query results fetched on your behalf (e.g. clicks, impressions, queries by URL) are cached transiently to power dashboards and workflows.
2.6 Chat sessions, analyses, and runs
Chat sessions and individual messages (role, content, tool calls), analyses, custom-agent execution logs, workflow runs, batch runs, and recommendation outputs. These records may incorporate personal data that you, your team, or your content authors include in prompts, documents, or website content.
2.7 Operational telemetry
Server request logs (IP address, user agent, route, status, latency, timestamp), background-job logs (BullMQ on Redis), application error logs, and AI-call traces correlated by a LangSmith trace identifier. Used for security, abuse prevention, debugging, and quality monitoring.
2.8 Billing data
For paid plans, billing-contact data and Subscription metadata. Payment-instrument data (card numbers, bank details) is collected and processed directly by Stripe; Bonzer never sees or stores full card details.
3. Purposes and legal bases
Where Bonzer acts as controller, the legal basis under Article 6 GDPR is identified for each processing purpose.
3.1 Providing the Platform – Article 6(1)(b)
Authenticating users, provisioning workspaces, running crawls, indexing content, executing chat, agents and workflows, and returning results.
3.2 Billing and statutory record-keeping – Article 6(1)(b) and 6(1)(c)
Managing Subscriptions, processing payments through Stripe, issuing invoices, and meeting VAT, accounting, and audit obligations under Danish and EU law.
3.3 Securing the Platform – Article 6(1)(f)
Detecting fraud and abuse, enforcing rate limits and acceptable use, monitoring system health, and investigating security incidents. The legitimate interest is Bonzer’s and its customers’ interest in a secure, reliable service.
3.4 Service improvement and observability – Article 6(1)(f)
Debugging, performance monitoring, queue and crawler tuning, evaluating AI quality through LangSmith traces, and producing Aggregated Data as defined in the Terms.
3.5 Communicating with you – Article 6(1)(b) and 6(1)(f)
Service notifications, security alerts, billing notices, and replies to support requests. Marketing communications, if any, rely on a separate basis (consent or soft opt-in) and you can object at any time.
3.6 Processing on your instructions – Article 28
Where the Platform processes personal data contained in Customer Data, Bonzer does so as your processor on your documented instructions, as set out in Section 9 of the Terms.
4. AI processing
4.1 What is sent to AI providers
To produce AI Outputs – chat answers, analyses, recommendations, and embeddings – the Platform sends prompts and relevant excerpts of your content (pages, documents, integration data, and conversation history) to third-party AI model providers. The provider used for a given request depends on the model selected at the organisation, agent, or feature level.
4.2 Providers
OpenAI, Anthropic, Google (Gemini), and Perplexity. Embeddings are generated through OpenAI. Where a provider offers an EU endpoint, Bonzer uses it.
4.3 Training and provider retention
Bonzer uses each provider’s API offering. Under those providers’ published terms applicable to API traffic, content sent through the API is not used to train their generally available models. Providers may retain prompts and completions for a short abuse-monitoring window per their respective policies. Bonzer does not opt your data into any training programme. If a provider materially changes its API terms, Bonzer will reassess use and update this Notice where required.
4.4 Quality and observability
For AI-driven analyses, traces – which can include prompt and response excerpts – are sent to LangSmith for debugging, evaluation, and quality monitoring. A LangSmith trace identifier is stored on the corresponding analysis log.
4.5 Disclaimers
AI Outputs may contain errors. Section 7 of the Terms describes the nature of AI Outputs and your responsibility to review them before relying on or publishing them.
5. Sub-processors
Bonzer engages the sub-processors listed below to operate the Platform. Each is bound by data-protection terms at least as protective as those in our agreement with you.
| Sub-processor | Purpose | Data shared | Location | Transfer safeguard |
|---|---|---|---|---|
| Clerk, Inc. | Identity and user management (sign-up, sign-in, sessions) | Name, email, profile fields, session metadata | US | EU-US Data Privacy Framework |
| Railway Corp. | Application hosting, managed PostgreSQL, managed Redis, background workers | All Account, Customer Data, and operational logs | EU | N/A (EU processing) |
| Cloudflare, Inc. | Object storage (R2) for uploaded documents and CDN | Uploaded context documents and assets | EU / US | EU-US DPF; SCCs |
| Pinecone Systems, Inc. | Vector database for page and document embeddings | Embedding vectors and chunk text derived from your content | EU / US | EU processing where available; SCCs |
| OpenAI, LLC | AI model processing (chat, analysis, embeddings) | Prompts, page and document excerpts, AI Outputs | US | EU-US Data Privacy Framework |
| Anthropic, PBC | AI model processing (Claude) | Prompts, page and document excerpts, AI Outputs | US | Standard Contractual Clauses |
| Google LLC | AI model processing (Gemini); Search Console and Google Analytics 4 access | Prompts and content sent to models; OAuth tokens and query results from Google APIs | EU / US | EU-US DPF; SCCs |
| Perplexity AI, Inc. | AI research tool used by the Content Agent | Research queries derived from your prompts | US | Standard Contractual Clauses |
| SerpAPI, LLC | Search-engine results data for workflow actions | Query terms and result metadata | US | Standard Contractual Clauses |
| Mendable AI, Inc. (Firecrawl) | Page fetch and extraction used by chat and workflow tools | URLs you instruct the Platform to fetch and the returned page content | US | Standard Contractual Clauses |
| LangChain, Inc. (LangSmith) | LLM trace observability for analyses | Prompt and response excerpts; trace identifiers | US | Standard Contractual Clauses |
| Stripe, Inc. | Payment processing for paid plans | Billing-contact data and Subscription metadata; payment-instrument data is processed directly by Stripe | EU / US | EU-US Data Privacy Framework |
Bonzer may engage additional sub-processors as the Platform evolves and will notify customers of any addition or replacement at least 14 days in advance, in line with Section 9.6 of the Terms.
6. International transfers
The Platform is hosted in the European Union. Certain sub-processors – in particular AI model providers and identity infrastructure – process data in the United States. For those transfers Bonzer relies on (a) the EU-US Data Privacy Framework where the recipient is certified, and (b) the European Commission’s Standard Contractual Clauses with appropriate supplementary measures. The adequacy of these safeguards is reviewed on an ongoing basis.
7. Retention
7.1 Account and identity data
Retained for the duration of your account and deleted within 30 days of account closure, save where retention is required by law (e.g. tax or accounting records).
7.2 Customer Data (pages, documents, embeddings)
Retained for as long as the corresponding website, data source, knowledge base, or document remains in your workspace. When you delete an item, the related rows in PostgreSQL, vectors in Pinecone, and objects in Cloudflare R2 are deleted in line with our deletion routines. Page content history is pruned according to our crawl-history policy and at the latest at account closure.
7.3 Connected-integration credentials
OAuth tokens are retained while the integration is connected and cleared on disconnect. Cached query results are short-lived and refreshed on demand.
7.4 Chat, analyses, and workflow runs
Retained while your workspace exists, so that you can revisit history. Individual sessions and runs may be deleted from within the Platform; all such records are removed within 30 days of account closure.
7.5 Logs and traces
Server and application logs are retained for up to 90 days. LangSmith AI traces are retained for up to 90 days, save where required for an ongoing investigation.
7.6 Billing records
Invoices and accounting records are retained for 5 years from the end of the financial year, as required by Danish bookkeeping law (bogføringsloven).
7.7 Backups
Database backups are retained on a rolling basis (typically up to 30 days). Deleted records persist in backups until the relevant backup expires, after which they are overwritten.
8. Security
Bonzer applies technical and organisational measures appropriate to the risk under Article 32 GDPR, including:
Encryption. TLS for all traffic in transit; encryption at rest for databases and object storage; AES encryption for sensitive credentials (e.g. OAuth refresh tokens) under a server-managed key.
Access control. Authentication via Clerk; least-privilege access to production systems; per-website authorisation checks on every API request; audit logs for sensitive administrative actions.
Isolation. Per-organisation and per-website scoping in the database and the vector index; uploaded documents are scoped to the website that owns them.
Operational practices. Code review, dependency scanning, monitored backups, and an established incident-response process.
No system is completely secure. Personal data breaches are notified to the customer (where Bonzer acts as processor) without undue delay and in any event within 48 hours of becoming aware (Section 9.8 of the Terms), and to supervisory authorities and affected individuals where required under Articles 33–34 GDPR.
9. Your rights
For personal data Bonzer holds as controller, you have the right of access (Article 15), rectification (Article 16), erasure (Article 17), restriction (Article 18), data portability (Article 20), and objection (Article 21) under the GDPR. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing (Article 7(3)). To exercise these rights, email privacy@bonzer.io.
For personal data Bonzer holds as processor on your behalf (Customer Data), please raise the request in the Platform – for example, by deleting the relevant item or contacting your organisation administrator. Bonzer will assist you in responding to data-subject requests in accordance with Article 28(3)(e) GDPR.
You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, Denmark – dt@datatilsynet.dk) or another competent supervisory authority in your place of residence.
10. Automated decision-making
The Platform produces AI-assisted analyses, recommendations, and content. These are decision-support outputs intended to be reviewed by you. Bonzer does not use the Platform to take decisions producing legal or similarly significant effects on individuals without human involvement (Article 22 GDPR).
11. Children
The Platform is intended for business use and is not directed at individuals under the age of 16. Customers must not use the Platform to process personal data of children where they do not have a lawful basis under Article 8 GDPR.
12. Changes to this Notice
Bonzer may update this Notice as the Platform evolves. The “Effective date” at the top of this page reflects the latest revision. Material changes will be communicated via the Platform or by email. Continued use of the Platform after the effective date constitutes acceptance.
13. Contact
Bonzer ApS
Copenhagen, Denmark
CVR: 38848267
Email: privacy@bonzer.io
See also: Website Privacy Policy · Terms of Service.