Bonro
Privacy

Privacy policy

Last updated: 7 May 2026

We built Bonro for European self-employed users. That means GDPR isn't a checkbox for us — it's the architecture. This page explains what we collect, why, and how to get it back or delete it.

TL;DR

  • Receipts are read on your phone. We get the parsed text, not your raw photos in our analytics.
  • We never sell your data. We never share it for advertising. We don't run third-party trackers in the app.
  • Your data lives on EU servers (Frankfurt). You can export everything or delete your account from inside the app.
  • Crash reports go to Sentry with personal data scrubbed. Subscription state goes through RevenueCat for billing.

1. Who's responsible

Bonro is operated by Exenrun UG (haftungsbeschränkt), a German limited-liability company in Berlin. For any privacy question, write to info@bonro.app. We're the data controller under Article 4(7) GDPR.

2. What we collect

We try to collect as little as possible.

  • Account: email address (for sign-in), an anonymous user ID, and your subscription state.
  • Receipts: the photo you scan, the OCR text extracted on your device, and the structured fields (merchant, amount, VAT, category, date). Stored encrypted at rest in Supabase Storage and Postgres, region Frankfurt.
  • Companies: legal name, address, tax/VAT IDs you enter for tax exports.
  • Usage telemetry: anonymous, content-free events like "receipt captured" — never the receipt content. Used to know whether features work, not who you are.
  • Crash data: technical diagnostics from Sentry. Personal fields, merchant names and amounts are scrubbed before they leave your device.

3. Why we collect it

We use the data above to: (a) sign you in and remember which device you're on; (b) parse, store and display your receipts; (c) generate the tax exports you ask for; (d) bill you correctly through Apple's App Store and our subscription provider RevenueCat; (e) keep the app running and fix crashes; (f) reply to your support email. Lawful bases: contract performance (Art. 6(1)(b) GDPR) for the core service, legitimate interest (Art. 6(1)(f)) for crash diagnostics and abuse prevention, consent (Art. 6(1)(a)) for any optional analytics, where applicable.

4. Who else sees it

Only the processors we need to run the service. Each is bound by an EU-compliant data processing agreement.

  • Supabase (Frankfurt, EU) — database, authentication, file storage, edge functions.
  • Google Gemini API — receives the OCR *text* extracted from your receipt to structure it into fields. We do not send images. The text is processed in transit and not used to train models.
  • RevenueCat — manages your iOS in-app purchase receipt with Apple. Receives a Bonro user ID and your purchase events.
  • Sentry — crash and error monitoring. Receives anonymized diagnostics, with personal fields scrubbed.
  • Resend — sends sign-in code emails. Receives your email and the one-time code.
  • Apple / Google — handle App Store delivery and subscription billing under their own privacy policies.

5. How long we keep it

While your account is active, we keep your receipts and exports so the app works. When you delete your account, we delete your profile, receipts and exports within 30 days. Backups are rotated within 60 days. We may keep invoice and tax records for the period German law requires (typically up to 10 years), with non-essential personal data redacted.

6. Your rights

Under GDPR you can: access your data (Art. 15), correct it (Art. 16), erase it (Art. 17), restrict or object to processing (Art. 18 / 21), receive it in a portable format (Art. 20) and lodge a complaint with a supervisory authority (Art. 77). The fastest paths are inside the app: Settings → Export data, Settings → Delete account. You can also write to info@bonro.app and we'll handle it manually.

7. International transfers

Your data lives in the EU. Some processors (Google Gemini, Sentry, RevenueCat, Resend) may process data in the United States. Where that happens, we rely on the EU–US Data Privacy Framework or Standard Contractual Clauses approved by the European Commission.

8. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Production access is limited to founders. Service-role keys never live on devices. Crash logs are scrubbed of merchant names and amounts before they leave the phone.

9. Children

Bonro is built for working adults — self-employed and small-business owners. It's not directed at children under 16. If you believe a child has signed up, write to us and we'll remove the account.

10. Changes

We'll update this page when we change anything that matters and update the "last updated" date above. For material changes we'll notify you in-app or by email before they take effect.

11. Contact

Privacy questions: info@bonro.app · Postal address: Exenrun UG (haftungsbeschränkt), Berlin, Germany.