BookJonasBookJonas
Sign Up for Free

BookJonas Privacy Policy

Effective Date: August 1, 2025

Company Name: Tundra AI Labs, Inc. (“Tundra AI Labs,” “we,” “us,” or “our”)
Website: bookjonas.com
Incorporated in: Delaware, USA

BookJonas is owned and operated by Tundra AI Labs, Inc. All references to “BookJonas” or “the Services” in this Privacy Policy refer to the AI-powered bookkeeping platform and related services provided by Tundra AI Labs, Inc.

1. What This Policy Covers

This Privacy Policy explains how we collect, use, store, share, and protect your information when you use BookJonas (the “Services”), including any data you upload or connect to generate financial records.

BookJonas is an AI-powered system. Data you provide may be processed using algorithms, machine learning models, and automated systems, which may produce inaccurate or incomplete results. All outputs should be reviewed and verified by a qualified professional before relying on them.

BookJonas is currently in beta. During the beta period, features, data handling practices, and third-party integrations may change. We will update this Privacy Policy to reflect any material changes.

2. Information We Collect

a. User-Provided Information

  • Account registration details (e.g., email address, name).
  • Uploaded financial documents (e.g., bank statements, credit card statements, receipts).
  • Financial account data connected via Plaid, including account balances, transaction history, and account metadata. Plaid is an industry-standard financial data aggregation service that transmits data directly between your financial institution and our platform.
  • Payment information processed via Stripe (we do not store full credit card numbers).
  • Transaction descriptions, memos, manual entries, and categorization preferences.

b. Automatically Collected Data

  • Device and browser information (type, version, operating system).
  • IP address and approximate geolocation.
  • Usage logs, page views, and interaction data (for diagnostics, performance monitoring, and abuse prevention).
  • Performance metrics and error diagnostics.

3. How We Use Your Data

We use your data to:

  • Generate your ledger entries, transaction categorizations, and profit-and-loss reports.
  • Operate, maintain, and improve the Services.
  • Communicate with you (e.g., monthly summaries, product updates, and support).
  • Monitor performance, ensure stability, and detect and prevent abuse.
  • Comply with applicable laws and regulations.

We do not sell, rent, or share your personal data or identifiable financial information with third parties for marketing or advertising purposes.

We do not use your personal or financial data to train, fine-tune, or improve AI or machine learning models. Your data is processed solely to provide the Services. Any future changes to this practice will be communicated through an updated Privacy Policy with advance notice.

4. How We Protect Your Data

We implement strong security measures, including:

  • Encryption in transit (TLS) and at rest (AES-256 or equivalent).
  • Secure cloud infrastructure using trusted hosting providers (Google Cloud Platform).
  • Strict access controls limiting data access to authorized personnel on a need-to-know basis.
  • Audit logging and monitoring of access to production systems.
  • Regular vulnerability scanning and patching.

Data Breach Notification. In the event of a security breach that compromises your personal or financial data, we will notify affected users within 72 hours of confirming the breach via the email address associated with your account. We will also notify applicable regulatory authorities as required by law. Notification will include, to the extent known, the nature of the breach, the categories of data affected, and the steps we are taking in response.

While we take extensive precautions, no system is 100% secure. You acknowledge that you provide data at your own risk and should always retain your own copies of important financial records.

5. Third-Party Services and Subprocessors

We use trusted third-party providers to operate the Services, including:

  • Plaid for secure bank and financial account connectivity. When you connect a financial account, Plaid transmits data directly from your financial institution to our platform. Plaid's handling of your data is governed by the Plaid End User Privacy Policy.
  • Stripe for payment processing, governed by the Stripe Privacy Policy.
  • Google Cloud Platform for cloud hosting and infrastructure.
  • Google Vertex AI (Gemini) for machine learning inference. Financial data may be sent to these APIs solely to generate outputs you have requested. These processors are contractually prohibited from retaining your data or using it for their own model training.
  • Clerk for authentication and user management.

All subprocessors are contractually required to protect your data consistent with this policy. We are not responsible for their independent practices outside of our direct control.

6. Analytics and Performance Monitoring

We use the following analytics and monitoring tools to improve the Services:

  • Google Analytics (GA4) for anonymized usage analytics. May set cookies (_ga, _ga_*). Does not have access to your financial data.
  • LogRocket for anonymized session replays to diagnose bugs and improve user experience. Does not have access to your financial data.

These tools collect device, browser, and interaction data only. They do not have access to your uploaded financial documents, bank account data, or AI-generated outputs.

You can control or disable cookies through your browser settings.

7. Data Retention

We keep your data only as long as necessary to:

  • Provide the Services.
  • Comply with legal obligations.
  • Resolve disputes and enforce our agreements.

Upon account termination, we will delete or anonymize your data within a commercially reasonable timeframe, unless retention is required by law.

You can request deletion of your data at any time by emailing support@tundraailabs.com.

8. Geographic Scope

BookJonas is designed for and directed at users in the United States. We do not knowingly collect personal data from individuals located in the European Economic Area, United Kingdom, or Switzerland, and we do not represent compliance with the GDPR or UK GDPR. If you are located outside the United States and use the Services, you do so at your own risk and acknowledge that your data will be processed in the United States under U.S. law.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Request access to your personal data.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Opt out of non-essential communications.
  • Request a portable copy of your data.
  • Revoke Plaid access to your financial accounts at any time through your Plaid dashboard or by contacting us.

To exercise these rights, contact support@tundraailabs.com. We may require verification of your identity before processing requests.

10. Children's Privacy

BookJonas is not intended for individuals under 18. We do not knowingly collect information from children. If you believe we have inadvertently collected such information, contact us immediately at support@tundraailabs.com and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will notify you by posting the updated policy with a new effective date and may contact you via email. Continued use of the Services after updates constitutes your acceptance of the revised policy.

12. Notice for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know what personal information we collect, use, and disclose.
  • Right to Delete personal information (subject to certain exceptions).
  • Right to Correct inaccurate personal information.
  • Right to Opt Out of the sale or sharing of personal information (we do not sell or share data for advertising).
  • Right to Limit Use of sensitive personal information (we do not use sensitive data beyond what is necessary to provide the Services).

To make a request, email support@tundraailabs.com with the subject line “CCPA Request.” We may need to verify your identity before fulfilling your request.

We will not discriminate against you for exercising your CCPA/CPRA rights.

13. Contact Us

If you have questions or concerns about this Privacy Policy, contact us at:

Email: support@tundraailabs.com