Privacy Policy

Bonafi B.V. (“Bonafi”, “we”, “us”) operates the Bonafi platform and the website bonafi.ai. Bonafi is a software provider for wealth insight and administration. We are registered in the Netherlands.

• Bonafi B.V., Veerkade 1, Rotterdam, the Netherlands
• Chamber of Commerce (KvK): 42048729
• Contact: info@bonafi.ai

Bonafi B.V. is the data controller for personal data processed through this website and for our own business operations. Where clients use the Bonafi platform to process data about their own clients or family members, Bonafi acts as a data processor on the client’s behalf, under a separate data processing agreement.

Depending on how you interact with us, we may process:

• Contact data — name, email address, phone number and organisation, when you contact us, request a demo or subscribe to updates.
• Account data — name, business email address and login details, when you or your organisation use the Bonafi platform.
• Platform content — documents and financial information that you or your organisation upload to the platform. We process this content only to provide the service.
• Technical data — IP address, browser type and usage information generated when you visit our website or use the platform, used for security, troubleshooting and improving our services.

We do not collect more data than we need, and we do not sell personal data to anyone.

We process personal data to:

• provide and maintain the Bonafi platform (performance of a contract);
• respond to enquiries and demo requests (legitimate interest or pre-contractual steps);
• secure our systems, prevent abuse and meet our legal obligations (legal obligation and legitimate interest);
• send occasional updates you have subscribed to — you can unsubscribe at any time (consent).

Bonafi uses AI to read and structure documents. Your data is not used to train AI models. We have no-training commitments in place with every AI provider we use, and all AI processing takes place within the European Union.

Your data is stored and processed in the European Union. Where we use service providers, they are bound by data processing agreements and process data only on our instructions. We do not transfer personal data outside the EU/EEA unless an adequate level of protection is ensured under applicable law.

We keep personal data no longer than necessary for the purpose it was collected for, or as long as the law requires us to keep it. Platform content is retained for as long as the client agreement runs; on termination, it is returned or deleted in line with that agreement.

We protect personal data with technical and organisational measures, including encryption in transit and at rest, role-based access controls and continuous monitoring. Our security programme is built on the ISO 27000 family of standards; you can follow our controls in our Trust Center.

Under the General Data Protection Regulation (GDPR) you have the right to access, correct, delete or receive a copy of your personal data, to restrict or object to processing, and to withdraw consent at any time. To exercise any of these rights, email info@bonafi.ai. We respond within one month.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl).

We may update this policy from time to time. The latest version is always available on this page, with the date of the last update shown at the top.

Questions about this policy or about how we handle your data? Contact us at info@bonafi.ai.