Privacy Policy

Effective: April 12, 2026 · Operator: Bonis Systems LLC · UEI R2BPJDC5CBA3

TrustAI is operated by Bonis Systems LLC ("we," "us"). This Privacy Policy describes how we collect, use, safeguard, and disclose information when you use trustailaw.com and related services ("Services").

1. Information We Collect

You provide

• Account registration details (name, email, password)
• Case materials you upload (documents, images, PDFs, spreadsheets)
• Entity, timeline, and finding data you enter
• Communications with us (email, phone, messages)

Collected automatically

• IP address (hashed; raw IPs are never stored)
• User-agent fingerprint (hashed)
• Page and API request logs
• Session tokens (httpOnly, secure, sameSite cookies)

Derived through AI processing

• Analysis results from the TrustAI forensic engine
• Cross-validation outputs
• Entity extraction and timeline reconstruction

2. How We Use Information

• Operate, maintain, and improve the Services
• Perform the forensic analysis you request
• Maintain the Knox Blockchain audit trail (hashes only; no PII on-chain)
• Communicate with you about your account and support inquiries
• Detect, investigate, and respond to fraud, misuse, or security incidents
• Comply with legal obligations, including HIPAA where applicable

3. PII / PHI Scrubbing

TrustAI automatically redacts eighteen HIPAA Safe Harbor identifiers plus financial and legal PII (SSN, EIN, bank account, routing numbers, credit card, phone, email, date of birth, ZIP, IP address, medical record number, driver license, and more) from logs, AI prompts, and any external transmission. The originals remain encrypted at rest in your case storage; redacted versions are used for logging, analytics, and AI processing where possible.

4. How Information Is Protected

• Knox Blockchain security layer — 13 layers including DDoS protection, bot detection, payload inspection, honeypots, brute force prevention, IP threat scoring, CSP, HSTS, request fingerprinting, AES-256-GCM encryption at rest, TLS 1.3 in transit, permissions-policy
• NIST SP 800-53 Rev 5 control families AC, AU, IA, SC, SI, IR, CM
• Immutable audit trail — every case event recorded on a SHA-256 hash chain with hourly Merkle anchoring and Bitcoin publication via OpenTimestamps
• Bcrypt-hashed credentials (12 rounds), UUID session tokens
• Google Cloud Platform hosting on FedRAMP High authorized infrastructure

5. Information Sharing

We do not sell personal information. We do not rent, trade, or otherwise monetize case data. We may disclose information only:

• To service providers under written confidentiality obligations (Google Cloud, Anthropic API)
• To comply with subpoenas, court orders, or lawful governmental requests
• To protect the rights, property, or safety of Bonis Systems, our users, or the public
• In connection with a merger, acquisition, or sale of assets, subject to this policy continuing to apply

6. AI Processing by Anthropic

TrustAI uses Anthropic's Claude API for analytical processing. Content sent to Anthropic is processed subject to Anthropic's commercial terms, which prohibit training on customer data. PII is scrubbed before transmission where feasible. You consent to this processing by uploading case materials.

7. HIPAA and BAA

If you are a HIPAA covered entity and wish to engage TrustAI in a capacity involving Protected Health Information, a signed Business Associate Agreement is available at /baa. Contact jonisfields@gmail.com to execute.

8. Your Rights

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion (subject to legal retention obligations)
• Export your case data in a machine-readable format
• Object to certain processing activities

Email jonisfields@gmail.com to exercise any right. Response within 30 days.

9. Retention

Active case data is retained for the life of your account plus seven years, consistent with legal and forensic accounting retention norms. Knox Blockchain audit trail entries are retained permanently as part of the immutable record. You may request deletion at any time; we will delete within 30 days subject to legal holds.

10. Children

The Services are not directed to anyone under 18. We do not knowingly collect information from children.

11. International Users

Services are operated from the United States. By using the Services you consent to transfer of your information to the US.

12. Changes

We may update this Policy. Material changes will be announced at least 30 days before taking effect. Continued use constitutes acceptance.

13. Contact

Bonis Systems LLC
Attn: Privacy
30 N Gould St Ste N, Sheridan, WY 82801
jonisfields@gmail.com · (210) 315-7759