BentoCS
Sign inBook a demo

Privacy Policy

Effective: April 19, 2026

This Privacy Policy explains how BentoCS(“we”, “us”, or “our”) collects, uses, and discloses information when you use our website and the BentoCSservice (together, the “Service”). By using the Service you agree to this Policy.

1. Information we collect

Information you provide

  • Account information: name, email address, password, and workspace details.
  • Customer data: records, notes, files, and other content you submit to the Service.
  • Billing information: processed by our payment provider; we receive limited metadata (last four digits, brand, expiry).
  • Support communications: messages you send us.

Information collected automatically

  • Usage data: pages viewed, features used, timestamps, referring URLs.
  • Device and log data: IP address, browser type, operating system, device identifiers, crash reports.
  • Cookies and similar technologies: to keep you signed in and to understand how the Service is used. See Section 6.

2. How we use information

  • Operate, maintain, and secure the Service;
  • Authenticate users and prevent fraud or abuse;
  • Provide customer support and respond to your requests;
  • Send transactional messages (account, billing, security) and, where permitted, product updates;
  • Analyze usage to improve product quality and performance;
  • Comply with legal obligations and enforce our Terms.

We do not sell personal information. We do not use Customer Data to train AI models.

3. Legal bases (EEA / UK users)

If you are in the European Economic Area or the United Kingdom, we process personal information on the following legal bases: performance of a contract (to provide the Service), legitimate interests (to secure and improve the Service), consent (where required, e.g. marketing), and compliance with legal obligations.

4. Sharing of information

We share personal information only as described below:

  • Within your workspace: administrators and members of your workspace can see your account information and activity.
  • Service providers (subprocessors): vendors that help us operate the Service, listed in Section 5.
  • Legal and safety: when required by law, subpoena, or to protect rights, property, or safety.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections.
  • With your consent: for any other purpose disclosed to you at the time.

5. Subprocessors

  • Supabase — database, authentication, file storage
  • Vercel — application hosting and CDN
  • Resend — transactional email delivery
  • Anthropic — AI features (prompts may be sent for processing; not used to train models)
  • Sentry — error monitoring
  • PostHog — product analytics (anonymized / pseudonymized events)

We enter into data-processing agreements with our subprocessors and review them periodically. We will update this list when we engage a new subprocessor.

6. Cookies

We use strictly necessary cookies to operate the Service (e.g. session cookies) and analytics cookies to understand usage. You can control cookies through your browser settings. Disabling strictly necessary cookies may prevent the Service from working properly.

7. Data retention

We retain Customer Data for as long as your account is active. When your account is deleted, we retain Customer Data for up to 30 days in backups before permanent deletion, unless we are required to retain it longer by law. Log and telemetry data is retained for up to 90 days.

8. International transfers

Our infrastructure is primarily located in the United States. If you access the Service from outside the US, your information may be transferred to and processed in countries with different data- protection laws. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

9. Security

We implement technical and organizational measures designed to protect personal information, including encryption in transit, access controls, and audit logging. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security.

10. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate information;
  • Request deletion or restriction of processing;
  • Object to processing or withdraw consent;
  • Receive a copy of your information in a portable format;
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, contact us at team@bentocs.com. For workspace data, your workspace administrator is the controller and requests should be directed to them.

11. California residents

California residents have specific rights under the CCPA/CPRA, including the right to know, delete, correct, and limit use of sensitive personal information. We do not sell or “share” personal information for cross-context behavioral advertising.

12. Children’s privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.

13. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated by email or in-product notice at least 14 days before they take effect. The “Effective” date above will reflect the most recent version.

Contact

Questions or requests: team@bentocs.com