HomeLegal hubTermsPrivacyAcceptable useContact

Privacy Policy

Last updated: March 28, 2026

This Privacy Policy describes how Benford (“we,” “us,” or “our”) collects, uses, and shares information when you use the Benford SaaS website, application, and related API (collectively, the “Service”).

This policy should be read together with our Terms of Service and Acceptable Use Policy.

1. Who we are

Controller / operator: Benford (add legal entity name and address where required).

Contact for privacy inquiries: [your privacy email].

(Replace bracketed placeholders.)

2. Information we collect

2.1 Account and profile

  • Identity and contact: such as name, email address, and authentication identifiers provided by you or an identity provider (e.g. when you sign up or sign in).
  • Workspace and membership: workspace names, roles, and relationships between users and workspaces.

2.2 Content you submit (“Customer Data”)

  • Files and analysis inputs: datasets you upload (e.g. CSV/XLSX), column selections, analysis configuration (e.g. statistical settings stored per workspace), and derived numeric or tabular data produced during processing.
  • Exports and reports: PDF or CSV exports you generate.

We process Customer Data to operate the features you request (ingestion, analysis, visualization, drill-down, exports, and—where enabled—API access).

2.3 Technical and usage data

  • Logs and diagnostics: server and application logs may include timestamps, request paths, IP addresses, user agents, error codes, and similar metadata needed for security, reliability, and abuse prevention.
  • API usage: for workspaces using the HTTP API, we may log metadata such as API key identifiers (not the secret key itself), workspace association, endpoint, approximate timing, and response status—for example to enforce rate limits, billing tiers, and security.

2.4 Cookies and similar technologies

We use cookies or similar technologies as needed for session authentication, preferences (e.g. theme), and security.

We use Vercel Analytics (from our hosting provider, Vercel) to collect aggregate usage metrics for the website and app—such as page views and navigation patterns—to understand how the Service is used and to improve reliability. Vercel processes this data as a subprocessor under our agreement with them. This analytics product is not used for third-party advertising; we do not use third-party advertising cookies in the core product as described here. Update this section if you add additional analytics or ads.

3. How we use information

We use information to:

  • Provide, maintain, and improve the Service.
  • Authenticate users, enforce workspace access controls, and manage subscriptions or plan features.
  • Operate the API (including authentication, authorization, quotas, and rate limiting).
  • Detect, prevent, and respond to fraud, abuse, or security incidents.
  • Comply with law and enforce our terms.
  • Communicate with you about the Service (e.g. security notices or support).

We do not sell your personal information as a commodity. We do not use Customer Data to train generalized public AI models unless we notify you separately and, where required, obtain consent.

(Adjust the AI sentence if your product uses Customer Data for model training.)

4. Legal bases (if applicable)

If the GDPR or similar laws apply, we rely on bases such as contract (to provide the Service), legitimate interests (security, product improvement balanced against your rights), and legal obligation where required.

5. Sharing and subprocessors

We use service providers (“subprocessors”) to host and operate the Service—for example cloud hosting, managed database and authentication, and deployment platforms. They process data only on our instructions and under appropriate agreements.

A current list of categories or named vendors should be published separately or linked here (e.g. “Subprocessors” page) once your counsel approves.

We may disclose information if required by law, legal process, or to protect rights, safety, or security.

6. Retention

We retain information as long as your account is active and as needed to provide the Service, comply with law, resolve disputes, and enforce agreements.

MVP defaults (subject to change; see workspace plan):

  • Uploaded dataset content (tabular data you provide for analysis) is associated with a raw retention window (currently 30 days from upload for supported tiers).
  • Generated exports (API or app-created PDF/CSV artifacts stored for download) use a separate window: currently 30 days on Free workspaces and 90 days on Pro, after which files may be deleted automatically and download links will stop working.

Customer Data may also be removed when you delete a dataset or workspace. API and security logs are typically retained for a limited period appropriate for troubleshooting and abuse prevention—define concrete periods with your team.

7. Security

We implement technical and organizational measures appropriate to the risk (e.g. encryption in transit where standard for the stack, access controls, hashed API secrets). No method of transmission or storage is 100% secure.

8. International transfers

If we transfer personal data across borders, we use mechanisms recognized by applicable law (e.g. Standard Contractual Clauses) where required.

9. Your rights

Depending on your location, you may have rights to access, correct, delete, export, or restrict certain personal data, and to object or withdraw consent where processing is consent-based.

To exercise rights, contact [your privacy email]. You may also lodge a complaint with a supervisory authority.

10. Children

The Service is not directed at children under the age required for lawful consent in your region. We do not knowingly collect their personal information.

11. Changes

We may update this policy by posting a new version and revising the “Last updated” date. Material changes may be communicated through the Service or email.

12. Contact

Privacy inquiries: [your privacy email].

(Replace with a real address.)