01
Scope and data controller
This policy applies to bentostudio.net, the Bento macOS app, Bento Cloud features, and support channels. It explains how Bento collects, uses, stores, and shares personal information.
The data controller is JIN HANGBIN, an individual developer based in China and the operator of Bento. The contact address is Room 2504, Zhongtian Junfu East Zone, Qingshanhu Subdistrict, Hangzhou, Zhejiang, China. Privacy requests can be sent to founders@bentostudio.net. A Data Protection Officer has not been appointed because one is not currently required for Bento’s processing activities.
02
Information we collect
We collect information needed to operate the features you choose:
- Account information, such as your email address, sign-in provider identifier, and profile details provided through Google or another available sign-in method.
- Plan and transaction information, such as plan status, billing interval, Credit grants and use, transaction amount and status, and payment identifiers. Bento does not receive or store full payment-card numbers.
- Cloud request inputs, when you choose a hosted generation, agent, transcription, or analysis feature. Depending on the request, this can include prompts, selected reference media, audio, video, transcript text, and limited project context.
- Device, network, and website information, such as IP address, browser type, device and operating-system information, time zone, pages requested, request time, and security or delivery logs.
- Service and security records, such as selected model, task status, app version, request timing, usage events, Credit ledger entries, and events used to prevent abuse, enforce limits, and troubleshoot failures.
- Optional diagnostics, such as crash reports, stack traces, error details, app version, device and operating-system information, and technical feature-use events when you enable diagnostic reporting.
- Support information, including the content of emails, feedback, and other communications you send to Bento.
We do not intentionally collect precise location data, address-book contacts, or the contents of local projects unless you deliberately select content for a cloud feature or support request.
03
How we use information
- Contract performance: authenticate users, provide requested local and cloud features, maintain accounts and Credits, process subscriptions, and provide support.
- Legitimate interests: secure the service, prevent fraud and abuse, troubleshoot failures, measure reliability, and improve product performance in ways that do not override your rights.
- Legal obligations: maintain required transaction records, respond to lawful requests, and comply with tax, accounting, consumer-protection, and other applicable laws.
- Consent: collect optional diagnostics or send marketing communications where consent is required. You may withdraw consent at any time without affecting earlier lawful processing.
We may use aggregated or de-identified information that can no longer reasonably identify you for statistics and product planning. We do not sell personal information, including “sale” as defined by applicable privacy laws.
04
Local editing, diagnostics, and cookies
Your local projects, timeline edits, imported media, and exports stay on your Mac by default. Bento does not upload your entire local project merely because you install or use the editor.
You can control diagnostic reporting in Settings → Privacy. If enabled, diagnostics may be sent to Sentry. Diagnostic reporting is designed not to include your media or project content. Turning it off takes effect after restarting the app.
The website and account services may use strictly necessary cookies or similar storage for security, session management, and essential preferences. Bento does not currently use advertising cookies or sell cookie-derived information. If optional analytics or marketing cookies are introduced, we will update this policy and provide any consent controls required by law.
05
AI and cloud processing
Cloud features are optional. When you invoke one, Bento routes only the content needed for that feature through our backend to the relevant infrastructure or AI provider. Providers can vary by selected model and feature and may process requests in jurisdictions other than your own.
Examples include hosted image or video generation, agent requests, and cloud transcription. Model providers may retain limited request data under their own terms for fraud prevention, billing, security, or reliability. Review the provider information shown for a feature before submitting especially sensitive material.
We do not use your local project files, media, or cloud-request content to train Bento models without your express consent. We use cloud-request content only to deliver, secure, troubleshoot, and support the feature you request. A third-party provider’s data practices may differ, so this policy does not replace the provider terms that apply to a selected model.
06
Service providers and sharing
We use service providers only as needed to run Bento, including Supabase for account and backend services, Waffo Pancake for merchant-of-record and payment services, Cloudflare for website and download delivery, Sentry for opted-in diagnostics, Google for an available sign-in option, and the infrastructure or AI provider used for a requested cloud feature.
We may also disclose information when required by law; to protect Bento, users, or others; in connection with a merger, acquisition, or other business transfer where privacy obligations continue; or at your direction or with your consent.
When paid subscriptions become available, payment-card data will be processed by Waffo Pancake and its PCI-DSS-compliant payment partners and will not be stored on Bento’s servers. Waffo Pancake acts as an independent controller for payment, billing, tax, fraud, refund, and merchant-of-record transaction data.
07
International transfers
Bento is operated from China, while service providers may process information in China, the United States, Singapore, the European Economic Area, or other locations where they operate. Privacy protections in those locations may differ from those in your country.
Where required by applicable law, we use appropriate safeguards for international transfers, such as contractual data-protection terms, the European Commission’s Standard Contractual Clauses, transfers to jurisdictions recognized as providing adequate protection, or another legally recognized mechanism.
08
Retention and security
- Account information: while the account is active and for up to 90 days after a verified deletion request, unless a longer period is required for security, disputes, or law.
- Billing and transaction records: for up to 7 years after the transaction, or longer if required by tax, accounting, or payment laws.
- Service and security logs: normally for up to 12 months.
- Support communications: normally for up to 2 years after the request is closed.
- Cloud-request content: only as long as needed to complete, secure, and troubleshoot the request, normally no more than 30 days in Bento-controlled systems. A model provider may apply a different disclosed period under its own terms.
- Backups: deleted data may remain in protected backups for up to 90 additional days before being overwritten.
When a period ends, we delete or anonymize the information unless continued retention is legally required. We use reasonable safeguards including HTTPS/TLS in transit, access controls, least-privilege practices, and protected service credentials. No system is completely secure.
If a personal-data breach is likely to affect your rights, we will notify affected users and relevant authorities without undue delay and within legally required periods, including within 72 hours where that standard applies.
09
Your choices and rights
You can choose not to use cloud features, turn off diagnostic reporting, and stop using Bento Cloud. Depending on where you live, you may request access, correction, deletion, export, restriction, or objection; withdraw consent; or receive a portable copy of certain personal information.
Email founders@bentostudio.net from the address associated with your Bento account and describe your request. We may need to verify your identity. We aim to respond within 30 calendar days, or within another period required by applicable law.
If you are not satisfied with our response, you may complain to the privacy or data-protection authority in your jurisdiction. Some information cannot be deleted immediately when retention is required by law, needed to protect the service, or necessary to establish or defend legal claims.
10
Marketing and third-party services
Bento does not currently send promotional marketing communications. If we introduce them, we will provide any consent mechanism required by law and a working unsubscribe link or account control. Opting out of marketing will not stop necessary service, billing, security, or legal notices.
Bento may link to or integrate third-party services. Their privacy practices and terms govern information they collect directly, and this policy does not control those practices. Review their policies before using an integration or submitting information.
11
Children and policy changes
Bento is intended for users aged 18 or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided personal information, contact us so we can investigate and delete it where required.
We may update this policy when Bento changes. We will provide at least 15 days’ advance notice of material changes by email, in-app notice, or a prominent website notice unless an earlier change is required by law or urgent security needs. We will update the date and version shown on this page.
12
Contact
Privacy and support email: founders@bentostudio.net
Data controller: JIN HANGBIN, individual developer
Address: Room 2504, Zhongtian Junfu East Zone, Qingshanhu Subdistrict, Hangzhou, Zhejiang, China