ONLINE
Bento
HomeLegalPrivacy Policy
Legal policy

Privacy Policy

Read the current policy, jump between related documents, and open the canonical source in GitHub when you need the raw markdown.

Policy 2 of 12
Browse every core legal document.
24 sections
In-page anchors for longer documents.
Synced from GitHub
Raw markdown stays one click away.

All policies

Jump to section

This document is rendered from the markdown source used in Bento's public legal repository.

This Privacy Policy explains how Bento collects, uses, discloses, and otherwise handles personal information when you use bentonow.com, our applications, APIs, and related services.

When we say Bento, we, us, or our, we mean Backpack Internet Pty. Ltd. trading as Bento Software.

This policy applies to personal information we handle about:

  • visitors to our websites;
  • people who create or use a Bento account;
  • people who contact us, subscribe to our updates, or otherwise interact with us; and
  • contact data, event data, and message content that our customers upload to or process through Bento, to the extent we handle that information for or on behalf of the customer.

If you use Bento to process personal information about your own contacts, subscribers, customers, or users, you are responsible for making sure you have the necessary rights, notices, and consents for that processing. In those situations, you generally control the data you upload to Bento, and we handle it on your behalf in order to provide, secure, support, and improve the Services, prevent abuse, and comply with law.

If Bento processes personal information for you as a processor or service provider, our data processing terms available through gdpr.bentonow.com may also apply, together with any other agreement you have with us. This Privacy Policy describes our general privacy practices. The more specific controller, processor, security, and transfer terms in your agreement with us or the applicable data processing addendum will control to the extent of any inconsistency.

Our role

Bento does not have the same role for every type of personal information we handle.

  • For account, billing, marketing, website visitor, support, and business operations data, we generally act as a controller or business that decides how that information is used.
  • For contact data, event data, message content, and similar customer-uploaded information processed through the Services on a customer's behalf, we generally act as a processor or service provider.
  • If you are a recipient, subscriber, customer, or end user of a Bento customer, that customer is usually the primary party responsible for your relationship data, campaign content, and messaging choices. In many cases, you should contact that customer first.

Additional information about our subprocessors, security practices, and government requests handling is available on our legal pages.

1. Information we collect

We may collect the following categories of information, depending on how you interact with Bento:

Account and billing information

This may include your name, work email address, company name, billing address, payment details, and other information needed to create, administer, and charge your account. Payment card details are generally processed by our payment providers rather than stored directly by us.

Service and technical information

When you visit our websites or use the Services, we may collect technical and usage data such as:

  • IP address;
  • browser type and version;
  • device type and operating system;
  • pages or screens viewed;
  • time and date of access;
  • referring URLs;
  • approximate location derived from IP address;
  • error logs; and
  • account, session, and authentication activity.

Customer content and contact data

If you use Bento, we may process information that you upload to the Services or instruct us to process for you, including mailing lists, subscriber and customer data, event data, automations, templates, campaign content, transactional content, and message metadata. We generally handle this information on your behalf so that you can create, send, route, automate, and analyse email, SMS, and related communications through Bento.

Communications and support information

If you contact us, respond to our emails, submit a support request, or otherwise communicate with us, we may collect the contents of those communications and related contact details.

Information from third parties

We may receive information from payment providers, analytics providers, integration partners, fraud and abuse tools, customer referral sources, and other third parties that help us operate, secure, market, or support the Services.

2. How we use information

We may collect, use, disclose, and otherwise handle personal information that we control to:

  • provide, operate, maintain, and secure the Services;
  • create and administer accounts;
  • process payments and collect amounts owed to us;
  • send, route, process, and support email, SMS, and other communications requested through Bento;
  • provide customer support and respond to questions or requests;
  • detect, investigate, and prevent spam, fraud, abuse, security incidents, unlawful activity, and violations of our agreements or policies;
  • monitor performance, debug issues, and improve the Services;
  • communicate with you about the Services, account activity, billing, legal notices, and policy changes;
  • send marketing communications about Bento where permitted by law;
  • comply with legal obligations, enforce our rights, and resolve disputes; and
  • evaluate, protect, and improve our products, business, and infrastructure.

For customer content and contact data processed through Bento on behalf of a customer, we generally use that information only to:

  • provide, operate, secure, and support the Services requested by that customer;
  • send, route, process, personalise, deliver, or suppress communications at the customer's direction;
  • generate reporting, analytics, deliverability insights, and message performance information for the customer;
  • detect, investigate, prevent, and mitigate spam, fraud, abuse, security incidents, and policy violations;
  • comply with law, enforce our agreements, and protect Bento, our customers, recipients, and the Services; and
  • create aggregated or de-identified analytics, insights, and operational metrics that do not reasonably identify the customer or any individual.

We do not use customer-uploaded contact lists or message content to market Bento to those contacts for our own independent marketing purposes.

3. Legal bases for processing

Where applicable law requires us to identify a legal basis for processing, we generally rely on one or more of the following:

  • performance of a contract with you, or taking steps at your request before entering into a contract;
  • our legitimate interests, including operating the Services, preventing abuse, improving performance, protecting our legal rights, and marketing Bento;
  • your consent, where required by law; and
  • compliance with legal obligations.

Where we rely on your consent, you may withdraw it at any time. Withdrawal does not affect processing that has already taken place.

4. Disclosure of personal information

We may disclose personal information to:

  • our employees, contractors, related companies, and advisers;
  • service providers that help us operate the Services, including hosting, infrastructure, analytics, logging, payment processing, support, communications, fraud prevention, and security providers;
  • integration partners and third-party services that you choose to connect to your Bento account;
  • law enforcement, regulators, courts, tribunals, and similar authorities where required or permitted by law;
  • debt collection, payment recovery, or similar providers where amounts remain unpaid; and
  • a buyer, successor, or counterparty involved in a merger, acquisition, financing, reorganisation, sale of assets, or similar transaction.

A current overview of the subprocessors and similar service providers we may use is available on our Subprocessors page.

We may also disclose information where we reasonably believe it is necessary to enforce our agreements, investigate misuse, protect the Services, or protect the rights, property, and safety of Bento or others.

If you connect Bento to a third-party integration, app, platform, or service, you instruct us to share relevant information with that provider as needed to operate the integration you enabled. Your use of that third-party service is governed by the provider's own terms and privacy practices.

5. U.S. state privacy disclosures

This section applies to residents of U.S. states with privacy laws that require additional disclosures, subject to any exemptions or exceptions that apply.

Categories of personal information

In the preceding 12 months, we have collected the categories of personal information described in Section 1, including:

  • identifiers and contact details;
  • commercial and billing information;
  • internet, network, device, and usage information;
  • account, authentication, and support activity;
  • customer content, contact data, event data, and message metadata that customers choose to process through Bento; and
  • in limited cases, inferences or insights generated from usage patterns, account activity, or campaign performance for security, abuse prevention, analytics, and service improvement purposes.

Sources of personal information

We collect personal information:

  • directly from you;
  • automatically from your browser, device, account activity, and use of the Services;
  • from our customers when they upload or sync data into Bento;
  • from payment providers, analytics providers, integration partners, fraud and abuse tools, and similar service providers; and
  • from other lawful sources such as referrals, business partners, or publicly available sources.

Why we collect, use, and disclose personal information

We collect, use, and disclose personal information for the business and commercial purposes described in Section 2 and Section 4, including to provide the Services, process payments, secure and improve the Services, detect abuse, support integrations, communicate with you, market Bento where permitted by law, and comply with legal obligations.

How we disclose personal information

We disclose the categories of personal information described above to the categories of recipients listed in Section 4, including:

  • service providers, contractors, and subprocessors that help us operate Bento;
  • integration partners and third-party services you choose to connect;
  • advisers, related companies, and transaction counterparties;
  • law enforcement, regulators, courts, and similar authorities; and
  • collection, fraud prevention, and security providers.

We do not sell personal information for money. We may, however, allow certain analytics, advertising, or measurement providers on our marketing properties to collect information through cookies or similar technologies for Bento's own marketing and performance measurement. Depending on the jurisdiction and how the relevant law is interpreted, that type of disclosure may be treated as a "sale", "sharing", or use for targeted advertising. Where applicable law gives you the right to opt out of those disclosures, you may exercise that right using the methods described in Section 8.

We do not knowingly sell or share the personal information of children under 16.

Sensitive personal information

We do not use or disclose sensitive personal information for the purpose of inferring characteristics about individuals. We use any sensitive personal information we handle only for the limited purposes permitted by applicable law, such as providing the Services, processing payments, securing accounts, detecting fraud, complying with law, or otherwise as directed by our customers.

6. International transfers

The personal information we collect may be stored and processed in Australia, the United States, and other countries where we, our affiliates, or our service providers operate.

Where applicable law requires additional safeguards for international transfers, we will use safeguards that we consider appropriate and legally sufficient for the circumstances, which may include contractual protections or other recognised transfer mechanisms.

By using the Services or providing information to us, you acknowledge that information may be transferred to and processed in countries outside your place of residence. Those jurisdictions may not provide the same legal protections as your home jurisdiction.

7. Retention and security

We retain personal information for as long as reasonably necessary for the purposes described in this policy, including to provide the Services, comply with legal obligations, resolve disputes, enforce our agreements, maintain backups, and protect our business.

How long we retain personal information depends on the type of information, the nature of our relationship with you or our customer, the Services involved, our legal and operational needs, backup and disaster recovery cycles, and whether we need the information to establish, exercise, or defend legal claims.

For account and business records that we control directly, we may retain information for as long as the account remains active and for a reasonable period afterwards for billing, support, compliance, fraud prevention, security, and dispute resolution.

For customer-uploaded content and similar service data, subject to legal obligations, security needs, abuse investigations, disputes, enforcement, unpaid amounts, and ordinary backup processes, we generally aim to begin deletion from active systems within 30 days after account closure or a verified deletion request, and to allow residual encrypted backups to expire or be overwritten in the ordinary course within up to 90 days after that.

We use commercially reasonable technical and organisational measures to protect personal information against loss, misuse, and unauthorised access, disclosure, alteration, or destruction. More information about our general security practices is available in our Security Overview. No system or method of transmission is completely secure, and we do not guarantee absolute security.

8. Your rights and choices

Depending on where you are located, you may have rights to access, correct, delete, restrict, object to, or request portability of personal information we hold about you.

You may also:

  • unsubscribe from marketing communications using the unsubscribe link in those communications;
  • ask us to update or correct account information;
  • request details about personal information we hold about you; and
  • make a complaint to us or, where applicable, to a regulator or data protection authority.

If you are a Bento customer and the request relates to personal information that you control inside the Services, we may direct you to handle the request directly through your account or under your agreement with us.

If you are an end user, subscriber, or recipient of one of our customers and your request relates to data that customer controls in Bento, you should usually contact that customer first. We may forward your request to the relevant customer or ask you for more information so we can determine who controls the data.

If you are a resident of a U.S. state with an applicable privacy law, you may also have the right to:

  • opt out of targeted advertising, profiling in furtherance of decisions that produce legal or similarly significant effects, or disclosures that may be treated as a sale or sharing of personal information;
  • appeal a decision we make about your privacy request, by replying to our response or contacting us using the details in Section 13; and
  • use an authorised agent to make a request on your behalf, subject to our ability to verify the agent's authority and, where permitted by law, your identity.

If we receive personal information about you from a third party, we will handle it in accordance with this policy. If you provide personal information about another person to us, you represent and warrant that you have the right to do so.

The Services are not directed to children. We do not knowingly collect personal information from children under 16.

We will comply with applicable law in respect of any notifiable data breach.

9. Cookies and similar technologies

We use cookies and similar technologies to help operate, secure, and improve our websites and Services. For more information, please refer to our Cookie Policy.

10. Business transfers

If we or our assets are acquired, financed, reorganised, or transferred, personal information may be disclosed to the relevant parties as part of that process and transferred as part of the transaction.

11. Third-party sites and services

Our websites or Services may contain links to third-party sites or integrate with third-party services. We are not responsible for the privacy practices of those third parties.

12. Changes to this policy

We may update this Privacy Policy from time to time. We may provide notice of updates by posting the revised version on our website, through the Services, or by other means we consider appropriate. If this Privacy Policy is incorporated into another agreement with you that requires a longer notice period, that longer notice period will control to the extent required.

Your continued use of the Services after the updated policy becomes effective means you accept the revised policy, to the extent permitted by law.

13. Contact us

If you have questions, requests, or complaints about this Privacy Policy or our handling of personal information, please contact us through bentonow.com/contact or by emailing support@bentonow.com.

You can also review our Subprocessors page, Security Overview, Government Requests Policy, and Abuse Reporting page for additional information about specific privacy-related topics.

Last updated: 2026-03-19