ONLINE
Bento
HomeLegalSecurity Overview
Legal policy

Security Overview

Read the current policy, jump between related documents, and open the canonical source in GitHub when you need the raw markdown.

Policy 6 of 12
Browse every core legal document.
6 sections
In-page anchors for longer documents.
Synced from GitHub
Raw markdown stays one click away.

All policies

Jump to section

This document is rendered from the markdown source used in Bento's public legal repository.

This page provides a general overview of Bento's security practices. It is intended to help customers understand how we protect the Services and customer data.

This page is informational only. It does not amend any agreement with Bento or create independent service levels, warranties, or audit rights unless we expressly agree otherwise in writing.

Security program

We maintain an information security program designed to protect the confidentiality, integrity, and availability of the Services and the data we process.

Our security measures may include:

  • access controls designed to limit internal access to authorized personnel on a need-to-know basis;
  • authentication controls for employee and contractor access to production systems;
  • logging, monitoring, alerting, and abuse-detection controls;
  • vulnerability management, patching, and software update processes;
  • encryption in transit for public-facing services and administrative access where supported;
  • encryption at rest for certain systems, backups, or storage layers where we determine it is appropriate;
  • backup and disaster recovery measures intended to support service restoration;
  • network, platform, and application safeguards designed to reduce unauthorized access; and
  • internal security, privacy, and incident-response processes for personnel who support the Services.

Because security controls evolve over time, the specific measures we use may change as our Services, infrastructure, vendors, and risks change.

Security incident response

If we become aware of a confirmed security incident affecting personal information or customer data for which notification is required by applicable law or our contractual commitments, we will investigate, take reasonable steps to contain and mitigate the incident, and provide notice as required.

Our notice may include, to the extent then known and legally permitted:

  • a general description of the incident;
  • the categories of data affected;
  • the date or estimated date range of the incident;
  • steps we have taken or are taking to investigate, contain, and mitigate the incident; and
  • any recommended customer actions.

Testing and monitoring

We use technical monitoring, logging, and review processes designed to identify suspicious activity, service abuse, fraud, operational failures, and security issues.

We may also review system changes, access events, and vendor controls as part of ordinary security operations.

Customer responsibilities

Security is a shared responsibility. You are responsible for:

  • maintaining the confidentiality of your account credentials, API keys, and connected integrations;
  • enabling and using security features we make available to you;
  • keeping your own devices, networks, browsers, and internal systems secure;
  • configuring your account, integrations, domains, and sender settings appropriately;
  • exporting and retaining any customer data you need outside the Services; and
  • notifying us promptly if you suspect unauthorized access, credential compromise, or misuse of your account.

Data retention and deletion

Our general data handling and retention practices are described in our Privacy Policy and Terms. Customer-specific controller or processor terms, if applicable, may be provided separately through our data processing terms.

Requests for additional information

If you need additional security information for a procurement or review process, please contact support@bentonow.com. We may require a nondisclosure agreement or a signed commercial agreement before sharing non-public information.