Privacy Policy

Benchside provides vendor evaluation intelligence for enterprise technology buyers. When you use the product, your organization (the “customer”) is the controller of the data you submit, and Benchside acts as a processor on its behalf. This policy covers both our website and the application.

We collect only what we need to run the service:

• Account data: name, work email, organization name, role.
• Content you submit: project details, vendor proposals, and notes you enter to generate outputs.
• Usage data: log events, feature usage, and audit records (action, timestamp, IP address) used for security and account history.
• Billing data: handled by our payment processor; we never store full card numbers.

We do not sell personal data, and we do not use your submitted content to train third-party models.

To provide and secure the service, generate the outputs you request, communicate with you about your account, process payments, meet legal obligations, and detect or prevent abuse. We do not use your data for advertising.

To generate outputs, the content you submit is sent to our AI processing provider under a data processing agreement that prohibits using your content to train their models. Inputs are wrapped and sanitized before processing. We retain generated outputs in your organization’s workspace until you delete them.

Data is encrypted in transit (TLS) and at rest. Each organization’s data is isolated at the database layer through row-level security. OAuth tokens for integrations are encrypted with AES-256-GCM. Access to production systems is restricted and logged. See our Security overview for detail.

We share data only with the vetted infrastructure providers required to run the service (hosting, database, AI processing, email, payments, error monitoring). Each is bound by a data processing agreement. The current list is on our Subprocessors page. We may also disclose data where legally required.

We retain account and content data for as long as your organization maintains an active account, and for a limited period afterward to meet legal, audit, and security obligations. You can request earlier deletion as described below.

Depending on your jurisdiction (including the GDPR and CCPA), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Account owners can export or delete organization data from account settings, or by emailing privacy@benchside.ai. We respond within the timeframes required by law.

We offer data residency options for eligible plans. Where data is transferred across regions, we rely on appropriate safeguards such as standard contractual clauses.

We will post material changes to this policy here and update the date above. For any privacy request or question, contact privacy@benchside.ai.