Benetics Privacy Principles

20. July 2023

At Benetics, we treasure every single one of our users: we are on a journey with you, building products for you, and we want to earn your trust every single step of the way.

We commit to being good stewards of your data, and to being open and transparent with you at all times about what happens with your data when you interact with our products.

Our privacy promise to you:

  • We are transparent. We tell you exactly what data we are collecting; keep you updated when data policy changes happen on our side; and give you ways to contact us if you have questions or concerns.

  • You are always in control. Our products make it easy for you to delete data if you wish; to change your preferences on how much data our systems collect; to cleanly remove your user accounts when you wish; and to export your data when and how you wish so you can interact with other systems.

  • We keep you and your data safe. We take the security of your business and your data extremely seriously. We know that your trust in us is built slowly and carefully over a long time, and that even a single mistake would be unacceptable. We encrypt all your data both in transit and at rest, adhering to the strictest industry standards; we design, test, and audit our software with an airtight permissions system so that only people you authorize can see proprietary data; we audit all data access with detailed logs, so we can prove to you when and how data is used; and we make security reviews an ongoing part of every product release.

    We are always reachable for your privacy and security concerns at privacy@benetics.io. Don’t ever hesitate to contact us with questions, problems, ideas, and comments!

    We are committed to a long-term relationship with you and your business, protecting your data every step of the way.

Technical details:

Data storage

  • Business data is stored in Amazon S3 and in Amazon DynamoDB.

  • User login data is stored in Amazon Cognito.

  • Data is backed up at regular intervals, and we are able to restore snapshots of your data when you ask us to, up to a history of 3 months.

  • When you request deletion of your account or data associated with your account, that information is removed within minutes from our serving systems. Removing from data storage (including past snapshots, if any) may take additional time, but is guaranteed to be removed within 3 months.

  • We are able to provide you with exports of your data in most major file formats upon request.

  • Customer business data is stored in the European Union at Amazon’s Frankfurt, Germany datacenter facility

Data processing

  • The email forwarding functionality is hosted in the EU on AWS.

  • To set the location of a Project in Benetics, Google’s maps services are used. That service runs on Google Cloud Platform data centers.

  • For push notifications, Google Cloud Platform’s Firebase service is used.

Data encryption

  • Data at rest in Amazon S3 is encrypted end-to-end using 256 bit AES (details).

  • Data at rest in DynamoDB is also encrypted end-to-end using 256 bit AES (details).

  • Data in transit is encrypted using AWS KMS and TLS on the backend. Encryption from our backend to our clients (mobile, desktop) is also based on TLS.

Who can access data

  • Data access is restricted to members of our product, engineering, and customer success teams who have been granted permission.

  • All access to customer data is logged.

  • Engineers and product managers refrain from direct access to customer data except for 4 cases:

    1) a direct request from the customer who owns the data;
    2) the need to view specific data to resolve a system crash or other failure;
    3) an investigation for security purposes or to otherwise fight misuse of our platform; or
    4) to comply with legal requirements imposed on us.

    Customer success team members analyze data to assist in response to a customer request or to analyze how to improve our features for our customers.

Why and how we process your data

  • We process your data only for certain very specific cases. Outside of the cases given here, we do not process or examine your data.

  • We process your data only for the following reasons:

    1) to fulfill requests from you or your employees in the course of business;
    2) a direct request from you;
    3) our need to resolve system crashes or other failures (“debugging”);
    4) to investigate possible security issues or otherwise fight misuse of our platform;
    5) to improve the feature offerings of our product;
    6) to comply with legal requirements imposed on us.

  • It is important to understand that under no circumstances do we share your data with other companies or entities, except as the law may require.