Skip to main content
BentoSuiteGet BentoSuite

Privacy Policy

Last updated: December 22, 2025

Privacy — TL;DR

  • We collect your email and minimal anonymous usage data to deliver products and updates.
  • We do not store payment details (Polar.sh acts as Merchant of Record).
  • No Google Analytics or advertising trackers.
  • We have executed Data Processing Agreements (DPAs) with all processors.
  • You can unsubscribe or request data deletion at any time.

This is a summary. Please read the full Privacy Policy below for legal details.

1. Data Controller (Who We Are)

Serhii Shokha – podnik zahraničnej osoby

  • Trade Name: Serhii Shokha – podnik zahraničnej osoby
  • Business Address: Lermontovova 911/3, 811 05 Bratislava-Staré Mesto, Slovakia
  • Company ID (IČO): 55 211 674
  • Trade Register No: 110-323868 (District Office Bratislava)
  • Contact Email: hello@bentosuite.com

We process personal data in accordance with GDPR and Slovak Act No. 18/2018 Coll.

2. Personal Data We Collect & Legal Basis

A. Email Address

Collected when: Free download, waitlist signup, purchase.

Purpose: Product delivery, essential updates.

Legal Basis:

  • Contractual necessity (Art. 6(1)(b) GDPR): Product delivery
  • Consent (Art. 6(1)(a) GDPR): Product updates and newsletters (opt-in at checkout)

B. Payment Data

We do not collect/store payment information. Polar.sh (USA) is Merchant of Record. We receive only payment confirmation + your email for fulfillment.

C. Analytics Data

Vercel Analytics: Aggregated page views, country-level data (anonymized, non-identifiable).

3. Processors and Data Processing Agreements

We use GDPR-compliant processors with executed Data Processing Agreements (DPAs) per GDPR Article 28(3):

ProcessorPurposeDPA StatusSubprocessors
Loops.so (USA)Email deliveryExecutedSee list
Polar.sh (USA)Payments (MoR)ExecutedContact support@polar.sh
Vercel (USA)Hosting/analyticsExecutedSee list

We notify customers of material subprocessor changes via email.

4. International Data Transfers

Data transfers to USA processors are protected by:

  • Standard Contractual Clauses (SCCs 2021) incorporated in DPAs
  • Technical measures: TLS 1.3 encryption, data minimization
  • Transfer Impact Assessment conducted (minimal PII, no sensitive data, supplementary measures adequate)

Full TIA available upon request to Data Controller.

5. Data Retention

Data TypeRetention Period
Email addressesUntil unsubscribe/deletion request (max 24 months post-last interaction)
Order data10 years (Slovak accounting law)
Analytics90 days (aggregated/anonymized)

6. Your GDPR Rights

Access, rectification, erasure, restriction, portability, objection. Contact: hello@bentosuite.com. Response within 30 days.

7. Security

HTTPS/TLS 1.3, access controls, regular audits. No PCI-DSS obligations (no card storage).

← Back to Home