BENTO.Account →

Privacy

Privacy Policy

This policy explains what Bento collects, why it is needed, and the choices available to you.

Effective July 15, 2026

1. Scope and controller

This policy applies to bentobot.org, Bento accounts, the Bento Box client, subscriptions, credits, and the plugin marketplace. Bento, operating through bentobot.org, controls the account information described here. Contact information is provided at the end of this policy.

2. Information we collect

Discord and profile information

When you sign in, we receive your Discord user ID, username, global display name, avatar, email address, and whether Discord reports that email as verified. We also store the unique Bento display name you select.

Account and security information

We record account creation and recent login IP addresses, login times and counts, country, network provider number (ASN), browser or device user-agent, session creation information, and hashed session tokens. We use these records to authenticate you, protect accounts, investigate fraud or access sharing, enforce limits, and respond to security incidents.

Subscription, payment, and credit information

We store customer and subscription identifiers, subscription status and renewal dates, completed payment amounts, credit balance changes, plugin purchase descriptions, refunds, and administrative adjustments. Billing names and addresses entered during checkout, as well as payment details such as full card or bank account numbers, are transmitted to our payment processor for payment and tax processing and are not retained in Bento's database.

Client and plugin information

The Bento Box may send account entitlement checks, client version, plugin purchase and activation records, and security events needed to operate the marketplace and prevent unauthorized sharing. If a plugin sends optional developer telemetry, its disclosure and controls will be presented in the client or marketplace. The website records creditless entitlement so the client can suppress normal third-party developer telemetry when that marketplace integration is active.

3. How we use information

  • authenticate Discord identities and maintain signed-in sessions;
  • create profiles and enforce unique display names;
  • provide subscriptions, downloads, credits, purchases, refunds, and account history;
  • detect compromised or shared accounts, fraud, abuse, and attempts to bypass access controls;
  • review documented rights-holder, authorization, and service-operator complaints;
  • operate, troubleshoot, secure, and improve Bento;
  • respond to support, privacy, payment, and legal requests; and
  • comply with tax, accounting, consumer-protection, and other legal obligations.

4. Legal bases

Where data-protection law requires a legal basis, we process information as needed to perform our contract with you, pursue legitimate interests in service security, fraud prevention and product operation, comply with law, and obtain consent where a specific optional use requires it. You may withdraw consent for an optional use without affecting earlier lawful processing.

5. When information is shared

We disclose information only as needed to:

  • use Discord for authentication and account identity;
  • use payment, hosting, database, security, email, and support providers acting for us;
  • provide a purchased plugin or entitlement to its developer under applicable restrictions;
  • comply with law, valid legal process, or protect users, Bento, or others from harm; or
  • complete a business reorganization, subject to appropriate confidentiality and notice.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising and do not use advertising trackers on the account website.

6. Cookies

The website uses first-party cookies for Discord sign-in state and your authenticated Bento session. They are used for authentication and security, not advertising. The sign-in-state cookie lasts about 10 minutes. The account session can last up to 30 days unless you sign out, it expires, or it is revoked. Because these cookies are necessary to provide the account service, the website does not display an advertising-cookie consent banner.

7. Retention

  • Recent detailed login events are kept for up to 90 days.
  • Session records expire after up to 30 days and may be removed earlier on sign-out or revocation.
  • Core account identity, signup IP, latest-login information, acceptance records, entitlements, and credit history are kept while the account exists.
  • Payment, dispute, rights complaint, fraud, tax, and audit records may be retained longer where reasonably necessary or legally required.

When information is no longer needed, we delete it, anonymize it, or isolate it until safe deletion is possible. Backups may retain limited copies for a short additional period.

8. Security and account-sharing review

We use access controls, encrypted connections, hashed session tokens, server-side authorization, request validation, rate limiting, and audit records. No system is perfectly secure. Login signals may be reviewed when activity suggests sharing or compromise, but we do not ban an account based only on an IP address and do not make solely automated decisions that produce legal or similarly significant effects.

9. Your privacy choices and rights

Depending on where you live, you may request access, correction, deletion, or a portable copy of personal information; object to or restrict certain processing; withdraw consent; or appeal a denied request. You may also complain to your local data-protection authority. We will not discriminate against you for exercising a privacy right.

Send requests using the contact address in Section 11 from the email connected to your Discord account or include your Discord user ID. We may verify identity before fulfilling a request. Some records may be retained where an exception or legal obligation applies.

10. International use and age limit

Service providers may process information in countries other than yours. Where required, we use recognized safeguards for international transfers. Bento is intended for adults age 18 or older and is not directed to children. Contact us if you believe a child provided personal information.

11. Changes

We may update this policy as Bento changes. We will update the effective date and provide prominent notice or request renewed acknowledgment when a material change affects existing users. Questions and privacy requests can be sent to legal@bentobot.org.

BENTO.
TermsPrivacy