Privacy Policy - Bandicoot Labs
Last updated: February 1, 2026
Privacy Commitment: Your draft messages are processed in real-time and NOT permanently stored. Anthropic (our AI provider) does NOT use your data for AI training.
1. Information We Collect
1.1 Draft Message Text (Temporary)
When you click the "Polish" button:
- Your draft message text is sent to our backend server
- The text is forwarded to Anthropic's Claude API for processing
- The polished result is returned to you
- The text is NOT stored permanently - it exists only in memory during processing
1.2 Usage Metadata (Stored)
We collect and store the following metadata for billing and analytics:
- Zendesk subdomain (e.g., "yourcompany.zendesk.com")
- Agent ID (anonymized Zendesk user ID)
- Ticket ID (for context, not message content)
- Timestamp of polish request
- Token usage (for cost tracking)
- Processing time
1.3 Account Information
- Zendesk account subdomain
- Subscription plan (Free or Pro)
- Backend authentication token (randomly generated)
2. How We Use Your Information
| Data Type |
Purpose |
Retention |
| Draft message text |
AI processing only |
Not retained |
| Usage metadata |
Billing, rate limiting, analytics |
Indefinitely |
| Account info |
Authentication, service delivery |
While subscription active |
3. Third-Party Services
3.1 Anthropic (Claude AI)
What they do: Process your draft text and return polished versions
Data sent: Draft message text only
Data retention: Anthropic does NOT store your text or use it for training
Compliance: SOC 2 Type 2, GDPR compliant
Privacy policy: anthropic.com/privacy
3.2 Supabase (Database)
What they do: Host our PostgreSQL database for usage tracking
Data stored: Usage metadata and account information (NOT message text)
Location: US-West region
Compliance: SOC 2, GDPR compliant
Privacy policy: supabase.com/privacy
3.3 Railway (Backend Hosting)
What they do: Host our backend API server
Data processed: API requests pass through their infrastructure
Location: US regions
Privacy policy: railway.app/legal/privacy
4. Data Security
We implement industry-standard security measures:
- All data transmission uses HTTPS/TLS encryption
- Database connections are encrypted
- Backend tokens are randomly generated and securely stored
- Access to production systems is restricted and logged
- Regular security audits and updates
5. Data Retention
- Draft message text: NOT retained (processed in real-time only)
- Usage metadata: Retained indefinitely for billing and analytics
- Account information: Retained while your subscription is active
- After cancellation: Account data retained for 90 days, then anonymized
6. Your Rights (GDPR)
If you are in the EU, you have the right to:
- Access: Request a copy of your stored data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Export your usage data in machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to specific processing activities
To exercise these rights, contact us at: privacy@bandicootlabs.com
7. California Privacy Rights (CCPA)
California residents have the right to:
- Know what personal information is collected
- Know whether personal information is sold or disclosed
- Opt-out of the sale of personal information (we do NOT sell your data)
- Request deletion of personal information
- Non-discrimination for exercising privacy rights
8. Children's Privacy
Bandicoot Labs applications are intended for business use only. We do not knowingly collect data from individuals under 16 years of age.
9. International Data Transfers
Your data may be processed in the United States and other countries where our service providers operate. By using the App, you consent to the transfer of your data to these locations. We ensure adequate safeguards through:
- Standard Contractual Clauses (SCCs) with EU-approved terms
- Service providers with GDPR compliance certifications
10. Cookies and Tracking
The App does not use cookies. All data is transmitted via API calls from the Zendesk interface.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated via:
- Email to registered administrators
- Notice in the Zendesk Marketplace
- Updated "Last updated" date at the top of this page
12. Contact Us
For privacy-related questions or to exercise your rights:
Privacy Contact:
Email: privacy@bandicootlabs.com
General Support: support@bandicootlabs.com
Data Protection Officer:
Bandicoot Labs
Website: https://bandicootlabs.com
13. Compliance Summary
- ✓ GDPR compliant (EU General Data Protection Regulation)
- ✓ CCPA compliant (California Consumer Privacy Act)
- ✓ SOC 2 infrastructure (via Anthropic, Supabase)
- ✓ Data minimization (we collect only what's necessary)
- ✓ Transparent processing (this policy explains everything)
- ✓ User rights respected (access, deletion, export)
Questions about your privacy?
We're here to help. Email us anytime at privacy@bandicootlabs.com and we'll respond within 48 hours.
This Privacy Policy is part of our Terms of Service. By using Bandicoot Labs applications, you acknowledge that you have read and understood this policy.