Privacy policy.

Last updated: February 2, 2026

01Introduction

Bandicoot Labs ("we," "our," or "us") develops AI-powered software and websites for businesses. This privacy policy explains how we collect, use, and protect your information when you use our applications and website.

02Information we collect

2.1 Website visitors

When you visit our website (bandicootlabs.com), we collect:

• Basic analytics data (page views, referral sources). We do not use invasive tracking.
• Information you voluntarily provide through contact forms (name, email, business name, message content).

2.2 Application users

When you use our applications, we collect:

• Account information: platform identifiers, subscription plan, authentication tokens.
• Usage data: feature usage patterns, request timestamps, performance metrics.
• Content data: varies by application. See product-specific privacy policies for details.

03How we use your information

We use collected information to:

• Provide and maintain our services.
• Process your requests and transactions.
• Send service-related communications.
• Improve our products and develop new features.
• Ensure security and prevent abuse.
• Comply with legal obligations.

04Data sharing and third parties

We work with trusted third-party service providers to deliver our services:

• Anthropic (Claude AI): AI processing for our applications. Anthropic does NOT use your data for AI training. Privacy policy.
• Cloud infrastructure: we use enterprise-grade cloud hosting providers with SOC 2 and GDPR compliance.
• Payment processing: billing for marketplace apps is handled through the relevant marketplace. We do not store payment information directly.

We do NOT:

• Sell your data to third parties.
• Use your data for advertising purposes.
• Share your data except as described in this policy.

05Data security

We implement industry-standard security measures to protect your information:

• All data transmission uses HTTPS/TLS encryption.
• Secure authentication and access controls.
• Regular security audits and updates.
• Data minimisation. We collect only what's necessary.
• Secure cloud infrastructure with compliance certifications.

06Data retention

We retain your information only as long as necessary:

• Active subscriptions: data is retained while you use our services.
• After cancellation: account data is retained for 90 days, then deleted or anonymised.
• Analytics data: aggregated and anonymised data may be retained indefinitely.
• Legal requirements: some data may be retained longer to comply with legal obligations.

07Your privacy rights

7.1 GDPR rights (European Union)

If you are in the EU, you have the right to:

• Access: request a copy of your personal data.
• Rectification: correct inaccurate information.
• Erasure: request deletion of your data ("right to be forgotten").
• Portability: export your data in a machine-readable format.
• Restriction: limit how we process your data.
• Objection: object to specific processing activities.
• Withdraw consent: withdraw consent at any time.

7.2 CCPA rights (California)

California residents have the right to:

• Know what personal information is collected, used, shared, or sold.
• Request deletion of personal information.
• Opt out of the sale of personal information (we do not sell data).
• Non-discrimination for exercising privacy rights.

7.3 How to exercise your rights

To exercise any of these rights, contact us at privacy@bandicootlabs.com. We will respond to your request within 30 days.

08International data transfers

Our services operate globally. Your data may be processed in the United States and other countries where our service providers operate. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) for EU data transfers.
• Service providers with GDPR and SOC 2 compliance.
• Appropriate technical and organisational safeguards.

09Children's privacy

Our services are designed for business use and are not intended for individuals under 16 years of age. We do not knowingly collect information from children.

10Cookies and tracking

Our website uses minimal analytics to understand how visitors use our site. We do not use invasive tracking or third-party advertising cookies. Our applications do not use cookies. All communication is via secure API calls.

11Changes to this policy

We may update this privacy policy from time to time. Significant changes will be communicated via:

• Email to registered users.
• Notice on our website.
• Updated "Last updated" date at the top of this page.

Continued use of our services after changes constitutes acceptance of the updated policy.

12Contact us

For privacy-related questions, concerns, or to exercise your rights:

13Legal basis for processing (GDPR)

We process your personal data based on:

• Contract: processing necessary to provide our services.
• Legitimate interest: improving our services, security, and fraud prevention.
• Consent: where you have explicitly consented (e.g. marketing communications).
• Legal obligation: compliance with applicable laws.

14Compliance

• GDPR compliant (EU General Data Protection Regulation).
• CCPA compliant (California Consumer Privacy Act).
• SOC 2 infrastructure via trusted providers.
• Data minimisation and purpose limitation.
• Transparent data processing.
• User rights respected and honoured.

This privacy policy is part of our terms of service. By using Bandicoot Labs applications and website, you acknowledge that you have read and understood this policy.