🔒 Privacy Policy

Last updated March 1, 2026

BENED SUPPORT — PRIVACY POLICY
Effective Date: March 1, 2026
Last Updated: April 22, 2026

BENED LLC ("BENED", "we", "us", or "our")
Glendale, Arizona
[email protected]

──────────────────────────────────────────────────────────────

1. INTRODUCTION

This Privacy Policy describes how BENED collects, uses, stores,
and protects your personal information when you use the BENED
Customer Support system at support.bened.works ("Service").

We are committed to protecting your privacy and handling your
data in a transparent, responsible manner.

2. INFORMATION WE COLLECT

2.1  Account Information (from BENED SSO / Keycloak):
     - Name (given name, family name, display name)
     - Email address
     - Keycloak user ID (UUID)
     - Profile picture URL (if set)

2.2  Information You Provide:
     - Phone number (optional, for urgent contact)
     - Ticket subjects, descriptions, and messages
     - File attachments uploaded to tickets
     - Notification preferences

2.3  Automatically Collected Information:
     - IP address
     - Browser user agent string
     - Session identifiers (cookies)
     - Timestamps of actions (ticket creation, messages)

2.4  Consent Metadata (when agreeing to legal documents):
     - IP address at time of consent
     - Browser user agent
     - Screen resolution, timezone, language, platform
       (browser fingerprint — for legal record-keeping only)
     - Timestamp of agreement

3. HOW WE USE YOUR INFORMATION

We use the information collected to:
  a) Provide and maintain the support ticket Service
  b) Authenticate your identity and manage your session
  c) Communicate with you about your support tickets
  d) Send email notifications based on your preferences
  e) Improve the Service and user experience
  f) Comply with legal obligations
  g) Prevent fraud and ensure Service security
  h) Maintain legally required consent records

4. DATA STORAGE AND SECURITY

4.1  Database: Your account and ticket data are stored in a
     secured relational database hosted on BENED-controlled
     server infrastructure located in the United States.
     Specific server locations, IP addresses, and internal
     network topology are treated as confidential security
     information and are not publicly disclosed.

4.2  File Storage: Uploaded attachments are stored on an
     encrypted, US-based cloud object storage platform and
     served through a content delivery network.

4.3  File Scanning: All uploaded files are scanned for malware
     before being stored.

4.4  Encryption: All data in transit is encrypted via TLS 1.2
     or higher (HTTPS). Database connections occur over
     encrypted, authenticated channels on a private network.

4.5  Access Control: Only authenticated users can access their
     own tickets. Staff access is limited to authorized BENED
     team members on a least-privilege basis, and administrative
     actions are logged.

4.6  Security Disclosures: We do not publish specific details
     about our server infrastructure, IP addresses, hostnames,
     or security controls. If you believe you have identified
     a vulnerability, please report it responsibly to
     [email protected] rather than through public channels.

5. DATA SHARING

5.1  We do NOT sell your personal information to third parties.

5.2  We may share your information with:
     - Other BENED ecosystem services (via internal APIs) for
       identity verification, consent record storage, and
       profile synchronization across BENED apps.
     - Vetted service providers who assist in operating the
       Service, including cloud object storage, certificate
       authorities, and server hosting providers. These
       providers are bound by contract to use your information
       only for the purpose of providing their services to us.
     - Law enforcement or government authorities, when
       required by valid legal process.

5.3  All BENED ecosystem services are operated by BENED LLC
     and share common authentication and identity infrastructure.

5.4  A current list of the categories of sub-processors we use
     is available upon request by contacting
     [email protected].

6. COOKIES AND SESSIONS

6.1  We use session cookies strictly to maintain your
     authenticated session while you use the Service. These
     cookies are marked HttpOnly and Secure, use a restrictive
     SameSite policy, and expire when your browser session
     ends or your authentication token expires.

6.2  We do NOT use tracking cookies, advertising cookies,
     or third-party analytics cookies.

6.3  We use Umami (self-hosted at analytics.bened.works) for
     privacy-respecting, cookie-free analytics.

7. DATA RETENTION

7.1  Active Tickets: Retained for the duration of the ticket
     lifecycle and for 3 years after resolution.

7.2  Closed Tickets: Retained for 3 years after closure for
     reference and legal compliance.

7.3  User Accounts: Retained as long as your BENED Account is
     active. Deactivated accounts are purged after 1 year.

7.4  Uploaded Files: Retained alongside their associated
     tickets per the retention periods above.

7.5  Consent Records: Retained indefinitely as legally required
     proof of agreement acceptance.

7.6  Server Logs: Retained for 90 days for security and
     debugging purposes.

8. YOUR RIGHTS

You have the right to:
  a) Access: Request a copy of the personal data we hold about you
  b) Correction: Request correction of inaccurate data
  c) Deletion: Request deletion of your data (subject to legal
     retention requirements and open ticket constraints)
  d) Portability: Request your data in a structured, common format
  e) Objection: Object to processing of your data in certain
     circumstances
  f) Withdraw Consent: Withdraw consent for optional data
     processing (e.g., notification preferences) at any time

To exercise these rights, contact us at [email protected] or
submit a ticket with category "Data / Privacy".

9. CHILDREN'S PRIVACY

The Service is not intended for children under 13 years of age.
We do not knowingly collect personal information from children
under 13. If we learn that we have collected information from
a child under 13, we will delete it promptly.

10. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Changes
will be posted to the Service with an updated "Last Updated"
date. Your continued use of the Service after changes
constitutes acceptance of the updated policy.

For material changes, we will notify you through the Service
or by email before the changes take effect.

11. INTERNATIONAL USERS

The Service is operated from the United States. If you access
the Service from outside the US, you understand that your
information will be transferred to and processed in the
United States, which may have different data protection laws
than your jurisdiction.

12. CONTACT US

For privacy-related questions or concerns:
  Email: [email protected]
  Web:   https://support.bened.works

For data-related requests, you can also submit a ticket at
support.bened.works with category "Data / Privacy".

──────────────────────────────────────────────────────────────
© 2026 BENED LLC. All rights reserved.