Privacy Policy

Effective Date: December 1, 2025

Last Updated: December 1, 2025

Bandle respects your privacy. We believe your content should remain yours, and any data we collect is solely to improve your experience - never for resale or tracking.

1. Introduction

Welcome to Bandle (“we”, “us”, “our”).
Bandle helps users save, organize, and manage links, AI-generated summaries, notes, and related content.
We are committed to protecting your privacy and handling your information responsibly.

This Privacy Policy describes how we collect, use, store, and share data when you use:

  • the Bandle web application (Bandleshare.com);

  • the Bandle Chrome Extension;

  • any related features and services.

Bandle is operated by an individual creator and is hosted in the United States.
We comply with applicable U.S. privacy laws, including CCPA/CPRA, CalOPPA, and FTC Act requirements.

If you do not agree with any part of this Policy, discontinue using Bandle.

2. Definitions

Personal Information — information that identifies or relates to an identifiable person.
Content — links, text, notes, AI summaries, and other data saved by the user.
AI Processing — automated generation or transformation of Content using OpenAI.
Service Providers — third parties processing data on our behalf.
Usage Data — technical logs collected automatically.

3. Information We Collect

We only collect the information necessary to operate Bandle safely and effectively.

3.1. Information You Provide

Account Information (Google OAuth)

When you sign in using Google, we receive:

  • your email address;

  • your Google Account ID.

We do not receive or store your Google password.

Content You Save

You may save:

  • URLs;

  • text;

  • notes;

  • AI summaries;

  • AI-generated titles and descriptions;

  • AI Student Notes;

  • other block metadata.

All saved content belongs to you.

3.2. Information Collected Automatically

We collect limited technical data for security and performance:

  • IP address;

  • browser type and version;

  • device and operating system;

  • access timestamps;

  • error logs;

  • performance logs.

We do not use this data for advertising or profiling.

Retention period for these logs is 30–90 days, depending on purpose.

3.3. Chrome Extension Data

The Bandle Chrome Extension may request permissions.

We MAY request (only with your consent):

  • access to the active tab;

  • access to browsing history (ONLY if you explicitly enable QuickSave).

We DO NOT:

  • collect full browsing history;

  • monitor pages in the background;

  • track users across websites;

  • scrape data without your action;

  • sell or share browsing data.

You may revoke permissions anytime in your browser settings.

3.4. Payment Information

Payments are processed through Lemon Squeezy, our Merchant of Record.
They process:

  • card details;

  • billing information;

  • tax/VAT data;

  • transaction metadata.

We do not store or access your payment card numbers.

Lemon Squeezy Privacy Policy: https://www.lemonsqueezy.com/privacy

3.5. Email Delivery (Mailgun)

We use Mailgun to send essential transactional emails, such as:

  • registration confirmation;

  • password reset emails;

  • security notifications.

Mailgun processes your email address solely for delivery.
Mailgun does not send marketing emails on our behalf.

Mailgun Privacy Policy: https://www.mailgun.com/privacy-policy/

3.6. AI Processing (OpenAI)

Bandle includes AI-powered features, such as:

  • AI summary of links;

  • AI Student Notes;

  • AI-generated block titles and descriptions;

  • automatic metadata generation.

How AI Works

  • AI processes only the Content you save or open.

  • You do not provide custom prompts; prompts are predefined internally.

  • We do not store prompts separately.

  • We only store the final AI output that you save.

  • AI outputs become part of your Content.

  • AI is never used for training or profiling.

  • AI does not access your browsing history or external data.

OpenAI acts as a subprocessor and does not train its models on API data.
Policy: https://openai.com/policies/api-data

4. How We Use Information

We use your data to:

  • operate and maintain Bandle;

  • authenticate accounts;

  • store and sync your Content;

  • provide AI-generated features;

  • process purchases;

  • deliver transactional emails;

  • prevent abuse and ensure security;

  • improve performance;

  • prepare for future analytics.

We DO NOT:

  • sell personal data;

  • rent personal data;

  • share data with advertisers;

  • run behavioral advertising;

  • analyze Content for marketing;

  • train AI models on your data;

  • track users across the web.

5. Future Analytics (Planned)

We may implement analytics tools (e.g., Google Analytics, Plausible).
If we do, we will update this Policy to describe:

  • the type of data collected;

  • anonymization methods;

  • user opt-out options.

Currently, we use no analytics tools.

6. Cookies

Bandle uses only essential cookies for:

  • login sessions;

  • authentication;

  • security.

We do not use advertising or tracking cookies.
Any future cookie usage will be disclosed here.

7. Service Providers (Subprocessors)

We work with the following service providers:

  • Amazon Web Services (AWS) — hosting the Bandle platform.

  • OpenAI — processing AI-generated features.

  • Mailgun — delivering transactional emails.

  • Lemon Squeezy — handling payments and billing.

We maintain and periodically update this list.

8. Internal Access Controls

We follow strict internal rules:

  • team members (founder, manager, designer) cannot access user content;

  • developers have limited access only for maintenance;

  • no one manually reviews or reads user content;

  • privileged actions are logged and monitored;

  • least-privilege principle is enforced;

  • manual inspection happens only upon explicit user request.

9. Data Retention

We retain:

  • account data – until account deletion;

  • user content – until you delete it or delete your account;

  • AI outputs – as part of your saved content;

  • logs – 30–90 days;

  • payment data – retained by Lemon Squeezy per legal requirements.

You may request deletion at any time.

10. Data Portability & Deletion Requests

You may request:

  • an export of your saved Content;

  • deletion of your account and data.

To make a request:
📧 support@bandleshare.com

Verification may be required.

11. Your Rights (California Residents)

California residents may:

  • request access to personal information;

  • request deletion;

  • request correction;

  • request categories of collected data;

  • opt out of “sharing” (we do not share);

  • request data portability;

  • restrict sensitive data use (we do not collect it);

  • exercise rights without discrimination.

To submit requests:
📧 support@bandleshare.com

12. Do Not Track (DNT)

We do not track users across third-party websites.
Because DNT signals are not standardized, we do not change behavior based on them.

13. Children’s Privacy

Bandle is not intended for children under 13.
We do not knowingly collect information from children under 13.

14. Data Security

We use industry-standard safeguards including:

  • TLS encryption;

  • AWS infrastructure protections;

  • role-based access control;

  • isolated production environments;

  • rate limiting;

  • audit logging;

  • secure secret management.

No system is perfectly secure, but we take strong measures to protect your data.

15. International Transfers

Your data is stored and processed in the United States.
Our service providers may operate in other regions with adequate safeguards.

16. Changes to This Policy

We will notify users of material changes (email or in-app notice) at least 7 days before they take effect.

17. Governing Law

This Policy is governed by the laws of the State of Delaware, USA, regardless of your location.

18. Contact Us

For any privacy questions or requests:
📧 support@bandleshare.com
or https://t.me/bandle_support