Privacy Policy
The plain-English version. Bento is built so that your saves stay on your phone. We don't run accounts, we don't operate analytics on your content, and we don't have servers full of your screenshots. If you turn on iCloud sync, Apple — not us — handles it. This document is the formal, lawyer-friendly version of that promise.
1. Who we are
Bento ("Bento", "we", "us", "our") is operated as a personal software project. You can reach us at hello@usebento.io. References to "the app" mean the Bento iOS application; references to "the site" mean usebento.io.
2. What Bento is, in privacy terms
Bento is a local-first app. The data you save — links, screenshots, photos, voice memos, PDFs, recipes, notes, places, contacts, and so on — is stored in the app's container on your device. It is not transmitted to us. We do not have a copy.
3. Data Bento processes on your device
- Saved content. Anything you share into Bento or capture in the app — text, images, audio, files, links, structured items like recipes and locations.
- Derived metadata. Auto-extracted data such as titles, source URLs, image dimensions, audio duration, file size, MIME type, capture timestamp, and categorization tags Bento generates.
- OCR text. Bento uses Apple's on-device Vision framework to extract text from images so they're searchable. The extracted text is stored locally with the item.
- Search index. Built and maintained on-device.
- App preferences. Your appearance, density, layout, sort, notification, and lock/hide preferences.
None of the items above are transmitted to Bento. They sit in the iOS app sandbox.
4. Optional iCloud sync
If you enable iCloud sync (off by default), your Bento library is synchronized across your Apple devices using your iCloud account via Apple's CloudKit service. The sync runs through Apple's infrastructure, under your Apple ID, and is governed by Apple's Privacy Policy. Bento does not see, intercept, or copy the data that traverses iCloud. We have no ability to access your iCloud-stored Bento data.
5. Optional shared boxs
If you create a shared box with another person, the items in that shared box are synchronized to that person's Apple account through CloudKit. Same as personal sync: it goes through Apple's infrastructure, not ours. By inviting someone, you grant them access to the items you've placed in that specific shared box; they can save, react, and (depending on permissions) delete items there.
6. Permissions Bento may request
- Photos library — to import images you choose. We use the limited-access picker by default.
- Camera — to scan documents, take photos of recipes, or capture pictures.
- Microphone — to record voice memos when you tap the record control.
- Location — only when you explicitly save a location item or center the map view. Bento does not track you in the background.
- Face ID / Touch ID — to unlock locked or hidden compartments.
- Notifications — to alert you about reminders or shared-bento activity, only if you opt in.
- App Tracking Transparency (ATT) — Bento does not track you across apps or websites. We will only show the ATT prompt if it ever becomes necessary, and we will explain why.
7. Information the website (usebento.io) handles
The usebento.io website is a static site hosted by GitHub Pages. We do not set tracking cookies, run analytics scripts, or embed third-party social trackers. GitHub may log standard request information (IP address, user agent, timestamp) as part of its hosting service, governed by GitHub's privacy statement.
8. Email you send to us
If you email hello@usebento.io or another Bento address, your email is processed by our email provider so we can respond. We retain support correspondence for as long as needed to help you and to maintain reasonable records, and then delete it.
9. Subscriptions & payments
If you subscribe to Bento+, the transaction is handled entirely by Apple via the App Store. We never see your full payment details. Apple shares anonymized purchase confirmation with us so we can grant you the entitlement on your device.
10. Children
Bento is not directed at children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe a child has provided personal information through Bento or the site, contact us and we will take appropriate action.
11. Your rights
Because Bento stores your data on your device:
- Access & portability: open the app and you have it. You can export individual items or your full library from Settings → Export.
- Erasure: deleting items, emptying the trash, or uninstalling the app removes the data. There is nothing for us to delete on a server.
- Withdraw consent: you can revoke any iOS permission at any time in Settings → Bento.
- Complaints: if you are in the EU/UK, you may lodge a complaint with your local data protection authority.
12. International users
Bento is available globally. Because data stays on your device (and, if you opt in, in your iCloud), no cross-border data transfer is performed by Bento. iCloud transfers are governed by Apple.
13. Security
Items are protected by iOS sandboxing and full-device encryption. Locked compartments add Face ID / Touch ID gating. Hidden items are excluded from the inbox, search, and widgets. No security model is perfect — back up your device.
14. Changes to this policy
If we materially change this policy we will update the date above and, where appropriate, notify you in the app. Continued use of Bento after a change constitutes acceptance of the revised policy.
15. Contact
Questions, concerns, or data requests: privacy@usebento.io or hello@usebento.io.