Privacy Policy

1. Data We Collect

Account Data (via Keycloak SSO)

When you create a BENED account through our identity provider at auth.bened.works, we store:

• Profile information: Email address, name, username/handle
• Authentication credentials: Encrypted passwords (never stored in plain text)
• Unique identifier: A UUID that identifies your account across all BENED platforms
• Session data: Authentication tokens and active sessions
• Roles: Platform permissions (member, founding_member, admin)

Platform Data

When you use BENED platforms, we may collect:

• User profiles: Display name, bio, and badge information
• Comments & posts: Content you submit to discussion areas (e.g., Building page, Research Archive)
• Donation records: Transaction amounts, subscription status, billing dates
• Email subscription: Email address, confirmation status, signup source
• IP addresses: For rate limiting and abuse prevention (not used for tracking)

Payment Data (via Stripe)

When you make a donation, Stripe processes your payment. We never see or store your full card number. We receive:

• Stripe customer ID and subscription ID
• Payment amounts, status, and timestamps
• Last 4 digits of your card (for display purposes only)

Identity Verification (optional)

Some BENED platforms may request identity verification through Stripe Identity. This is always optional and only used when required by the specific platform (e.g., marketplace transactions). Verification data is held by Stripe, not BENED.

2. How We Use Your Data

• Authentication: Providing secure login and single sign-on across BENED platforms
• Service delivery: Displaying your profile, processing donations, managing subscriptions
• Communication: Sending subscription confirmation emails, transactional notices, and newsletter updates (with your consent)
• Security: Rate limiting, abuse prevention, webhook verification
• Transparency: Aggregated, anonymized financial data for our public transparency dashboard

We do not use your data for advertising, behavioral profiling, or sale to third parties.

3. Third-Party Services

Keycloak (auth.bened.works)

Our self-hosted identity provider using OAuth2/OpenID Connect. Runs on our own infrastructure — your authentication data never leaves our servers (except encrypted session tokens sent to your browser).

Stripe

Payment processing and subscription management. Stripe handles all card data in their PCI-compliant environment. Stripe Privacy Policy

Cloudflare

DNS, CDN, and DDoS protection. Cloudflare may process request metadata (IP addresses, headers) to protect our infrastructure. Cloudflare Privacy Policy

Backblaze B2

Cloud storage for document images and media assets. Files are stored encrypted at rest. No personal data is stored in B2 — only platform content.

4. Cookies & Local Storage

• Session cookie: Required for authentication. HttpOnly, Secure, SameSite=Lax. Expires when you close your browser or after inactivity
• CSRF token: Security cookie to prevent cross-site request forgery
• Stripe cookies: Set by Stripe.js for payment fraud prevention
• Cookie consent: A cookie to remember your consent preference

We do not use tracking cookies, analytics cookies, or advertising pixels.

5. Data Sharing

We share your data only when necessary:

• Cross-platform SSO: Your user ID, name, and email are shared between BENED platforms (TradeCraft, Trailers, etc.) to enable single sign-on
• Payment processing: Donation/payment data shared with Stripe
• Infrastructure protection: Request metadata processed by Cloudflare
• Legal requirements: If required by law, court order, or government request

We never sell your data. We never share it with advertisers.

6. Data Retention

• Account data: Retained while your account is active. Deleted upon request (subject to legal retention requirements)
• Financial records: Retained for 7 years for tax and compliance purposes
• Comments & posts: Retained until deleted by you or removed by moderation
• Email subscriptions: Retained until you unsubscribe. Unsubscribed records kept for 30 days to prevent re-subscription spam, then deleted
• Server logs: Rotated and deleted after 90 days

7. Your Rights

You have the right to:

• Access: View your profile data and subscription history
• Update: Change your profile information through account settings
• Delete: Request complete deletion of your account and associated data
• Unsubscribe: Cancel email subscriptions at any time via the unsubscribe link
• Cancel donations: Manage or cancel recurring donations through the supporter portal
• Export: Request a copy of your data

To exercise these rights, contact us at [email protected] or through the contact page.

8. Security Measures

• Encryption: All connections use TLS/SSL. Passwords are hashed, never stored in plain text
• Authentication: OAuth2/OIDC via Keycloak with PKCE challenge for additional security
• Session hardening: HttpOnly, Secure, SameSite cookies with strict session management
• Payment security: PCI compliance handled entirely by Stripe — we never touch card data
• Infrastructure: Cloudflare DDoS protection, rate limiting, security headers (CSP, X-Frame-Options, etc.)
• Access control: Role-based access, admin actions logged

9. Children's Privacy

BENED platforms are intended for users 18 years of age or older. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

10. International Users

BENED is operated from the United States. If you access our services from outside the US, your data may be transferred to and processed in the United States. By using BENED, you consent to this transfer. We comply with applicable data protection regulations including GDPR for EU users.

11. Contact

For privacy inquiries, data requests, or security concerns:

• Email: [email protected]
• Web: bened.works/contact