Bench BENCH

Privacy Policy

Last updated: 8 May 2026

This Privacy Policy explains what personal data we collect when you use Bench, why we collect it, who we share it with, and what your rights are under UK data-protection law.

1. Who controls your data

Letsbenchit Ltd is the controller of personal data processed in connection with Bench. We are a company registered in England and Wales (company number 17188296), with our registered office at 66 Paul Street, London, EC2A 4NA, United Kingdom.

For any privacy-related question, complaint, or rights request, contact hello@letsbenchit.com.

2. What we collect and why

When you sign up for a trial or account

  • Email address — to create your account, sign you in, and contact you about the service.
  • Display name — to identify you in the app.
  • Workshop name, country, phone, and role (where provided) — to understand who is using Bench and to help us approve trial requests responsibly.

Legal basis: performance of a contract (providing you with access to Bench), and our legitimate interest in operating a sustainable service and preventing abuse.

When you subscribe to a paid plan

  • Payment details — handled directly by Stripe. We do not see or store your full card details. We do store the Stripe customer and subscription identifiers, plus your subscription status.

Legal basis: performance of a contract.

When you use Smart Diagnose

  • Photographs of scan-tool screens, fault-code text, measuring values, and vehicle context you enter — sent to our AI processor (Anthropic) for real-time analysis.
  • Run count — the number of Smart Diagnose runs you have used, so we can apply your plan's usage cap.

We do not retain the photographs or text you submit to Smart Diagnose after the response is returned. They are processed transiently and then discarded. We do not log the content of your inputs or the AI's responses — only operational metadata such as the run count and any error codes.

Legal basis: performance of a contract (providing the Smart Diagnose feature you've requested).

When you use the service generally

  • Authentication and session data — to keep you signed in and to protect your account.
  • Operational logs — server logs from our hosting and database providers may include IP address, request timestamps, and error information. These are retained by our providers for up to 30 days for security and debugging purposes.

Legal basis: our legitimate interest in operating, securing, and debugging the service.

When you contact us

  • Your email address and the contents of your message — to respond to your enquiry.

Legal basis: our legitimate interest in responding to people who contact us.

3. What we don't collect

Bench does not use Google Analytics, Facebook Pixel, or any third-party advertising or tracking service. We do not run analytics scripts on our website or app. We do not build profiles of users for advertising purposes, and we do not sell personal data.

4. Cookies

We use a small number of strictly necessary cookies:

  • Authentication cookies set by our authentication provider (Supabase) so you stay signed in.
  • Stripe checkout cookies set during payment to protect against fraud and complete your transaction.

We do not use any cookies for analytics, advertising, or behavioural profiling. Because all the cookies we set are strictly necessary for the service to work, we do not show a cookie-consent banner — UK PECR rules do not require consent for strictly necessary cookies.

5. Who we share your data with

We share personal data only with the service providers we use to operate Bench. We do not sell or rent your data to anyone.

Our sub-processors are:

  • Supabase — hosts our database and handles authentication. Data is stored in the EU (Ireland, eu-west-1).
  • Vercel — hosts our website and application. Vercel is a US company with a global edge network.
  • Stripe — processes subscription payments. Stripe is a US-headquartered company that processes EU customer data through Stripe Payments Europe Limited (Ireland).
  • Anthropic — provides the AI model that powers Smart Diagnose. Anthropic is a US company. Anthropic processes Smart Diagnose inputs under their commercial API terms and does not use them to train models.
  • Resend — sends transactional emails (account verification, password resets, billing notices). Resend is a US company.
  • Microsoft 365 — hosts our company email at letsbenchit.com.
  • GoDaddy — registers our domain and provides DNS.

6. International transfers

Some of our sub-processors are based in the United States. When personal data is transferred to a country outside the UK, we rely on safeguards approved under UK data-protection law — typically the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision.

All of our sub-processors that handle personal data have committed to appropriate data-protection safeguards in their service agreements.

7. How long we keep your data

  • Account data — for as long as your account is active, plus a reasonable period after closure to handle disputes, tax, and accounting requirements (typically up to 7 years for billing records, as required by UK tax law).
  • Smart Diagnose inputs — not retained. Discarded as soon as the AI response is returned.
  • Operational logs — retained by our hosting providers for up to 30 days.
  • Email correspondence — kept for as long as needed to handle the matter you contacted us about, then archived or deleted.

8. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Correct data that is inaccurate or incomplete.
  • Delete your data, where we no longer have a lawful reason to keep it.
  • Restrict how we process your data in certain circumstances.
  • Object to processing based on legitimate interests.
  • Receive a copy of your data in a portable format.
  • Withdraw consent where we are relying on consent (although Bench mainly relies on contract and legitimate interest).

To exercise any of these rights, email hello@letsbenchit.com. We will respond within one month.

9. Complaints

If you believe we have mishandled your personal data, please contact us first so we have a chance to put it right. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

10. Security

We protect personal data through encrypted connections (HTTPS), encrypted-at-rest storage at our database provider, scoped access controls, and the use of reputable sub-processors who maintain industry-standard security practices.

No system is perfectly secure. If we learn of a security incident that affects your data, we will tell you and the ICO within the timescales required by law.

11. Children

Bench is intended for use by professional vehicle technicians and is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us personal data, contact us and we will remove it.

12. Changes to this Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of the page, and where the changes are material we will tell you by email or through the app.

See also our Terms of Service.