โ† Back to home

Privacy Policy

Last updated: April 2026

This document is maintained in English as the canonical version.

Your privacy matters. This Privacy Policy explains how BenchSpy collects, uses, and protects your personal data when you use benchspy.com (the "Service").

1. Data controller

The data controller is Tecnologias Online Lda, a company registered in Portugal. Contact: andre@tecnologiasonline.pt.

2. What we collect

  • Account data: email, name (optional), hashed password.
  • Usage data: number of analyses run, URLs analysed, IP address, browser fingerprint (for anti-abuse), timestamps.
  • Payment data: handled entirely by Stripe โ€” we never see your card details. We only store a Stripe customer ID and subscription ID.
  • Content data: the URLs you analyse and the reports generated from them.

3. Legal basis (GDPR Art. 6)

  • Contract performance: account creation, running analyses, providing the paid features you subscribe to.
  • Legitimate interest: anti-abuse tracking (IP + fingerprint) to prevent quota bypass.
  • Consent: transactional emails you explicitly opt into by creating an account.
  • Legal obligation: keeping invoice records for tax purposes.

4. Data retention

We keep your data for as long as your account is active. If you delete your account we erase all personal data within 30 days, except for invoice records which we are legally required to retain for 7 years under Portuguese tax law.

5. Your GDPR rights

Under the EU General Data Protection Regulation you have the right to:

  • Access all personal data we hold about you.
  • Rectification of inaccurate or incomplete data.
  • Erasure (right to be forgotten).
  • Data portability โ€” receive your data in a machine-readable format.
  • Objection to processing based on legitimate interest.
  • Restriction of processing in certain cases.
  • Lodge a complaint with the Portuguese data protection authority (CNPD).

To exercise any of these rights, email andre@tecnologiasonline.pt. We respond within 30 days.

6. Cookies

BenchSpy uses session cookies strictly necessary for authentication. We do not use tracking cookies, analytics cookies, or third-party advertising cookies. No cookie consent banner is required because we don't use anything that would trigger one.

The only cookies set are:

  • next-auth.session-token โ€” your login session.
  • bs_sid โ€” anonymous quota tracking for non-logged-in users.
  • NEXT_LOCALE โ€” your language preference.

7. Third-party processors

We share minimal data with the following trusted sub-processors, all bound by contractual data protection agreements:

  • Stripe (payment processing) โ€” handles all card data directly. See the Stripe Privacy Policy.
  • Anthropic (AI processing) โ€” receives the scraped website data to produce the analysis report. Anthropic does not retain or train on this data. See the Anthropic Privacy Policy.
  • Google (PageSpeed Insights API) โ€” receives the URL being analysed to return performance scores. No personal data is sent.
  • Hetzner / OVH (server hosting) โ€” all BenchSpy infrastructure runs on EU-based servers.

8. Data transfers

All BenchSpy processing occurs within the European Union. When data is shared with sub-processors based outside the EU (Anthropic, Stripe), it is transferred under Standard Contractual Clauses and/or their EU-US Data Privacy Framework certification.

9. Security

Passwords are hashed with bcrypt. All connections use TLS 1.3 (HTTPS everywhere). Database access is restricted to the application process. We do not store card data ourselves.

10. Children

BenchSpy is not intended for users under 16. We do not knowingly collect data from children.

11. Changes

Material changes to this policy will be communicated via email and/or a prominent notice on the site.

12. Contact

For any privacy or data protection questions, email andre@tecnologiasonline.pt.