Privacy Policy
Last updated: 20 June 2026
BeNexo is a personal assistant for nurturing your relationships. For it to work across your devices and offer useful suggestions, we handle your data with the greatest possible care. This page explains what data we process, why, with whom, and what control you have over it.
1. Data controller
The controller of your data is the BeNexo team. You can request the controller's full identity by writing to us. For any privacy question or to exercise your rights, contact us at hola@benexo.app.
2. What data we process
- Account data: your phone number (to identify you and sign you in) and, optionally, your name.
- Content you create: the contacts you add and the information you record about them (notes, moments, next steps, dates, links, attachments such as photos or documents). Some of this information may relate to third parties (see point 4).
- Technical data: device identifiers needed for syncing and minimal security records (e.g. the account-deletion date in our audit log).
3. Why we process your data and legal basis
- To provide the service (storing your information, syncing it across your devices and the web version, generating reminders and suggestions): legal basis is the performance of our contract with you.
- Artificial-intelligence features (suggestions generated with cloud AI): only activate when you use them, based on your consent. See point 7.
- Security and abuse prevention: legal basis is our legitimate interest in protecting the service.
- Communications you request (e.g. joining the waitlist from the website): legal basis is your consent.
4. Third-party data (your contacts)
When you store information about other people, you act as the controller of that data within your personal activity. BeNexo processes it on your behalf, solely to provide you the service, and never uses it for its own marketing purposes nor makes it available to third parties beyond the processors listed below. You are responsible for handling your contacts' information respectfully and in accordance with applicable law.
We do not profile users or cross-link information between different accounts: what you record in your account is not used to enrich anyone else's, except for the content you explicitly choose to share.
5. Who we share data with
We do not sell your data. To run the service we rely on a small number of providers acting as processors, bound by confidentiality and security obligations:
- Railway: hosting and infrastructure provider; stores the service database.
- Supabase: sending the SMS verification code and storing attachment files.
- Google (Gemini): only if you enable cloud AI features, the text needed to generate the suggestion is sent to Google. See point 7.
- FormBold: on the website only, to manage the waitlist (your email address).
This list of providers may change; we will publish any updates on this page.
In addition, if you choose to share certain content with other people inside the app (shared contexts), that content will be visible to the people you choose, for as long as you keep sharing active.
6. International transfers
Some of the providers above may process data outside the European Economic Area. In those cases, transfers are covered by the safeguards provided for by law (e.g. the European Commission's standard contractual clauses).
7. Artificial intelligence
AI features are optional. When you use cloud AI, the necessary text (for example, the notes about the contact you're asking about) is sent to Google to generate the response; that content is not used to train general models. The app also offers the option to run AI on the device itself, so the content never leaves it.
8. Retention
We keep your data for as long as your account is active. If you delete your account, we erase your information from our systems (deletion cascades to associated content). Unreferenced files and technical records are purged periodically.
9. Security
We apply reasonable technical and organizational measures to protect your information, including encryption in transit (TLS) and encryption at rest of storage. No measure is infallible, but we work to minimize the risks.
Our infrastructure is hosted with providers holding recognized security certifications: Railway (SOC 2 Type II) and Supabase (SOC 2 Type II and ISO 27001).
So that the service can work (syncing, reminders and suggestions), we do not use end-to-end encryption: encryption at rest protects against theft of the physical media, but anyone who gained access to the running database could read the data. We work to make sure that never happens.
If a security breach affecting your personal data were to occur, we will notify you in accordance with applicable law.
10. Your rights
You can exercise your rights of access, rectification, erasure, portability, restriction and objection at any time:
- Access and portability: from the app you can export all your data in a file.
- Erasure: from the app you can delete your account and all your data.
- For any other right, write to us at hola@benexo.app.
If you reside in the EU, you also have the right to lodge a complaint with your supervisory authority (in Spain, the Spanish Data Protection Agency).
11. Minors
BeNexo is not directed to children under 14, and we do not knowingly collect their data. If you believe a minor has provided us with information, write to us at hola@benexo.app and we will delete it.
12. Changes to this policy
We may update this policy to reflect changes in the service or in the law. We will publish the current version on this page with its update date.
13. Contact
For any matter related to your data: hola@benexo.app.