Our data processing agreement under Article 28 of the GDPR, covering our role as data processor when you use Bantico.
Last updated September 22, 2025
Bantico takes data protection seriously. This Data Processing Agreement explains our responsibilities as your data processor and your responsibilities as the data controller when you use our service.
Our product infrastructure runs on Google Cloud. We aim to process data with strong technical and organizational safeguards and in a way that supports modern privacy expectations.
This DPA forms part of our agreement with you when you use Bantico.
We process visitor, source, content, and conversion-related data from your websites and connected workflows so we can provide analytics, attribution, and growth insights inside Bantico.
This agreement remains active as long as you use our service. When your use of Bantico ends, we will delete your data unless you ask us to return it first or we are legally required to retain some of it.
We process personal data only to provide you with Bantico’s features, including analytics, attribution, reporting, and related product functionality.
We do not use your data to sell it to third parties or to build unrelated advertising profiles. Your data is processed to operate the service you requested.
Depending on how you implement Bantico, we may process IP addresses used briefly for request handling or approximate geolocation, anonymous visitor identifiers or signatures, page and referrer information, browser or device metadata, and event data related to source, content, and conversion activity.
If you use identify-style features, custom events, or send other user attributes to Bantico, we may also process the personal data you choose to provide through those flows.
The categories of data subjects generally include your website visitors, leads, customers, users, and other individuals whose data you submit through the service.
We process personal data only on your documented instructions, as reflected in your use of Bantico and its settings, unless law requires otherwise.
People with access to personal data are subject to confidentiality obligations, and we maintain access controls and internal safeguards designed to limit access to what is necessary.
We maintain reasonable technical and organizational measures to help protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.
As the data controller, you are responsible for determining whether you have a valid legal basis for collecting and processing personal data through Bantico.
You are also responsible for providing appropriate privacy notices to your users and visitors, and for obtaining consent where required by applicable law.
When data subjects exercise their rights with you, you remain responsible for handling those requests. We will assist where required and where the request relates to data we process on your behalf.
We use security measures appropriate to the nature of the data and the service, which may include encryption in transit, access controls, logging, rate limiting, service hardening, and security reviews.
Bantico infrastructure is built on Google Cloud, including Firebase-backed functionality where relevant to the product.
Some account, billing, communications, or support-related data may be processed by carefully selected service providers that support operation of the platform.
We work with a limited number of subprocessors and infrastructure providers to operate Bantico. These may include Google Cloud, Stripe, Resend, and Mapbox, depending on the feature being used.
More detail about our service providers is available in our data policy.
If we become aware of a personal data breach affecting data we process on your behalf, we will notify you without undue delay and provide information reasonably necessary for you to understand the issue and meet your own legal obligations.
We will also take reasonable steps to contain, investigate, and remediate the issue.
When your account, workspace, or project is deleted, we will delete or return the personal data we processed on your behalf unless applicable law requires retention.
Some data may remain in backups for a limited period, but it will not remain available for ordinary product use.
Where required by applicable law, we will provide reasonable information necessary to demonstrate compliance with this DPA and support reasonable audit or assessment requests, subject to appropriate confidentiality and security safeguards.
Each party is responsible for its own compliance with applicable data protection law and for the consequences of its own failures to comply with those obligations.
Liability related to the service remains subject to the broader agreement between you and Bantico, including any applicable terms of service, unless mandatory law says otherwise.
This DPA forms part of our agreement with you. If you have questions about this Data Processing Agreement, contact us at privacy@bantico.com.
