Privacy Policy

Last updated: February 2026

1. Information We Collect

We collect the following types of information when you use Bandit:

  • Account information — your name, email address, and company details provided during registration
  • Usage data — experiments you create, events tracked, assignment records, and platform interactions
  • Technical data — IP addresses, browser type and version, device type, operating system, and referral URLs

2. How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain the Bandit platform
  • Run experiments and deliver optimized treatment assignments
  • Send important service updates, security alerts, and support messages
  • Analyze platform usage and performance to improve our service
  • Detect, prevent, and address technical issues and abuse

3. Data Storage & Security

We take the security of your data seriously. Our measures include:

  • Data stored in encrypted databases with access controls
  • All data transmitted over HTTPS with TLS encryption
  • Access restricted to authorized personnel on a need-to-know basis
  • Regular security audits and vulnerability assessments
  • Automated backups and disaster recovery procedures

4. Third-Party Services

We use the following third-party services:

  • Google OAuth — for secure authentication and single sign-on
  • Analytics providers — for aggregated usage metrics and service improvement

We do not sell, rent, or share your personal information with third parties for their marketing purposes. Third-party services are bound by their own privacy policies and our data processing agreements.

5. Cookies

We use essential cookies for authentication and session management. These cookies are strictly necessary for the platform to function and cannot be disabled. We do not use advertising or tracking cookies. No third-party advertising cookies are placed on your device through our service.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your personal data
  • Export your data in a portable format
  • Opt out of non-essential communications
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at privacy@runbandit.com.

7. Data Retention

We retain your data according to the following guidelines:

  • Account data is retained while your account remains active
  • Event and experiment data is retained per your plan terms
  • Deleted data is permanently purged within 30 days
  • Anonymized, aggregated data may be retained indefinitely for analytics

8. Children's Privacy

Bandit is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly.

9. International Data

Your data may be processed and stored in the United States or other countries where our service providers operate. By using Bandit, you consent to the transfer of your data to these locations. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

10. Changes to Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or through a prominent notice on the Bandit dashboard. Your continued use of the service after changes are posted constitutes acceptance of the revised policy.

11. Contact

For privacy-related questions or concerns, contact us at privacy@runbandit.com. You can also review our Terms of Service for additional information about using the Bandit platform.