Last updated: 3 December 2025
Bandos Ideate is both a marketing site and a web application where teams do real work. Our privacy approach covers both.
When you visit our website or use the Bandos Ideate web application (the "Service"), we act as the data controller for your account and website usage. When you use Bandos to process information about your own customers and users inside workshops, we generally act as a data processor on your behalf. For that processing, we only handle data according to your instructions, and this relationship is described in our Data Processing Agreement.
You can always reach us about privacy questions or requests at privacy@bandos.ai.
In addition to basic website analytics and early access forms, the app itself stores more detailed information so the product can work.
We collect and store:
Name, email address, login details or single sign on identifier, and which workspaces you belong to.
Workspace name, company name, billing contact, team members and their roles.
Everything you enter into mind maps and workshops, including customer or persona descriptions, goals, needs, frustrations, ideas, comments and tags. This is your core product data.
Events such as when workshops are created or updated, which features are used, and general interaction patterns. This helps us keep the service stable and improve the product.
If you subscribe to Bandos on a paid plan, payment information is handled through Stripe and is described in more detail in our separate terms.
We keep account and workshop data for as long as your workspace is active. If a workspace is closed or you delete content, we remove or anonymise the data after a reasonable retention period for backups and legal requirements. Analytics and product usage data is kept for a limited time and then aggregated or deleted.
Bandos Ideate uses large language models to generate suggestions and structure ideas. To do this, we send parts of your workshop content to our AI providers.
Examples of what can be sent:
We use this only to:
We configure AI vendors so that your data is not used to train their public models. In this context we act as a processor for your workshop content, and our AI vendors act as sub processors. They only process your data to deliver the features described above.
To run the service, we rely on a small set of trusted providers, for example:
These providers process data on our behalf and under contract. We only share what is necessary for each purpose, and we have data processing agreements in place with them. We also publish an up to date list of sub processors so you can see who is involved.
If data is transferred outside the European Economic Area, we use appropriate safeguards such as standard contractual clauses. Where possible we use EU based hosting options, including for analytics.
We do not automatically send your workshop content to Figma. When you copy a generated prompt from Bandos into Figma Make, that content is handled under Figma's own privacy policy.
We protect your information with technical and organisational measures such as:
Under GDPR and similar laws you have rights to access, correct, delete, restrict and move your personal data, and to object to certain types of processing. You also have the right to complain to your local data protection authority, for example Datatilsynet in Norway.
If you want to exercise any of these rights or have questions about how we handle data in Bandos Ideate, contact us at privacy@bandos.ai, and we will respond as required by law.
Bandos
Bergen, Norway
privacy@bandos.ai