Skip to content

Privacy policy

What Bantle does with your data, in plain language.

Last updated 14 May 2026. Effective 14 May 2026.

In short

Bantle is a household-coordination app for splitting family-plan subscriptions. We collect the minimum data needed to verify you, run the app, and protect each household's information. If you choose identity verification, your selfie is stored privately, reviewed manually by our team, and never shown on your public profile. We do not collect phone numbers. We do not sell your data to anybody, ever. We do not handle payments, so we don't hold any financial information about you. The rest of this page is the long, careful version of that.

1. Who we are

Bantle is operated by Syed Ejaz Ahammed(“Bantle”, “we”, “our”, “us”), an individual based in India. For privacy questions you can reach us at privacy@bantle.in or support@bantle.in.

2. Data we collect

Identity data

  • Email address (required for sign-up and the main way we verify you).
  • Optional: display name, short bio, profile photo (avatar).

Auth data

  • Google OAuth profile (only if you choose to link Google sign-in).
  • Email verification records, retained briefly for fraud prevention and audit.

Profile data

  • Subscription plans you host or are invited to as a household member.
  • Approximate city-level location (never precise GPS).
  • Ratings you receive and give, with associated plan IDs.

Identity verification data

  • A selfie image you submit when you request identity verification. It is uploaded to private verification storage, reviewed manually by our team through short-lived, access-controlled links, and is never shown on your public profile or used for marketing.
  • Your verification status (for example: not submitted, in review, approved, rejected, or re-verification required) and, if a request is rejected, the review message we show you.
  • Bantle does not request GPS or device location for identity verification.
  • Identity verification is designed to support a clear privacy notice and your consent before you submit a selfie. We do not perform biometric matching, liveness detection, or facial recognition, and a reviewed badge is a signal — not a guarantee about any user.

Name-change request data

  • When you request a display-name change, we store the requested name, the request status, and when it was submitted so the request can be reviewed.
  • An approved display-name change may require you to verify your identity again.

Communication data

  • Messages you send inside Bantle's chat.
  • Plan invites, member confirmations, monthly settlement records.
  • Reports you file about other users, and reports filed about you.

Device data

  • Push notification tokens, refreshed regularly.
  • Device model, OS version, app version, used for crash and compatibility diagnostics.

Usage data

  • Which screens you visit and when, collected anonymously through PostHog. We do not link this to your identity inside the analytics tool. You can turn this off any time from Settings → Privacy & Safety → Usage analytics.
  • Crash and error events captured via Bugsnag for stability diagnostics. These never contain message content.

Data we do not collect

  • Phone numbers. Bantle does not use SMS for verification or as an identifier.
  • Payment information of any kind. Bantle does not process payments.
  • Precise GPS or background location.
  • Your contacts list, SMS messages or call logs.
  • Browsing history outside the Bantle app.

3. How we use your data

  • To run the service: coordinating plans across household members, supporting chat and monthly settlement flows.
  • To verify identity through email confirmation.
  • To review identity verification and display-name change requests that you choose to submit, through manual admin review.
  • To send transactional emails like verification messages, password resets and plan updates.
  • To deliver in-app and push notifications.
  • To improve Bantle, in aggregate, through anonymised analytics and crash reporting.
  • To investigate reports, enforce our community guidelines and protect the integrity of the community.
  • To comply with applicable Indian law where required.

4. Third-party services we rely on

Bantle is built on a small number of carefully chosen vendors. None of them resell your data. Each operates under their own privacy policy, which you should read for completeness:

  • Supabase — authentication, primary database and file storage. Hosted in Asia Pacific regions where possible.
  • Resend — transactional email delivery (sign-up verifications, password resets, plan updates).
  • Firebase Cloud Messaging — push notification delivery to Android and iOS devices.
  • Google — optional Google sign-in for users who choose it.
  • Bugsnag — anonymised crash and error reporting from the mobile app. Stack traces only; no message content.
  • PostHog — anonymised in-app analytics (screen views and feature usage). We do not link analytics events to your identity.

5. How we share data

We do not sell your data. Full stop. Beyond that, sharing happens in three narrow situations:

  • With members of plans you join. Your name, avatar and public ratings are visible to the other members of any plan you host or join — that visibility is what makes household coordination work.
  • In data exports.When you download your data, the export may include the display names (not emails or other identifiers) of users you've interacted with — the same names already visible to you in the app at the time of those interactions. We do not include reports filed against you in your export, to protect the people who reported and to prevent retaliation.
  • With service providers above.Limited to the data each provider needs to operate their narrow function (e.g., Resend only sees the email address it's delivering a transactional message to).
  • With law enforcement. Only when we are compelled by a valid legal request narrowly scoped to a specific user or incident, and only to the extent required by Indian law.

6. Data retention

  • Active accounts. Your data is retained as long as your account is active.
  • Soft-deleted accounts. When you delete your account, we enter a 7-day grace window during which you can recover it. After that, identifying data is hard deleted.
  • Chat messages.Retained while either participant's account is active. When both accounts are deleted, messages are removed.
  • Anonymised analytics. Retained for up to 24 months and then purged.
  • Audit and compliance logs. Retained strictly as required by Indian law and our security obligations.

7. Your rights under the DPDP Act 2023

India's Digital Personal Data Protection Act 2023 gives you certain rights over the personal data we hold about you. Specifically, you have:

  • The right to access the personal data we have about you. You can download a JSON export of your data anytime from Settings → Your data → Download my data (one export per 24 hours).
  • The right to correct inaccurate personal data.
  • The right to delete your account and personal data using in-app deletion, subject to the soft-delete grace window above.
  • The right to nominate someone to exercise your rights in the event of your death or incapacity.
  • The right to grievance redressal.

Our grievance officer is Syed Ejaz Ahammed, reachable at grievance@bantle.in. We acknowledge grievances within 7 days and respond fully within 30 days.

8. Children's privacy

Bantle is for adults only — you must be 18 or older to use it. We capture this confirmation at signup as an attestation in your profile. We do not knowingly collect personal data from anyone under 18. If we discover that an account belongs to a minor, we delete its data and disable the account. If you believe a minor has created an account, write to privacy@bantle.in.

9. Security

  • Data is encrypted in transit (TLS) and at rest.
  • Identity verification selfies are kept in private storage, are not publicly accessible, and are reviewed manually by our team through short-lived, access-controlled links.
  • Sensitive actions require email re-verification.
  • We review our access controls and dependencies periodically.
  • No system is 100% secure. If you become aware of a vulnerability, please report it responsibly to privacy@bantle.in.

10. International data transfers

Your data is processed primarily inside Asia Pacific regions. Some of the vendors listed above (notably Google, Resend) may process limited data in other regions. Such transfers are governed by each vendor's own privacy policy and applicable cross-border data transfer obligations.

11. Changes to this policy

We may update this policy from time to time. If we make a material change, we will notify you in-app the next time you open Bantle. Continued use of the app after a notice period implies acceptance of the updated policy.

12. How to reach us

For privacy questions, write to privacy@bantle.in. For grievance redressal, write to grievance@bantle.in. For postal contact: Bengaluru, Karnataka, India.