BenchKey — Privacy Policy
Effective date: July 4, 2026
Version: 2026-07-04
This Privacy Policy explains how MDrepairs, LLC, a New Jersey limited liability company doing business as BenchKey ("BenchKey," "we," "us"), collects, uses, and shares personal information in connection with the BenchKey repair‑shop management platform at app.benchkey.com and related services (the "Service"). It also describes your privacy rights and how to exercise them.
1. The two roles BenchKey plays (please read first)
BenchKey handles two different kinds of personal information, and our role — and this Policy — differ for each:
- Account information — we are the "controller." When you (a repair shop or business) sign up for and use the Service, we collect information about you and your Authorized Users (for example, name, email, and billing details). This Privacy Policy describes how we handle that information.
- Your End Customers' information — we are the "processor / service provider." When you use the Service to manage your business, you submit information about your customers (for example, their names, contact details, devices, and repair history). You control that information; we process it on your behalf under your instructions. Our handling of that data is governed by our Data Processing Addendum (DPA), and your own privacy notice — not this Policy — governs your relationship with your End Customers. If you are an End Customer of a shop that uses BenchKey and have a privacy request, please contact that shop directly.
The rest of this Policy is primarily about the account information we control, except where it says otherwise.
2. Information we collect
2.1 Information you provide.
- Account and profile: business name, your name, email, phone, and login credentials (authentication is handled through our identity provider).
- Billing: billing contact and, through our payment processor, payment‑method details. We do not store full card numbers on our own servers; our payment processors handle card data.
- Support and communications: messages you send us, support tickets, and feedback.
2.2 Information we collect automatically.
- Usage and device data: log data, IP address, browser and device type, pages and features used, and timestamps, collected to operate, secure, and improve the Service.
- Cookies and similar technologies: used for authentication, preferences, security, and analytics (see Section 6).
2.3 Customer Data. The information about your End Customers that you submit to the Service is Customer Data, which we process as your service provider (Section 1). We do not use Customer Data for our own purposes except to provide, secure, and support the Service, as described in the DPA. We do not use Customer Data to train AI models (see the Terms of Service, "AI features").
3. How we use information
We use the account information we control to:
- provide, maintain, and secure the Service and authenticate access;
- process payments, manage subscriptions, and send billing and transactional messages;
- provide customer support and respond to your requests;
- monitor, troubleshoot, and improve the Service, including product analytics;
- detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms;
- send service and, where permitted, marketing communications (you can opt out of marketing); and
- comply with legal obligations and enforce our agreements.
Legal bases (where GDPR/UK GDPR applies). We rely on: performance of a contract (to provide the Service you request); our legitimate interests (to secure, improve, and market the Service, balanced against your rights); your consent (where required, e.g., certain cookies or marketing); and compliance with legal obligations.
4. How we share information
We do not sell your personal information. We share information only as follows:
- Service providers / subprocessors who help us operate the Service (for example, cloud hosting, authentication, payment processing, communications, shipping, and analytics), under contracts that require them to protect the information. Our current subprocessors are listed at app.benchkey.com/legal/subprocessors.
- Payment processors to process your subscription payments.
- Professional advisors and authorities where required by law, legal process, or to protect rights, safety, and the integrity of the Service.
- Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
- With your direction — for example, when you connect a Third‑Party Service or integration.
5. Do we "sell" or "share" personal information? (U.S. state laws)
We do not sell your personal information, and we do not "share" it for cross‑context behavioral advertising, as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA) and similar U.S. state privacy laws. We have not sold or shared personal information in the preceding 12 months. Where required by law, we honor opt‑out preference signals such as the Global Privacy Control (GPC).
6. Cookies and analytics
We use strictly necessary cookies for authentication and security, and, where permitted, functional and analytics cookies to understand and improve usage. We do not use third‑party advertising cookies. You can control cookies through your browser settings; disabling some cookies may affect functionality (in particular, you cannot stay signed in without the authentication cookies).
7. Data retention
We retain account information for as long as your Account is active and as needed to provide the Service, then for the period necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Customer Data is retained and deleted as described in the Terms and the DPA (including the 30‑day post‑termination export window). Residual copies may persist in routine backups for a limited period before being overwritten.
8. How we protect information
We maintain administrative, technical, and organizational measures designed to protect personal information appropriate to the risk, including encryption in transit, access controls, tenant isolation, and logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. A summary of our security measures is in the DPA, Annex C.
9. International data transfers
We are based in the United States and process information in the United States, including through the U.S.-based subprocessors listed on our Subprocessors page. If you access the Service from outside the United States, you understand your information may be transferred to and processed in the United States. Where we transfer personal data subject to GDPR/UK GDPR out of the EEA/UK, we use an appropriate transfer mechanism, such as the European Commission's Standard Contractual Clauses (see the DPA).
10. Your privacy rights
Depending on where you live, you may have some or all of the following rights regarding personal information we control about you:
- Access / know the personal information we hold and how we use it;
- Correct / rectify inaccurate information;
- Delete your information;
- Portability — receive a copy in a portable format;
- Object to or restrict certain processing;
- Opt out of marketing at any time;
- Withdraw consent where processing is based on consent; and
- Not be discriminated against for exercising your rights.
To exercise these rights for information we control, contact us at support@benchkey.com. We will verify your request (for example, by confirming control of your Account email) and respond within the time required by law. If we decline a request, you may appeal by replying to our decision at the same address. If you are in the EEA/UK, you may also lodge a complaint with your supervisory authority.
For information we process on behalf of a shop (Customer Data): please direct your request to the shop (the controller). If we receive such a request directly, we will refer you to the relevant shop or, where required, assist them in responding.
11. Children's privacy
The Service is a business tool for users 18 and older and is not directed to children. We do not knowingly collect personal information from anyone under 18 as an account holder. If you believe a child has provided us personal information, contact us at support@benchkey.com and we will delete it.
12. Third‑party links and services
The Service may link to or integrate with third‑party websites and services that we do not control. Their privacy practices are governed by their own policies. We are not responsible for them.
13. Changes to this Policy
We may update this Policy. If we make material changes, we will notify you (for example, by email or in‑app) and update the "Effective date" and "Version" above; where appropriate we will ask you to re‑accept. Your continued use of the Service after the effective date means you accept the updated Policy.
14. Contact us
MDrepairs, LLC (d/b/a BenchKey)
Privacy inquiries: support@benchkey.com
Mailing address: 644 Newman Springs Road, Suite A, Lincroft, NJ 07738