Operated by REPLUG GmbH

Last Updated: 27.02.2026

1. Data Controller

REPLUG GmbH

Oranienburger str. 23, 10178, Berlin

Germany

Email: privacy@bento-rewards.com

2. Categories of Personal Data

We may process:

Account Data

  • Email address
  • Username
  • Country
  • Date of birth

Technical Data

  • IP address
  • Device identifiers
  • Device model and OS
  • App usage data
  • Timestamp data
  • Attribution identifiers

Campaign and Reward Data

  • Completed offers
  • Earned Coins
  • Redemption history
  • Payment method identifiers (e.g., PayPal email)

Verification Data (if required)

  • Identity documentation
  • Selfie images
  • Fraud risk indicators

3. Purposes of Processing

We process personal data to:

  • Provide and operate the Platform;
  • Validate campaign completion;
  • Prevent fraud and abuse;
  • Process reward redemptions;
  • Comply with legal obligations;
  • Improve platform functionality and security.

4. Legal Basis (GDPR)

Processing is based on:

  • Art. 6(1)(b) GDPR – Performance of contract;
  • Art. 6(1)(c) GDPR – Legal obligations;
  • Art. 6(1)(f) GDPR – Legitimate interest (fraud prevention, system security);
  • Art. 6(1)(a) GDPR – Consent (where required, e.g., analytics or marketing).

5. Data Sharing

We may share data with:

  • Campaign and offer providers;
  • Swaarm GmbH (attribution and infrastructure);
  • Google Firebase / Google Cloud;
  • Mobile Measurement Platform (such as, but not limited to, Adjust, AppsFlyer, Singular, etc.);
  • Tremendous, Inc. (reward fulfillment);
  • Fraud prevention providers;
  • Hosting and technical service providers;
  • Authorities where legally required.

Third parties may act as processors or independent controllers depending on context.

6. International Transfers

Data may be transferred outside the European Economic Area.

Where required, transfers rely on:

  • EU Standard Contractual Clauses;
  • Adequacy decisions;
  • Additional safeguards.

7. Data Retention

We retain personal data:

  • For as long as the account remains active;
  • As necessary for fraud prevention (up to 3 years);
  • As required by legal retention obligations.

Inactive accounts may be deleted after extended inactivity.

8. User Rights

Users have the right to:

  • Access personal data;
  • Rectify inaccurate data;
  • Request erasure;
  • Restrict processing;
  • Request data portability;
  • Object to processing;
  • Withdraw consent where applicable.

Requests may be sent to privacy@bento-rewards.com.

Users may lodge a complaint with a supervisory authority. In case users want to erase their personal data, they can also fill in this form.

9. Security

We implement appropriate technical and organizational measures to protect personal data.

However, no system can guarantee absolute security.

10. Children

The Platform is not directed to individuals under 18.

We do not knowingly collect data from minors.