Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bowerlabs.ai/llms.txt

Use this file to discover all available pages before exploring further.

Effective date: 8 February 2026 | Last updated: April 2026 Benenota Pty Ltd (ABN 60 691 836 085) (“Bower”, “we”, “us”, or “our”) operates the Bower platform (app.bowerlabs.ai). This Privacy Policy explains how we collect, use, store, disclose, and protect personal information when you use Bower, visit our website, or otherwise interact with us.

1. Scope

This Privacy Policy applies to:
  • Visitors to the Bower website
  • Users of the Bower platform (including free, student, team, and enterprise plans)
  • Anyone who communicates with us (e.g. email, support, research interviews)
It does not apply to third-party websites or services linked from Bower.

2. Data controller

Benenota Pty Ltd 16 Bluejay Street, QLD 4220, Australia Email: privacy@bowerlabs.ai Data Protection Officer: David Lyon (privacy@bowerlabs.ai)

3. Information we collect

3.1 Information you provide

  • Name, email address, and affiliation (e.g. university or organisation)
  • Account credentials and profile information
  • Communications with us (support requests, feedback, surveys)
  • Payment and billing details (processed via third-party payment providers)

3.2 Research content and uploads

When you use Bower, you may upload or capture content such as:
  • Notes, images, audio recordings, transcriptions, and documents
  • Experimental observations, methods, and protocols
  • Metadata associated with your captures (timestamps, device type)
This content may contain personal information depending on how you use the platform. You retain ownership of your research content.

3.3 Automatically collected information

We automatically collect limited technical data, including:
  • Device and browser type
  • IP address (hashed in logs, stored in audit logs)
  • Usage data such as feature usage and session duration (only with analytics consent)
  • Cookies and similar technologies (see our Cookie Policy)

4. How we use your information

PurposeLegal Basis (GDPR Art. 6)Data Used
Provide, operate, and improve BowerContract performance (6(1)(b))Account data, workspace data
AI processing (transcription, OCR, chat, search)Contract performance (6(1)(b))Content submitted for processing
Authenticate users and manage accountsContract performance (6(1)(b))Email, credentials
Security, abuse prevention, and audit loggingLegitimate interest (6(1)(f))IP address, user agent, actions
Product analytics and improvementsConsent (6(1)(a))Usage data (only with cookie consent)
Send important product or service updatesLegitimate interest (6(1)(f))Email
Respond to support requestsContract performance (6(1)(b))Email, account data
Meet legal, regulatory, and compliance obligationsLegal obligation (6(1)(c))As required
We do not sell personal information.

5. AI and data processing

Bower uses AI to help organise, analyse, and retrieve research content.
  • AI features operate only on content you choose to upload or capture. They are not applied automatically without your action.
  • Your content is not used to train AI models. All providers are configured with zero-retention or inference-only data processing.
  • Where third-party AI services are used, they are subject to contractual confidentiality and data protection obligations.
  • AI outputs are generated to assist researchers and should always be reviewed by users before reliance or publication.

6. Sharing and disclosure

We may share personal information only in the following circumstances:

6.1 Service providers (sub-processors)

With trusted third-party providers who help us operate Bower. These providers are bound by Data Processing Agreements (DPAs) and confidentiality obligations. For the complete and up-to-date list, see our sub-processor page.

6.2 Team and collaborative features

If you use team or shared workspaces, content and metadata may be visible to other authorised users in that workspace, according to your role and permissions. Where required by law, regulation, court order, or to protect the rights, safety, or security of Bower, our users, or others.

7. International data transfers

Bower stores and processes data using cloud infrastructure located in the United States (Google Cloud us-central1 region). For transfers from the EU/EEA to the US, we rely on:
  • Standard Contractual Clauses (SCCs) as incorporated into DPAs with each processor
  • Google Cloud’s compliance with the EU-US Data Privacy Framework
We take reasonable steps to ensure overseas recipients handle personal information in accordance with Australian privacy laws and appropriate safeguards.

8. Data security

We take reasonable technical and organisational measures to protect personal information, including:
  • Encryption in transit (TLS) and at rest (AES-256)
  • Workspace-level data isolation at the database layer
  • Role-based access control (Owner, Admin, Member, Viewer, Guest)
  • Audit logging of all data access and modifications
  • Automatic session timeout after 30 minutes of inactivity
  • All secrets stored in Google Secret Manager
  • Secure cloud infrastructure with private networking
No system is completely secure, but we work hard to protect your data. See our Data Privacy page for full technical details.

9. Data retention

  • Account and workspace data is retained until you delete it or your account.
  • Audit logs, application logs, and backups are retained for limited periods appropriate to their purpose and automatically deleted thereafter.
  • Expired share links and invitations are deleted promptly after expiry.
You may delete your account or content at any time. See account deletion for details on what is removed.

10. Cookies and analytics

We use cookies and similar technologies to maintain sessions, understand product usage, and improve performance. Analytics cookies require your explicit consent. See our Cookie Policy for full details on what cookies we use and how to manage them.

11. Your rights

Depending on your location, you may have the following rights:
RightHow to Exercise
Access your personal dataExport from Settings > Security > Export my data
Correct inaccurate informationUpdate your profile in Settings > Profile
Delete your personal dataDelete your account from Settings > Security > Danger Zone
Export your data (portability)Download as JSON from Settings > Security
Object to processingContact privacy@bowerlabs.ai
Restrict processingContact privacy@bowerlabs.ai
Withdraw consentUpdate cookie preferences in Settings > Security
To exercise these rights, contact us at privacy@bowerlabs.ai.

12. Children

Bower is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact privacy@bowerlabs.ai.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify users via email or an in-app notification. The latest version will always be available on this page.

14. Contact us

If you have questions or concerns about this Privacy Policy or how we handle personal information:
  • Email: privacy@bowerlabs.ai
  • Data Protection Officer: David Lyon (privacy@bowerlabs.ai)
  • Company: Benenota Pty Ltd, 16 Bluejay Street, QLD 4220, Australia
  • Supervisory authority: You have the right to lodge a complaint with your local data protection authority.