← Back

Privacy Policy

Last updated: January 10, 2026

1. Introduction

Banner Technologies, Inc. ("Banner", "we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our enterprise CapEx management platform and related services (the "Service").

This policy applies to our customers ("Customers"), their authorized users ("Users"), and visitors to our website. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide, including:

  • Account Information: Name, email address, phone number, job title, company name, and billing information when you create an account or subscribe to our Service
  • Customer Data: Project information, financial data, documents, vendor details, invoices, contracts, and other information you upload to the Service
  • Communications: Information you provide when you contact us for support, submit feedback, or respond to surveys

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • Usage Data: Features accessed, actions taken, time spent, and navigation patterns within the Service
  • Device Information: Browser type, operating system, device identifiers, and IP address
  • Log Data: Server logs including access times, pages viewed, and referring URLs

2.3 Cookies and Tracking Technologies

We use cookies and similar technologies to maintain session state, remember preferences, and analyze Service usage. You can control cookies through your browser settings, but disabling cookies may limit Service functionality.

3. How We Use Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage subscriptions
  • Send technical notices, updates, and support messages
  • Respond to inquiries and provide customer support
  • Monitor and analyze usage trends and preferences
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms
  • Develop new features and services based on aggregated insights

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including cloud hosting, payment processing, analytics, and customer support. These providers are contractually bound to protect your information and use it only for specified purposes.

4.2 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your information becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose information if required by law, subpoena, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.4 With Your Consent

We may share information with third parties when you give us explicit consent to do so.

5. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Regular security assessments and penetration testing
  • Access controls and authentication requirements
  • Employee security training and background checks
  • Incident response procedures and monitoring

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain personal information for as long as necessary to provide the Service and fulfill the purposes described in this policy, unless a longer retention period is required by law.

Customer Data is retained for the duration of the subscription. Upon termination, Customers may request data export within 30 days. After this period, data is deleted in accordance with our data retention schedule.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to certain processing activities
  • Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at [email protected]. We will respond within the timeframe required by applicable law.

8. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including:

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights

To submit a CCPA request, email [email protected] with "CCPA Request" in the subject line.

9. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including the rights described in Section 7 above.

Banner processes personal data as a data processor on behalf of our Customers (data controllers). For data subject requests related to Customer Data, please contact your organization's administrator.

Legal Basis for Processing: We process personal data based on:

  • Performance of a contract (providing the Service)
  • Legitimate interests (improving and securing the Service)
  • Compliance with legal obligations
  • Consent (where applicable)

International Transfers: Data may be transferred to and processed in the United States. We use Standard Contractual Clauses and other appropriate safeguards for international data transfers.

10. Third-Party Services

Our Service integrates with third-party applications and services. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you connect to Banner.

Key third-party services we use include:

  • Cloud Infrastructure: Amazon Web Services (AWS) for hosting and data storage
  • Payment Processing: Stripe for payment transactions
  • Analytics: Google Analytics for website analytics (with IP anonymization)
  • Customer Support: Intercom for chat and support communications

11. Children's Privacy

The Service is designed for business use and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending an email to the address associated with your account at least 30 days before the changes take effect.

Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Banner Technologies, Inc.
San Francisco, CA
United States