Privacy Policy
Last updated: 1 July 2026
This Privacy Policy explains how Bingfa (“Bingfa”, “we”, “us”) collects, uses, and protects your personal information when you use the Bingfaapplication and related services (the “Service”). We handle personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles. By using the Service, you agree to this Policy.
1. Information we collect
Information you provide
- Account details — your name, email address, and password (stored only as a salted hash). If you sign in with Google, Facebook, or GitHub, we receive basic profile information from that provider.
- Business & content data — the brand information, briefs, and content you create or upload, including business details, competitors, and generated marketing material.
- Connected accounts — when you connect a social media account, we and our publishing partner store identifiers and authorisation tokens needed to publish on your behalf. When you connect WordPress, we store the connection details you provide.
- Communications — messages you send us, e.g. support requests.
Information collected automatically
- Usage & activity — actions you take in the Service (such as generating content or publishing), and usage counts used to enforce plan limits.
- Technical data — session cookies for authentication, and limited request information (such as IP address) used for security and rate limiting.
Payment information
Payments are processed by Stripe. We do not collect or store your full card details. We retain billing identifiers (such as your Stripe customer and subscription IDs) and your plan and subscription status.
2. How we use your information
- To provide, operate, and improve the Service, including generating and publishing content you request;
- To authenticate you, secure accounts, and prevent abuse;
- To process subscriptions and payments, and enforce plan limits;
- To send service-related emails (e.g. verification, password reset, account notices) and, where permitted, product updates;
- To respond to your enquiries and provide support; and
- To comply with our legal obligations.
3. AI processing
When you generate content, the brand and prompt information you provide is sent to third-party AI model providers to produce the output. We use providers such as DeepSeek, Google, and OpenAI depending on the feature. We do not sell your content, and we only share what is needed to generate the output you request.
4. Who we share information with
We do not sell your personal information. We share it only with service providers who help us run the Service, and only as needed for them to perform their function:
- Stripe — payment processing and subscription billing;
- Zernio — connecting and publishing to your social media accounts;
- Resend — sending transactional and notification emails;
- Cloudflare — storage and delivery of generated images and assets;
- AI model providers (e.g. DeepSeek, Google, OpenAI) — generating content as described above;
- Hosting & infrastructure providers — running the application and database; and
- Authentication providers (Google, Facebook, GitHub) — if you choose to sign in with them.
We may also disclose information if required by law, to enforce our Terms, or to protect the rights, safety, or property of Bingfa, our users, or others. If our business is involved in a merger or acquisition, information may be transferred as part of that transaction.
5. International transfers
Some of our service providers operate outside Australia. Where your information is transferred or processed overseas, we take reasonable steps to ensure it is handled consistently with this Policy and applicable law.
6. Data retention
We keep your information for as long as your account is active and as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we delete or de-identify your personal information within a reasonable period, except where we are required to retain it.
7. Security
We take reasonable technical and organisational measures to protect your information, including hashed passwords, encrypted connections, and access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Your rights
You may request access to, or correction of, the personal information we hold about you, and you may ask us to delete it. You can update much of your information directly in your account settings. To make a request or raise a privacy concern, email us at [contact email — to be added before launch]. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).
9. Cookies
We use essential cookies to keep you signed in and to operate the Service. These are required for the Service to function; we do not use them for third-party advertising.
10. Children
The Service is not directed to children and is intended for business users aged 18 and over. We do not knowingly collect personal information from children.
11. Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will take reasonable steps to notify you. The “last updated” date above shows when this Policy was last revised.
12. Contact us
For any questions about this Policy or your personal information, contact us at [contact email — to be added before launch].
