GDPR Compliance Statement

Updated February 6 2026

Beekeeper Studio is committed to protecting personal data and supporting compliance with the European Union General Data Protection Regulation (GDPR) and applicable UK data protection laws. This statement outlines Beekeeper Studio’s approach to data protection, privacy, and security when providing its services.

Beekeeper Studio is designed as a desktop-first application that minimizes server-side data processing and limits the types of personal data collected and stored.

Depending on the context, Beekeeper Studio may act as:

Data Processor

When processing personal data on behalf of customers using Workspace services, licensing, and support functionality.

Data Controller

When processing personal data required to operate the business, including customer account information, billing data, licensing validation, and support communications.

2. Data Protection Principles

Beekeeper Studio processes personal data in accordance with GDPR principles, including:

Lawfulness, fairness, and transparency
Purpose limitation
Data minimization
Accuracy
Storage limitation
Integrity and confidentiality
Accountability

3. Privacy by Design and Default

Beekeeper Studio services are designed to minimize personal data processing. Key design practices include:

Desktop-first architecture that processes database data locally on customer infrastructure
No storage or processing of customer database contents
Limiting cloud storage to Workspace metadata and operational data required to provide services
Optional, anonymized, and opt-in telemetry

4. Lawful Bases for Processing

Beekeeper Studio relies on the following lawful bases for processing personal data:

Contractual Necessity

Processing required to provide services, including licensing, account management, Workspace functionality, and support.

Legitimate Interests

Processing necessary to maintain security, prevent fraud, improve service reliability, and maintain system performance.

Legal Obligations

Processing required to comply with tax, accounting, and regulatory requirements.

Used for optional product features, including diagnostic and usage telemetry where applicable.

5. Data Subject Rights

Beekeeper Studio supports customer compliance with data subject rights, including:

Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object to processing

Beekeeper Studio maintains procedures for responding to verified data subject requests in accordance with GDPR timelines.

6. Security Measures

Beekeeper Studio implements technical and organizational safeguards designed to protect personal data, including:

Encryption

TLS encryption for data in transit
Encryption at rest for server-stored data
Application-level encryption for stored credentials and sensitive workspace metadata

Access Controls

Role-based access control
Least-privilege access policies
Multi-factor authentication for administrative systems

Infrastructure Security

Secure cloud hosting environments
Network segmentation
Continuous vulnerability monitoring and patching

Operational Security

Security incident response procedures
Logging and monitoring of system access
Regular security reviews and updates

7. Data Processing Agreements

Beekeeper Studio provides a Data Processing Agreement (DPA) that defines contractual obligations regarding personal data processing, security measures, and compliance responsibilities.

8. Subprocessors

Beekeeper Studio engages a limited number of third-party service providers (“Subprocessors”) to support delivery of its services. Subprocessors are vendors that may process personal data on behalf of Beekeeper Studio.

Beekeeper Studio enters into data processing agreements with Subprocessors where required and ensures they implement appropriate technical and organizational safeguards consistent with GDPR requirements.

This list is maintained for transparency and may be updated periodically. Customers may contact support@beekeeperstudio.io for questions or to request notifications of material changes.

Infrastructure and Hosting

Amazon Web Services, Inc. (AWS)

Purpose: Cloud infrastructure, storage, and backup services
Data Types: Workspace metadata, account data, operational logs
Processing Location: United States

Heroku, Inc. (Salesforce, Inc.)

Purpose: Application hosting and runtime infrastructure
Data Types: Workspace metadata, account data, operational logs
Processing Location: United States

Payments and Billing

Stripe, Inc.

Purpose: Payment processing, billing, fraud prevention, and subscription management
Data Types: Customer billing and payment information, contact details
Processing Locations: United States and other Stripe-supported processing regions

Monitoring and Service Reliability

Honeybadger Industries, LLC

Purpose: Application error monitoring and system diagnostics
Data Types: Application error logs and diagnostic metadata (does not include customer database contents)
Processing Location: United States

Communication and Internal Operations

Slack Technologies, Inc. (Salesforce, Inc.)

Purpose: Internal communication, customer support coordination, and operational notifications
Data Types: Support communications and limited operational metadata
Processing Location: United States

Google LLC (Google Workspace)

Purpose: Email, document storage, and internal productivity services
Data Types: Customer communications, support communications, and internal operational data
Processing Locations: United States and global Google data center regions

Analytics

Conva Ventures Inc. (Fathom Analytics)

Purpose: Website analytics and usage metrics
Data Types: Aggregated and anonymized website analytics data
Processing Location: Canada / United States (depending on infrastructure region)

Subprocessor Safeguards

Beekeeper Studio requires Subprocessors to:

Process personal data only under documented instructions
Maintain confidentiality and appropriate security controls
Implement data protection safeguards consistent with GDPR
Provide breach notification and incident response commitments

Subprocessor Changes

Beekeeper Studio may update this Subprocessor list from time to time as services evolve. Material updates will be reflected in this document. Customers may contact support@beekeeperstudio.io to request notification of changes.

9. International Data Transfers

Beekeeper Studio operates infrastructure within the United States. Where personal data is transferred outside the European Economic Area (EEA) or United Kingdom, Beekeeper Studio implements appropriate safeguards, including:

European Commission Standard Contractual Clauses (SCCs)
UK International Data Transfer Addendum (where applicable)

10. Data Retention and Minimization

Beekeeper Studio maintains documented data retention policies designed to retain personal data only as long as necessary for service delivery, legal obligations, and operational security.

Beekeeper Studio does not retain customer database contents.

11. Breach Notification and Incident Response

Beekeeper Studio maintains procedures to detect, investigate, and respond to security incidents. Personal data breaches are reported in accordance with GDPR requirements and contractual obligations.

Beekeeper Studio supports customers in meeting their own GDPR obligations by providing:

Data Processing Agreements
DPIA summaries
Data retention and transfer documentation
Security and privacy documentation
Assistance with data subject rights requests

13. Ongoing Compliance and Review

Beekeeper Studio regularly reviews and updates its privacy and security practices to maintain compliance with evolving data protection regulations and industry best practices.

14. Contact Information

For privacy or data protection inquiries, customers may contact:

Beekeeper Studio Privacy Team
support@beekeeperstudio.io