menu
save_alt Télécharger

Acceptable Use Policy

Acceptable use of company systems and resources

< Back

Purpose & Scope

This policy defines acceptable use of Beekeeper Studio systems, devices, accounts, and resources. It covers day-to-day behavior and security practices that complement the Employee Confidentiality Agreement.

Applies to: All employees, contractors, and interns with access to company systems.

Version: 1.0
Effective Date: March 9, 2026

1. General Principles

  • Use company resources responsibly and primarily for business purposes.
  • Limited personal use is acceptable as long as it does not interfere with work, compromise security, or violate any law.
  • Do not use company systems for anything illegal, unethical, or that could harm the company’s reputation.
  • When in doubt, ask before acting.

2. Device Security

  • Full-disk encryption is required on all devices used for work (eg FileVault on macOS, BitLocker on Windows, LUKS on Linux).
  • Keep your operating system and all software up to date. Apply security patches promptly.
  • Lock your screen whenever you step away from your device.
  • Report lost or stolen devices immediately to the CTO.
  • Use only approved security software (antivirus/endpoint protection as required by your OS).
  • Do not disable firewalls or other built-in security features.

3. Account & Authentication

  • Use strong passwords (minimum 12 characters) on all work accounts.
  • Enable multi-factor authentication (MFA) on every system that supports it. This is mandatory.
  • Use a password manager to generate and store credentials.
  • Never share your credentials with anyone, including other team members.
  • Do not reuse passwords across personal and work accounts.
  • Revoke or rotate credentials immediately if you suspect compromise.

4. Software & Services

  • Only install trusted, reputable software on work devices.
  • Never install pirated or unlicensed software.
  • Obtain approval before signing up for any new SaaS service that would access or store customer data.
  • Approved tools: GitHub, Heroku, Google Workspace, Slack, Papertrail, Honeybadger, Netlify, AWS S3, Stripe.
  • If you need a tool not on this list, discuss it with the CTO before use.

5. Communication

  • Use company communication channels (Slack, Google Workspace) for business communication.
  • Be professional and respectful in all communications.
  • Do not share confidential information in public Slack channels or other unsecured channels.
  • Be cautious when using AI tools for communication—do not paste customer data, credentials, or internal secrets into any AI service (see Section 9).

6. Data Handling

  • Follow the data classifications defined in the Information Security Policy.
  • Do not store customer data on personal devices or in unapproved cloud services.
  • Use only approved cloud storage (Google Drive, GitHub, Heroku Postgres) for company data.
  • Do not access customer data without a legitimate business justification.
  • When handling customer data for support or debugging, use the minimum data necessary and delete local copies when done.

7. Internet & Network

  • Avoid accessing risky or disreputable websites on work devices.
  • Use a VPN when accessing production systems from untrusted networks.
  • Exercise caution on public Wi-Fi—assume the network is compromised and use encrypted connections.

8. Remote Work

  • Maintain a secure home workspace. Position your screen so it is not visible to others.
  • Do not allow others (family, friends, visitors) to use your work device.
  • Use a private space for confidential calls and meetings.
  • Follow the same security practices at home as you would in an office.

9. AI Tools

  • AI assistants (GitHub Copilot, ChatGPT, Claude, etc.) may be used for coding, writing, and productivity tasks.
  • NEVER paste customer data, credentials, API keys, or internal secrets into any AI tool.
  • Be aware that AI-generated outputs may be inaccurate, incomplete, or inappropriate. Review all AI output before using it.
  • Do not rely on AI tools for security-sensitive decisions without verification.

10. Prohibited Activities

The following are never acceptable:

  • Accessing systems or data you are not authorized to access.
  • Sharing credentials, API keys, or secrets outside approved channels.
  • Installing or distributing malware, hacking tools, or unauthorized remote access software.
  • Circumventing security controls (disabling MFA, bypassing encryption, ignoring access restrictions).
  • Using company systems for harassment, discrimination, or any illegal activity.
  • Exfiltrating company or customer data for personal use or to share with unauthorized parties.
  • Using pirated software or violating software license agreements.
  • Impersonating another employee or misrepresenting your identity.
  • Mining cryptocurrency or running unauthorized workloads on company infrastructure.

11. Reporting Violations

  • Report suspected policy violations or security concerns to the CTO immediately.
  • If you are unsure whether something is a violation, ask—reporting concerns is always the right call.
  • No retaliation: Beekeeper Studio does not tolerate retaliation against anyone who reports a concern in good faith.

12. Consequences

Violations of this policy may result in disciplinary action, up to and including termination. Specific obligations and consequences are detailed in the Employee Confidentiality and Data Protection Agreement.

Contact

Policy Questions: [Founder/CTO]
Security Incidents: [Founder/CTO] - Immediate response required
General Questions: support@beekeeperstudio.io