This plan defines how Beekeeper Studio maintains business operations during service disruptions. It complements the Disaster Recovery Plan, which covers technical restore procedures. This document focuses on keeping the business running: communication, decision-making, role succession, and operational continuity.
Key distinction:
Our advantage: Beekeeper Studio is a desktop application. Customers can use the app to connect to and manage their databases without any dependency on our cloud services. Cloud disruptions affect account management, billing, licensing, and optional features, but never block customers from doing their core work.
Services ranked by business criticality, with acceptable downtime targets.
| Component | RTO | RPO | Impact if Unavailable |
|---|---|---|---|
| Desktop app (installed) | N/A | N/A | Already on customer devices, works independently |
| Auto-update distribution | 48 hours | N/A | Customers use current version; manual download available |
| Code signing certificates | 72 hours | N/A | Delays new releases only |
The desktop app has no dependency on our cloud services. Customers experience zero disruption to database connectivity, query execution, or local features during any cloud outage.
| Component | RTO | RPO | Impact if Unavailable |
|---|---|---|---|
| License validation | 4 hours | 1 hour | New activations blocked; existing licenses have grace period |
| Billing (Stripe) | 4 hours | 1 hour | Cannot process new subscriptions or changes |
| Cloud app (Heroku) | 4 hours | 1 hour | Account management unavailable |
| Component | RTO | RPO | Impact if Unavailable |
|---|---|---|---|
| Email / support system | 8 hours | 4 hours | Customer support delayed |
| Marketing site (Netlify) | 24 hours | N/A | Downloads and docs unavailable |
| Status page | 2 hours | N/A | Cannot communicate outage status |
| Component | RTO | RPO | Impact if Unavailable |
|---|---|---|---|
| GitHub (code repository) | 24 hours | 24 hours | Development paused |
| Papertrail (logs) | 24 hours | 24 hours | Reduced observability |
| Honeybadger (errors) | 24 hours | 24 hours | Error tracking paused |
Impact: Cloud app, license validation, and billing unavailable.
Customer impact: Existing desktop app users unaffected. New activations and account changes blocked.
Response:
Impact: Customer account data, subscription records, workspace sync data.
Response:
Impact: Decision-making, incident response, deployments.
Response: Follow Role Succession plan (Section 4).
Impact: Varies by vendor. See Vendor Continuity (Section 5) for migration paths.
Response:
Impact: Potential data exposure, service shutdown for containment.
Response: Follow Incident Response Plan. This BCP applies to maintaining business operations during and after the incident response.
Escalation chain (use first available):
Internal status update template:
SERVICE DISRUPTION - [Service Name]
Time detected: [timestamp]
Impact: [what's affected]
Customer impact: [what customers experience]
Status: [Investigating / Mitigating / Resolved]
ETA: [estimated resolution or "unknown"]
Next update: [time]
Channels (in order of priority):
Customer notification template (service disruption):
Beekeeper Studio Service Update
We’re currently experiencing a disruption to [service name]. [Brief description of impact].
What’s affected: [specific features/services]
What’s NOT affected: The Beekeeper Studio desktop app continues to work normally. All database connections and local features are unaffected.We’re actively working on resolution and will provide updates [via status page / every X hours].
Thank you for your patience.
Customer notification template (resolution):
Beekeeper Studio Service Restored
The disruption to [service name] has been resolved as of [time]. All services are operating normally.
What happened: [brief explanation]
Duration: [start time] to [end time]We apologize for the inconvenience. If you experience any remaining issues, contact support@beekeeperstudio.io.
| Outage Duration | Action |
|---|---|
| 0-15 minutes | Investigate, no external communication |
| 15-60 minutes | Post to status page |
| 1-4 hours | Status page + Twitter + in-app notice if possible |
| 4+ hours | All channels + email to affected customers |
| 24+ hours | Daily email updates until resolved |
| Role | Primary | Successor |
|---|---|---|
| Incident Commander | Founder/CTO | Senior Engineer |
| Technical Response | Founder/CTO | Senior Engineer |
| Customer Communication | Founder/CTO | Support Lead |
| Billing / Finance | Founder/CTO | COO or designated team member |
Short-term (< 1 week):
Long-term (> 1 week):
All production credentials and access tokens are stored in Bitwarden. Emergency access procedure:
Ensure these are always current:
| Vendor | Service | Alternative | Migration Effort |
|---|---|---|---|
| Heroku | App hosting | Railway, Render, or AWS ECS | 1-2 weeks |
| Heroku Postgres | Database | AWS RDS, Railway Postgres | 1-3 days (pg_dump/restore) |
| AWS S3 | Offsite backups | GCS, Backblaze B2 | 1-2 days |
| Vendor | Service | Alternative | Migration Effort |
|---|---|---|---|
| Netlify | Marketing site | Cloudflare Pages, Vercel | 1-2 days |
| GitHub | Code repository | GitLab, Bitbucket | 1 week |
| Stripe | Billing | Paddle, Lemon Squeezy | 2-4 weeks |
| Papertrail | Logging | Datadog, Logtail | 1-2 days |
| Honeybadger | Error tracking | Sentry, Bugsnag | 1-2 days |
Begin evaluating migration when:
The desktop application is the core product and operates independently of cloud services.
The desktop app includes a license grace period. If license validation is unreachable, paid features continue to work for a configured grace period. This ensures customers are not disrupted by temporary cloud outages.
| Channel | Primary | Backup |
|---|---|---|
| Auto-update | Built-in updater | Manual download from website |
| Website downloads | beekeeperstudio.io (Netlify) | GitHub Releases page |
| Package managers | Snap, Homebrew, Chocolatey, etc. | Direct download |
| Code signing | Current certificates | Certificate renewal via signing authority |
If the marketing site is down, customers can always download from GitHub Releases.
When multiple services are disrupted, restore in this order:
Beekeeper Studio is a fully remote company with no corporate offices, datacenters, or on-premise servers. All infrastructure runs on managed platforms (Heroku, AWS S3, Netlify). This means:
Since all work happens on personal or company-issued devices at employees’ homes:
If a team member’s location is affected by a natural disaster:
If a cloud provider’s region is affected:
Beekeeper Studio is fully remote with no corporate offices or on-premise infrastructure. All production systems run on managed platforms (Heroku, AWS) with provider-managed physical security, environmental controls, and disaster recovery. Employee devices are secured with full-disk encryption, and no customer data is stored on employee devices. Natural disasters affecting individual team members do not impact service availability.
Conduct a tabletop exercise during the November compliance review week:
| Activity | Frequency |
|---|---|
| Verify emergency contact information | Quarterly |
| Test backup restoration | Monthly (per Disaster Recovery Plan) |
| Review vendor alternatives | Annually |
| Verify Bitwarden emergency access | Annually |
| Update role succession assignments | When team changes |
Version: 1.0
Effective Date: 2026-03-09
Last Reviewed: 2026-03-09
Next Review Due: 2027-03-09
Owner: CTO / Security Contact
Approved By: CEO