< Back
Purpose
This policy governs how Beekeeper Studio employees, contractors, and interns are permitted to use AI tools in their work and how AI features may be integrated into the product. It complements the Acceptable Use Policy (Section 9) with AI-specific rules.
For our customer-facing AI commitments, see AI and Your Data.
Applies to: All employees, contractors, and interns.
Version: 1.0
Effective Date: March 10, 2026
1. Permitted Internal Use of AI
1.1 Approved Uses
Team members may use AI tools (GitHub Copilot, Claude, ChatGPT, etc.) for:
- Code generation, code review, and debugging assistance
- Drafting and editing documentation
- Writing, research, and administrative tasks
- Test generation and code refactoring
1.2 Prohibited Uses
Team members must never:
- Paste, upload, or otherwise share customer data with any AI tool — this includes database contents, query text, connection strings, error logs containing customer information, support ticket contents, or any other data originating from customers
- Use customer data to prompt, fine-tune, or train any AI model
- Use AI to process support tickets or customer communications without explicit disclosure to the customer
- Rely on AI output for security-sensitive decisions without human verification
- Use AI-generated code in security-critical paths (authentication, encryption, access control) without thorough review
1.3 What Counts as Customer Data
If it came from a customer or was generated by a customer’s use of the product, it is customer data. This includes:
- Database queries, results, schema information
- Connection configurations and credentials
- Workspace contents
- Support ticket text and attachments
- Error reports and diagnostic information that contain customer-identifiable details
- Usage patterns tied to specific customers
When in doubt, treat it as customer data.
2. AI Integration in the Product
2.1 Architecture Requirements
All AI features in Beekeeper Studio must follow these rules:
-
Direct-to-provider — AI requests go directly from the desktop app to the AI provider. No Beekeeper Studio servers may sit between the customer and the AI provider.
-
Customer’s own keys — Customers must provide their own API keys. We do not provide pooled or shared AI API access.
-
Opt-in only — AI features must be disabled by default. The customer must take explicit action to enable them.
-
No silent AI — The product must never send customer data to an AI provider without the customer explicitly initiating that action. Background or automatic AI processing of customer data is prohibited.
-
No data collection — We do not log, store, or transmit AI prompts, responses, or interaction data from customers back to our servers.
2.2 Before Adding AI Features
Any new AI feature or integration must be reviewed against these criteria before implementation:
- Does it maintain direct-to-provider architecture?
- Does it require the customer’s own API key?
- Is it opt-in with a clear enable/disable toggle?
- Is the customer aware when data is being sent to an AI provider?
- Does the UI clearly indicate what data will be shared?
- Has the AI and Your Data page been updated if the feature changes our AI footprint?
2.3 Future Changes
If we ever need to change this architecture (e.g., server-side AI processing), the following must happen first:
3. AI-Generated Code Standards
- AI-generated code is subject to the same review standards as human-written code
- All AI-generated code must pass existing CI/CD checks and code review
- Team members are responsible for understanding and being able to explain any AI-generated code they commit
- Do not commit AI-generated code you have not reviewed and tested
4. Compliance and Enforcement
Violations of this policy — particularly sharing customer data with AI tools — are treated as data handling violations under the Employee Confidentiality Agreement and may result in disciplinary action up to and including termination.
