GDPR Compliance Statement

Updated February 6 2026

Beekeeper Studio is committed to protecting personal data and supporting compliance with the European Union General Data Protection Regulation (GDPR) and applicable UK data protection laws. This statement outlines Beekeeper Studio’s approach to data protection, privacy, and security when providing its services.

Beekeeper Studio is designed as a desktop-first application that minimizes server-side data processing and limits the types of personal data collected and stored.

Depending on the context, Beekeeper Studio may act as:

Data Processor

When processing personal data on behalf of customers using Workspace services, licensing, and support functionality.

Data Controller

When processing personal data required to operate the business, including customer account information, billing data, licensing validation, and support communications.

2. Data Protection Principles

Beekeeper Studio processes personal data in accordance with GDPR principles, including:

Lawfulness, fairness, and transparency
Purpose limitation
Data minimization
Accuracy
Storage limitation
Integrity and confidentiality
Accountability

3. Privacy by Design and Default

Beekeeper Studio services are designed to minimize personal data processing. Key design practices include:

Desktop-first architecture that processes database data locally on customer infrastructure
No storage or processing of customer database contents
Limiting cloud storage to Workspace metadata and operational data required to provide services
Optional, anonymized, and opt-in telemetry

4. Lawful Bases for Processing

Beekeeper Studio relies on the following lawful bases for processing personal data:

Contractual Necessity

Processing required to provide services, including licensing, account management, Workspace functionality, and support.

Legitimate Interests

Processing necessary to maintain security, prevent fraud, improve service reliability, and maintain system performance.

Legal Obligations

Processing required to comply with tax, accounting, and regulatory requirements.

Used for optional product features, including diagnostic and usage telemetry where applicable.

5. Data Subject Rights

Beekeeper Studio supports customer compliance with data subject rights, including:

Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object to processing

Beekeeper Studio maintains procedures for responding to verified data subject requests in accordance with GDPR timelines.

6. Security Measures

Beekeeper Studio implements technical and organizational safeguards designed to protect personal data, including:

Encryption

TLS encryption for data in transit
Encryption at rest for server-stored data
Application-level encryption for stored credentials and sensitive workspace metadata

Access Controls

Role-based access control
Least-privilege access policies
Multi-factor authentication for administrative systems

Infrastructure Security

Secure cloud hosting environments
Network segmentation
Continuous vulnerability monitoring and patching

Operational Security

Security incident response procedures
Logging and monitoring of system access
Regular security reviews and updates

7. Data Processing Agreements

Beekeeper Studio provides a Data Processing Agreement (DPA) that defines contractual obligations regarding personal data processing, security measures, and compliance responsibilities.

8. Subprocessors

Beekeeper Studio engages a limited number of third-party service providers (“Subprocessors”) to support delivery of its cloud services (account management, billing, license validation, support systems, and optional workspace sync).

Important: Beekeeper Studio is a desktop database client. Customer database queries and results are processed locally on customer devices. Subprocessors support our cloud infrastructure only—they do not have access to customer databases.

Beekeeper Studio enters into data processing agreements with Subprocessors and ensures they implement appropriate technical and organizational safeguards consistent with GDPR requirements. All subprocessors maintain SOC 2 Type II, ISO 27001, or equivalent certifications.

📋 View the complete Subprocessor List with details on all third-party service providers, data types processed, processing locations, and security certifications.

For internal operational procedures and vendor vetting processes, see our Subprocessor Inventory Policy.

9. International Data Transfers

Beekeeper Studio operates infrastructure within the United States. Where personal data is transferred outside the European Economic Area (EEA) or United Kingdom, Beekeeper Studio implements appropriate safeguards, including:

European Commission Standard Contractual Clauses (SCCs)
UK International Data Transfer Addendum (where applicable)

10. Data Retention and Minimization

Beekeeper Studio maintains documented data retention policies designed to retain personal data only as long as necessary for service delivery, legal obligations, and operational security.

Beekeeper Studio does not retain customer database contents.

11. Breach Notification and Incident Response

Beekeeper Studio maintains procedures to detect, investigate, and respond to security incidents. Personal data breaches are reported in accordance with GDPR requirements and contractual obligations.

Beekeeper Studio supports customers in meeting their own GDPR obligations by providing:

Data Processing Agreements
DPIA summaries
Data retention and transfer documentation
Security and privacy documentation
Assistance with data subject rights requests

13. Ongoing Compliance and Review

Beekeeper Studio regularly reviews and updates its privacy and security practices to maintain compliance with evolving data protection regulations and industry best practices.

14. Contact Information

For privacy or data protection inquiries, customers may contact:

Beekeeper Studio Privacy Team
support@beekeeperstudio.io