menu
save_alt Download

Subprocessor List

Third-party service providers used by Beekeeper Studio

< Back

Subprocessor List

Last Updated: 2026-02-09
Next Review: 2026-05-09

Beekeeper Studio engages a limited number of third-party service providers (“Subprocessors”) to support delivery of its cloud services (account management, billing, license validation, support systems, and optional workspace sync).

Our Architecture

Beekeeper Studio is a desktop database client. Customer database queries and results are processed locally on customer devices. The subprocessors listed below support our cloud infrastructure only—they do not have access to customer databases.

For a visual overview of data flows, see our Data Flow Diagram.

Security Standards

All subprocessors are required to:

  • Maintain SOC 2 Type II, ISO 27001, or equivalent certifications
  • Process personal data only under documented instructions
  • Implement appropriate technical and organizational safeguards consistent with GDPR requirements
  • Provide data processing agreements where required
  • Notify Beekeeper Studio of security incidents

Subprocessor Directory

Infrastructure and Hosting

Heroku, Inc. (Salesforce, Inc.)

  • Purpose: Application hosting, database hosting (Heroku Postgres), and runtime infrastructure
  • Data Types: Customer account data, cloud workspace data, application logs, session data
  • Processing Location: United States (Heroku US region)
  • Certifications: SOC 2 Type II, ISO 27001
  • Website: heroku.com

Amazon Web Services, Inc. (AWS)

  • Purpose: Offsite database backup storage
  • Data Types: Encrypted database backups (copies of production data)
  • Processing Location: United States
  • Certifications: SOC 2 Type II, ISO 27001
  • Website: aws.amazon.com

Code and Issue Tracking

GitHub, Inc. (Microsoft Corporation)

  • Purpose: Source code hosting, issue tracking, and project management
  • Data Types: Customer-reported bug reports and feature requests (may include names, email addresses, screenshots), source code
  • Processing Location: United States
  • Certifications: SOC 2 Type II, ISO 27001
  • Website: github.com

Payments and Billing

Stripe, Inc.

  • Purpose: Payment processing, billing, subscription management, and fraud prevention
  • Data Types: Customer payment information (tokenized credit cards), billing addresses, email addresses, subscription status
  • Processing Location: United States (primary), global Stripe infrastructure for payment routing
  • Certifications: PCI DSS Level 1, SOC 2 Type II
  • Note: Stripe processes billing data only, no access to cloud workspace or application data
  • Website: stripe.com

Monitoring and Service Reliability

Honeybadger Industries, LLC

  • Purpose: Application error monitoring, exception tracking, and system diagnostics
  • Data Types: Application error logs, system performance metrics, request metadata, user IDs (anonymized where possible)
  • Processing Location: United States
  • Certifications: SOC 2 Type II
  • Note: Automatic redaction of sensitive data (passwords, tokens); does not include customer database contents
  • Website: honeybadger.io

Communication and Internal Operations

Slack Technologies, Inc. (Salesforce, Inc.)

  • Purpose: Internal team communication, customer support coordination, and operational notifications
  • Data Types: Customer support messages, internal communications about customer issues, system alerts, customer names and email addresses (in support context)
  • Processing Location: United States and global Slack data centers
  • Certifications: SOC 2 Type II, ISO 27001
  • Website: slack.com

Google LLC (Google Workspace)

  • Purpose: Email, document storage, internal productivity services, and business operations
  • Data Types: Email communications with customers, customer support correspondence, contract documents, internal business documentation
  • Processing Location: United States and global Google data center regions
  • Certifications: SOC 2 Type II, ISO 27001
  • Website: workspace.google.com

Analytics

Conva Ventures Inc. (Fathom Analytics)

  • Purpose: Privacy-focused website analytics and usage metrics
  • Data Types: Website visitor data (anonymized), page views, navigation patterns, referrer information, aggregated usage statistics
  • Processing Location: Canada / United States
  • Privacy: No personal data collection, no cookies, no cross-site tracking, GDPR compliant by design
  • Note: Website analytics only, no access to application data
  • Website: usefathom.com

Updates and Changes

This subprocessor list is reviewed quarterly. Beekeeper Studio may update this list from time to time as services evolve.

For material changes to this list (addition of new subprocessors or changes to existing subprocessor data processing), customers may contact support@beekeeperstudio.io to request proactive notification.

Questions?

For questions about subprocessors, data processing, or security practices, contact:

Beekeeper Studio Privacy Team
support@beekeeperstudio.io