Trust, by design — not as an afterthought.
Beesiness was built for enterprises with real compliance jurisdictions — education, legal, healthcare, public sector. Every architectural decision here exists because a customer asked us about it before they signed.
Compliance posture
GDPR
AlignedEU general data protection regulation. Two-party recording consent flow at /m/[meetingId]/consent, retention controls, right-to-delete pipeline. Full DPA on request to legal@beesiness.com. EU-based primary storage. Data subject rights honoured within 30 days. We describe the posture as 'aligned' rather than 'certified' — GDPR has no central certifier, so independent audit is the bar for a stronger claim.
SOC 2 Type II
In progressAudit window Q4 2026. Drata-managed control coverage currently ~40% and climbing. Letter of intent available for procurement teams under NDA.
FERPA-overlap
Operating postureEducation student-data isolation patterns. Beesiness deployed on-prem at K-12 education customers where student PII never leaves the school network.
HIPAA-overlap
Operating postureEncryption at rest + in transit, audit log, optional on-prem deployment for hospital networks. BAA-ready architecture; a counsel-reviewed BAA is executed at contract signature with Enterprise customers (we don't ship a pre-signed template until launch).
Engineering controls
Encryption
TLS 1.2+ in transit. AES-256 at rest (Postgres column-level for sensitive fields, R2/S3 server-side for audio). Per-API-key token hashing — we store SHA-256 prefix + last 12 chars, never the raw token.
Access control
Postgres Row-Level Security on every multi-tenant table — see ADR 0001. Two-role split: bumbly_app (NOBYPASSRLS) for per-org queries, neondb_owner (BYPASSRLS) for service operations. Application code can't bypass.
Audit log
Every privileged action (admin reads, plan changes, integration writes, summary retries) writes to audit_log with actor + resource + before/after metadata. Retention 365 days minimum, configurable per org.
Data residency
EU-hosted by default (Vercel build, Neon eu-central-1 Postgres, Cloudflare R2 EU-region buckets). EU customer data stays in EU. On-prem Helm chart available for air-gapped deployments.
Sub-processors
| Vendor | Purpose | Region |
|---|---|---|
| Vercel | Hosting (build + edge + functions) | EU + global edge |
| Neon | Postgres database | EU region (eu-central-1) |
| Vexa Cloud | Meeting-bot dispatch | EU + US |
| Soniox | Multilingual ASR (stt-async-v4) | US |
| Anthropic | Claude LLM (summary pipeline) | US |
| OpenAI | GPT-4o fallback (Claude outage path) | US |
| Cloudflare R2 | Audio + transcript storage | EU |
| Stripe | Billing | US + EU |
| BetterAuth (Better Auth Cloud) | Authentication | EU |
| Inngest | Background job queue | US (EU migration Q4 2026) |
| Resend | Transactional email | EU |
Updated 2026-05-24. Material changes to sub-processors are notified to all paying customers 30 days in advance via email.
Responsible disclosure
Found a security issue? We take this seriously. Email security@beesiness.com with reproduction steps. We respond within 1 business day, triage within 3 days, and aim to ship a fix within 14 days for high-severity reports.
- Researchers acting in good faith — no legal action.
- Public credit on fixes (with researcher's permission) in CHANGELOG.md.
- Bug bounty program scheduled for Q1 2027 (after SOC 2 Type II close).