Back to home
BeeBookKeeper

Privacy Policy

How BeeBookKeeper processes personal data for account access, bookkeeping, and platform security.

Last updated: March 10, 2026

1. Data Controller

BeeBookKeeper is the controller for user account and platform operation data processed through this website.

Contact: support@beebookkeeper.com

2. What We Process

  • Account data: email, username, password hash, date of birth, residential address, and profile details.
  • Security data: session records, IP/user-agent for login and registration protection, audit logs.
  • Bookkeeping data entered by your organization (companies, invoices, expenses, ledger records).

3. Purposes and Legal Bases (GDPR)

  • Service delivery and account management: contract performance (GDPR Article 6(1)(b)).
  • Security, fraud prevention, and abuse controls: legitimate interests (GDPR Article 6(1)(f)).
  • Regulatory and accounting obligations where applicable: legal obligation (GDPR Article 6(1)(c)).

4. Retention

We retain personal data only as long as needed for service delivery, legal requirements, and security evidence. Bookkeeping records are kept for the current fiscal year plus the 7 prior years in line with the Dutch 7-year retention obligation (Algemene wet inzake rijksbelastingen, art. 52), which serves as our platform baseline. International users remain responsible for exporting their data if local laws require different retention periods. A one-year grace period is provided during which the oldest year is flagged 'Auto deleted soon' and remains exportable. After the grace period the records and their attachments are permanently removed from both our PostgreSQL database (Neon) and our object storage (Cloudflare R2). This deletion is automated, irreversible, and applied per company. If a user chooses to delete their company from the dashboard, the company is archived (soft deleted) and its data remains subject to this legal retention schedule.

5. Your Rights

Under GDPR, you can request access, rectification, erasure, restriction, objection, and data portability where applicable. Use the Data Requests page to submit a request.

6. International Transfers

If storage or subprocessors involve transfers outside the EEA, we apply appropriate safeguards required by GDPR.

7. Consent Choices

You can choose between Accept all and Essentials only in the privacy banner. Essentials are required for secure platform operation.