1 Introduction
Beezifi Inc. ("Beezifi", "we", "us", or "our") operates Beezifi Storage, a private object storage platform. This Privacy Policy explains what information we collect when you use our services, how we use it, and the rights you have over it.
By creating an account or using the Beezifi Storage platform, you agree to the practices described in this policy. If you do not agree, do not use the service.
The short version: Your uploaded files and organization data belong entirely to you. We do not read your files, sell your data, or use your content to train machine learning models.
2 Information We Collect
Account Information
When you register, we collect your full name, email address, organization name, and a bcrypt-hashed version of your password. We never store your password in plain text.
Files and Objects
Files you upload to Beezifi Storage are stored on our servers associated with your organization. This includes the file content, file name, content type, file size, and any custom metadata you attach. We store this data solely to provide the storage service to you.
Access and Usage Logs
We maintain an audit trail of actions taken within your organization, including file uploads, downloads, signed URL generation, access via signed URLs, and administrative actions. These logs are accessible to organization owners and administrators. We also collect server-side request logs (IP address, timestamp, HTTP method, path) for security and performance purposes.
Billing Information
Payment processing is handled by Stripe. We do not store full credit card numbers or CVVs. We retain records of plan tier, prepaid term, transaction amounts, and Stripe customer identifiers to support billing history and account management.
Technical Data
We automatically collect browser type, operating system, referring URLs, and session identifiers when you access the platform. This data helps us detect abuse and maintain service quality.
3 How We Use Your Information
- To provide the service — storing, retrieving, and managing your files; authenticating your identity; processing payments; generating signed URLs.
- To communicate with you — sending plan expiry reminders, billing receipts, and critical security notices. We do not send marketing emails without your explicit consent.
- To ensure security — detecting unauthorized access, rate-limiting abuse, enforcing access policies, and maintaining audit logs.
- To comply with the law — responding to lawful requests from government authorities where we are legally required to do so.
- To improve the platform — analyzing aggregate, anonymized usage patterns to understand which features are used. Individual file contents are never analyzed.
4 Data Storage & Isolation
Every organization on Beezifi Storage is fully isolated. Your files, buckets, API keys, team members, and audit logs are stored under a unique organization identifier and are never accessible to other organizations.
Data is stored on servers located within the United States. If you require data residency in a specific region, please contact us about our dedicated VM option.
On the shared infrastructure (leased storage plans), your files occupy an isolated storage namespace. No other tenant can access your files through any application interface, database query, or internal tool without explicit authorization from your organization.
5 File Content
We do not read, scan, index, or analyze the content of files you upload. Your files are treated as opaque binary data. Beezifi employees do not access file contents except when required by law or at your explicit written request for support purposes.
You are solely responsible for the content of files stored in your account. By using the service, you represent that you have the right to upload and store all content in your account and that such content does not violate any applicable law or third-party rights.
6 Third-Party Services
We share limited data with the following third-party service providers only to the extent necessary to operate the platform:
- Stripe — payment processing. Stripe receives billing contact information and payment details. Stripe's privacy policy governs their handling of this data.
- Cloud infrastructure providers — server hosting, networking, and storage infrastructure. These providers do not have access to your application data.
We do not sell, rent, or share your personal information or file contents with advertisers, data brokers, or any third party for commercial purposes.
We may disclose information if required to do so by law, court order, or governmental authority, and we will notify you of such requests to the extent permitted by law.
7 Data Retention
- Active accounts — all data is retained while your account is active and your plan is current.
- Expired plans — if your plan expires and is not renewed within 30 days, we reserve the right to permanently delete your organization's files, buckets, and associated data.
- Account deletion — upon request, we will delete your account and all associated data within 30 days. Billing records required for tax and legal compliance may be retained for up to 7 years.
- Audit logs — retained for up to 2 years to support security investigations and compliance requirements.
- Backups — backup snapshots are purged within 90 days of the original data deletion.
8 Security
We implement industry-standard technical and organizational measures to protect your data:
- All passwords hashed with bcrypt (work factor 10)
- All data transmitted over TLS 1.2 or higher (HTTPS enforced)
- JWT-based session tokens with server-side secret management
- Optional TOTP two-factor authentication for all users
- Role-based access control (owner, admin, member) with per-bucket permission policies
- Rate limiting on all authentication endpoints
- Signed URLs with configurable expiry for secure file sharing
- Append-only audit logs tracking all access and modifications
- HTTP security headers via Helmet.js (CSP, HSTS, X-Frame-Options)
No method of transmission or storage is 100% secure. In the event of a data breach affecting your organization, we will notify you within 72 hours of becoming aware of the incident.
For full details, see our Security Policy.
9 Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Correction — request correction of inaccurate personal data.
- Deletion — request deletion of your personal data (subject to legal retention requirements).
- Portability — request your data in a machine-readable format. All files can be downloaded at any time from your dashboard.
- Objection — object to certain processing activities.
- Withdraw consent — where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at privacy@beezifi.com. We will respond within 30 days.
10 Children's Privacy
Beezifi Storage is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
11 Policy Changes
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice within the platform at least 14 days before the changes take effect. Your continued use of the service after the effective date constitutes acceptance of the updated policy.
12 Contact
If you have questions about this Privacy Policy or your data, please contact us:
Beezifi Inc.
Privacy inquiries: privacy@beezifi.com
General: hello@beezifi.com
Response time: within 30 days