Privacy Policy

Effective Date: May 8, 2026 | Last Updated: May 8, 2026

This Privacy Policy describes how Beezifi Inc. ("Beezifi," "we," "our," or "us") collects, uses, stores, and discloses information when you use the Beezifi Security service (the "Service") — an API-based security gateway and web application firewall (WAF) platform that enables tenants to evaluate inbound HTTP requests against configurable security rules and receive real-time decisions. By creating an account or using the Service, you acknowledge and agree to this Privacy Policy in full.

1. Information We Collect

Account Data

When you register a tenant account, we collect your organization name, email address, and a password. Passwords are stored exclusively as bcrypt hashes and are never retained in plaintext.

API Keys

When you generate API keys within the Service, we store the SHA-256 cryptographic hash of each key along with its prefix, name, creation timestamp, and status. The full plaintext API key is shown only once at generation time and is not stored by Beezifi. We record the number of API requests made per key and the timestamp of last use.

Request Evaluation Data

When your infrastructure calls the Service API (POST /api/v1/check) to evaluate an inbound request, we receive and log the following data you submit:

IP address of the end-user request
ISO country code (if provided)
Request path (URL path component)
User-agent string
Geographic coordinates (latitude and longitude), if provided
Request timestamp

For each evaluation we additionally record: the decision (ALLOW, BLOCK, or REDIRECT), the matched rule name and ID (if any), the computed threat score, and the API key used. This constitutes your request log, which is accessible from your dashboard.

Bandwidth Usage Data

We track the bytes consumed by each API call (request and response body sizes) to maintain your prepaid bandwidth balance. We record your cumulative bytes purchased and bytes remaining.

Billing & Payment Data

We record your purchase history including: the volume of bandwidth purchased, the price per GB applied, the total amount charged, the date of purchase, and the payment status. Payment processing is handled exclusively by Stripe, Inc.; Beezifi does not store credit card numbers, card verification codes, or full payment method details. Stripe assigns a customer ID that we associate with your tenant account for billing purposes.

Security Rules & Configuration

We store the security rules you create within your tenant account, including rule names, descriptions, types, configurations (e.g., IP lists, country codes, geofence coordinates), priorities, and ghost response definitions. This data is necessary to provide the Service.

Technical & Operational Data

We collect standard server-side technical data for operational and security purposes, including timestamps of dashboard logins and API calls, browser type and version used to access the dashboard, and server error logs.

2. How We Use Your Information

Authenticating your dashboard access and authorizing API calls via your API keys
Evaluating your configured security rules against inbound request data you submit
Maintaining your request logs and analytics for your review within the dashboard
Tracking bandwidth consumption and maintaining your prepaid balance
Processing payments and maintaining your purchase history via Stripe
Providing, operating, maintaining, and improving the Service
Sending transactional communications (account confirmation, security alerts, billing receipts)
Detecting and preventing abuse, fraud, and unauthorized access to the Service
Complying with applicable legal obligations

We do not sell your data. We do not use your account data, request logs, or rule configurations to train machine learning models or for any advertising or marketing profiling purposes.

3. Request Log Data & Your End Users

The request evaluation data described in Section 1 relates to the end users of your applications — not to Beezifi's direct relationship with those individuals. You, as the tenant, are the data controller with respect to your end users' IP addresses, paths, and user agents. You are responsible for maintaining appropriate legal bases and disclosures to your own end users for processing this data through the Service. Beezifi processes this data on your behalf as a data processor for the purpose of providing the evaluation service.

4. Multi-Tenant Data Isolation

All tenant data — including rules, API keys, request logs, and bandwidth balances — is maintained in logically isolated, access-controlled database instances keyed by your tenant ID. Your data is never accessible to other tenants of the Service. Internal Beezifi staff follow role-gated, audited processes for any infrastructure access.

5. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information.

Data may be shared only in the following limited circumstances:

Stripe: Payment processing is performed by Stripe, Inc. Stripe receives your email address, the purchase amount, and bandwidth details to facilitate checkout. Stripe's privacy policy governs their data handling.
Infrastructure providers: Cloud hosting and database infrastructure providers operate under confidentiality agreements and are permitted to process data only for service delivery.
Legal requirements: We may disclose information where required by valid subpoena, court order, or applicable law. Where legally permitted, we will provide advance notice to you.
Business transfers: In the event of a merger, acquisition, or asset sale, tenant data may be transferred. You will be notified with a reasonable opportunity to export or delete your data.
Explicit consent: Any sharing beyond the above requires your prior written consent.

6. Data Retention

Your account data is retained while your account is active. Request logs are retained for 90 days by default and may be purged sooner at your request. Upon account deletion:

Account and configuration data enters a 30-day recovery window before permanent deletion
After 30 days, deletion is permanent and irreversible
Backup snapshots are purged within 90 days of deletion
Billing records and certain operational logs may be retained for up to 7 years to meet legal, tax, and financial compliance obligations

To request early deletion, contact privacy@beezifi.com.

7. Security

We implement technical safeguards including bcrypt password hashing, SHA-256 API key hashing, TLS 1.2+ encryption in transit, short-lived JSON Web Tokens for dashboard sessions, per-endpoint rate limiting, multi-tenant data isolation, and HTTP security headers. Full details are in our Security Policy.

No system is 100% secure. Despite our best efforts, we cannot guarantee absolute security of data transmitted over the internet or stored on our systems. In the event of a confirmed breach affecting your data, we will notify you within 72 hours as required by applicable law. Beezifi Inc. shall not be liable for damages resulting from unauthorized access arising from your failure to maintain API key security or other circumstances beyond our reasonable control.

8. Cookies & Local Storage

The Service dashboard uses minimal browser storage:

localStorage (JWT session token): Used to maintain your authenticated dashboard session. Essential to dashboard functionality and cannot be disabled without preventing login.
localStorage (tenant info): Stores your tenant name and email for display purposes. Cleared on sign-out.
No advertising cookies.
No third-party analytics or tracking pixels.

Clearing your browser's local storage will sign you out of the dashboard. This does not affect your API keys or Service configuration.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

Access: Request a copy of the personal data we hold about you
Rectification: Correct inaccurate or incomplete account data
Erasure: Request deletion of your account and associated data
Portability: Export your configuration and log data
Objection: Object to processing based on legitimate interests
Restrict processing: Request limitations on how we process your data

To exercise these rights, contact privacy@beezifi.com. We will respond within 30 days.

10. Children's Privacy

The Service is intended for business use by organizations and individuals aged 18 or older. We do not knowingly collect personal information from children under 16. If you believe a child's data has been submitted, contact privacy@beezifi.com and we will promptly delete it.

11. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR UNINTERRUPTED AVAILABILITY. BEEZIFI INC. DOES NOT WARRANT THAT THE SERVICE WILL BE ERROR-FREE, SECURE, OR CONTINUOUSLY AVAILABLE.

12. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, BEEZIFI INC. AND ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AND AFFILIATES SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF DATA, LOSS OF REVENUE, SECURITY BREACHES IN YOUR DOWNSTREAM SYSTEMS, OR LOSS OF GOODWILL, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF OR INABILITY TO USE THE SERVICE. IN NO EVENT SHALL BEEZIFI'S TOTAL LIABILITY EXCEED THE GREATER OF (A) THE AMOUNT YOU PAID FOR BANDWIDTH IN THE 12 MONTHS PRECEDING THE CLAIM OR (B) ONE HUNDRED DOLLARS (USD $100).

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 14 days before taking effect. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

14. Governing Law

This Privacy Policy and any disputes arising out of or relating to it shall be governed by and construed in accordance with the laws of the State of Washington, United States, without regard to its conflict-of-law provisions. By using the Service, you consent to the exclusive jurisdiction of the courts located in Washington State for any matters not subject to arbitration under our Terms of Service.

15. Contact Us

For privacy-related inquiries or to exercise your rights:
Email: privacy@beezifi.com
Response target: 5 business days