🐝 Privacy Policy

Be a Bee · Last updated: 30 April 2026

This privacy policy explains what data Be a Bee ("we", "us") collects when you use the app or dashboard, why we need it and what rights you have.

1. Who we are

Be a Bee is operated by Tom Bode, based in the Netherlands. Data controller: Tom Bode, contact: tom@tombode.nl.

2. What data we collect

• Account: email address, name, hashed password.
• Club data: clubs you are a member of, your role (volunteer / admin / head admin), tasks you claimed, hours worked.
• Messages: messages you send or receive within the app.
• Device: push notification token (so we can deliver notifications).
• Optional profile: phone number, address, birthdate, profile photo — only if you fill them in yourself.
• Technical logs: IP address and timestamp of API requests (max 30 days, for security and debugging).

3. Why we need this data

• To deliver the app's features (claim tasks, communicate with members, etc.).
• To authenticate you and protect your account.
• To send push notifications about tasks you are involved with.
• To prevent abuse (rate limiting, abuse detection).

Legal basis: performance of contract (terms of service) and legitimate interest (security).

4. How long we keep data

• Account data: until you delete your account.
• When you delete your account, your personal data (name, email) is anonymized; tasks you claimed remain visible to the club with "Deleted user" as the name.
• Messages are fully wiped on account deletion.
• Technical logs: maximum 30 days.
• Backups: maximum 30 days.

5. Who we share data with

We never sell or rent your data. We only share with:

• Hetzner Online GmbH (Germany) — our hosting provider. Data stays within the EU.
• Stripe Payments Europe (Ireland) — only if you are a club admin and start a subscription. Stripe has its own privacy policy.
• Apple / Google — for push notifications via APNs / FCM (only your device token + the notification content).
• Resend Inc. (US) — only for transactional email (password reset, verification). Resend uses Standard Contractual Clauses.

We share no data with ad networks, analytics trackers or data brokers.

6. Your rights

Under the GDPR you have the right to:

• Access the data we hold about you.
• Rectify incorrect data.
• Delete — via the app: Profile → Settings → Delete account.
• Data portability — request an export of your data.
• Object to processing.

Email tom@tombode.nl; we reply within 30 days. You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

7. Security

Passwords are stored as bcrypt hashes (never in readable form). Traffic between app and server uses HTTPS. The server runs in an EU data center with network-level firewalling. Access to production data is limited to Tom Bode personally.

8. Cookies and tracking

The mobile app uses no cookies or trackers. The web dashboard only uses local storage for your session token (no tracking cookies, no advertising cookies). We do not use Google Analytics or comparable cross-site tracking tools.

9. Children

The app is intended for users 16 years and older. We do not knowingly collect data from people under 16. If you believe we accidentally have, please contact us so we can delete it.

10. Changes

For material changes you will receive an in-app notice. The date at the top of this page indicates the latest version.

11. Contact

Questions? Email tom@tombode.nl.

Be a Bee · Terms of Service