Loading…
Loading…
Trust
Standard terms governing processing of personal data on behalf of customers. Last updated April 24, 2026.
A note on scope
For most beekeepers, our Privacy Policy and Terms of Service are the controlling documents. This DPA applies when HiveMasterPro is acting as a processor on behalf of an organisational customer who is a controller of personal data — typically Commercial and Enterprise customers managing teams of staff or pollination clients. Enterprise customers can request a counter-signed copy on company letterhead via /contact.
The Customer is the data controller of personal data uploaded to HiveMasterPro. Quail'a Bee Solutions LLC (operating HiveMasterPro) is the data processor. The subject matter is processing of personal data necessary to provide the HiveMasterPro service in accordance with the Terms of Service.
Authorised subprocessors are listed in the Privacy Policy § 4. Customer hereby grants general written authorisation under Article 28(2) GDPR to engage these subprocessors. We will give at least 30 days' advance notice via the Changelog before adding or replacing a subprocessor materially involved in processing Customer Personal Data; Customer may object on reasonable grounds within that window.
We implement and maintain the technical and organisational security measures described in our Security overview, including encryption in transit (TLS 1.2+) and at rest (AES-256), Row Level Security on all Postgres tables, optional TOTP two-factor authentication, audit logging on permission and recall events, automatic backups with point-in-time recovery, and least-privilege access controls.
Personal data may be processed in the United States. For transfers from the EU/EEA, the United Kingdom, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses (Commission Decision (EU) 2021/914) and the UK International Data Transfer Addendum, as applicable. A copy is available on request.
We will, taking into account the nature of the processing, assist the Customer by appropriate technical and organisational measures, insofar as possible, in fulfilling its obligation to respond to data subject requests under Chapter III GDPR, the CCPA, the CPRA, PIPEDA, and other applicable privacy laws.
We will notify the Customer without undue delay, and in any event within 72 hours, after becoming aware of a personal data breach affecting Customer Personal Data, providing information reasonably necessary for the Customer to comply with its own breach-notification obligations.
On termination of the underlying agreement, the Customer may export a portable bundle (see Terms § 8) for up to 60 days, after which we will delete or anonymise Customer Personal Data, unless retention is required by applicable law.
On reasonable request and with reasonable advance notice, we will make available to the Customer information necessary to demonstrate compliance with this DPA, including by providing third-party audit reports of our subprocessors (e.g. Supabase's SOC 2 Type II) where contractually permitted.
Enterprise customers can request a counter-signed DPA, custom security questionnaires, or a SIG-Lite reply. Contact us.
Sign up for the beta — all Premium features included for early testers
Refer a fellow beekeeper and earn Premium credit.