Last updated: 22 June 2026
This policy covers the personal data BeeSensible is responsible for: the data of website visitors, customers, and users of our services. We follow the GDPR.
It does not cover the text you or your organisation process through the Application. Your organisation is responsible for that, with us as the processor; that is set out in the Data Processing Agreement (DPA).
Article 1: Who are we?
BeeSensible is a service of Venturo Media B.V., Spijksedijk 1a, 6917 AD Spijk, the Netherlands. Chamber of Commerce 72127198, VAT NL859075330B01. For privacy questions, email trust@beesensible.eu.
Article 2: What data do we process, and why?
What we collect depends on how you reach us. Per situation, here is which data it is, what for, on what legal basis, and how long we keep it.
2.1 You visit our website
Data: technical data such as your IP address (anonymised), browser, operating system, and the pages you view.
Purpose: keeping the website working and secure, and measuring visits. We measure visits without cookies.
Legal basis: legitimate interest.
Retention: technical logs for up to 30 days.
2.2 You create an account (free or paid)
Data: your name, email address, and the details of the account you sign in with (Google or Microsoft).
Purpose: creating and managing your account, giving you access, and supporting you.
Legal basis: performance of the agreement.
Retention: as long as your account exists. If you delete it, your data is gone within 30 days.
You sign in with Google or Microsoft. We do not hold a password of our own.
2.3 Your organisation takes out a paid subscription
Data: company name, address, Chamber of Commerce number, the contact's name and email, and payment details (those last ones are held by our payment provider).
Purpose: running the subscription, invoicing, and keeping the administration.
Legal basis: performance of the agreement and a legal obligation (our duty to the Tax Administration).
Retention: invoice and payment data for 7 years, as the law requires. Account data for the contract term plus 7 years.
2.4 You contact us or send feedback
Data: your name, email, and your message. For feedback from the extension, also the page you were on, your browser, and who you are.
Purpose: answering your question, helping you, and improving the product. Feedback lands in our internal Slack channel.
Legal basis: performance of the agreement, your consent, or legitimate interest.
Retention: up to 2 years after the last contact, unless the law requires longer.
2.5 You sign up for the newsletter or digests
Data: your email, your name, and your digest settings such as time zone.
Purpose: keeping you posted and sending the digests you signed up for.
Legal basis: your consent. You can unsubscribe through the link in each email.
Retention: as long as you are subscribed.
2.6 The Application processes text (us as processor)
While you type in a supported web application, BeeSensible analyses the text for sensitive data. The text goes to our own servers in the EU, is processed there, and is discarded right away. We do not store it, and we never pass it to an outside AI service. Organisations with stricter requirements can run detection entirely on their own devices; the text then stays on the device.
What we do keep is a set of figures about the detection: the type of sensitive data, the level, the app or website, the time, and what you did with it (mask, replace, remove, or nothing). With that comes an unreadable fingerprint of the detected value, so we do not count the same detection twice within an hour. The original value cannot be read back from it. Full prompts, emails, or chats are not in there. We keep these figures for up to 24 months, then delete them.
When you anonymise a PDF, we process the document temporarily and keep only the number of items removed.
This processing is there for one thing: spotting sensitive data in time and offering you a suggestion. We do not use it to monitor performance, assess people, or train models.
Article 3: Which services do we use?
We bring in a few outside services to run BeeSensible, each under a processor agreement. We do not sell your data.
| Service | What for | Location |
|---|---|---|
| Scaleway | Hosting, database, and storage | EU (Netherlands) |
| Cloudflare | CDN, security, and cookieless analytics | US |
| Hetzner | Server for detection | EU (Germany) |
| Keycloak | Sign-in and accounts | EU |
| Paddle | Billing and subscriptions (Merchant of Record) | UK |
| Brevo | Email, invitations, and digests | EU |
| Google / Microsoft | Sign-in (SSO) | US |
| Slack | Feedback and internal notifications | US |
| GitHub | Hosting of our software images | US |
Article 4: Does your data go outside the EU?
We process your data within the EU as much as we can. Detection and storage run in the EU.
A few services sit outside it. Paddle is in the United Kingdom, which has an adequacy decision from the European Commission. Cloudflare (CDN and analytics), Google, Microsoft, and Slack (sign-in and feedback) are in the US; that transfer relies on the EU-US Data Privacy Framework or on the standard contractual clauses. GitHub only hosts our software images and processes no personal data.
Article 5: How do we secure your data?
We encrypt data in transit and at rest. Access goes only to those who need it for their work. Our infrastructure runs in certified EU data centres, and we have it tested regularly.
Logs hold technical details of a request: the address, the method, the path, the status, and the duration. Message content or typed text does not go in them.
Article 6: What are your rights?
You have the right to access, correct, delete, restrict, object to, and port your data, and to withdraw consent you gave.
This does not apply to the text you type: we do not keep it, so there is no stored version to access or delete.
Send a request to trust@beesensible.eu. We respond within a month and may ask you to confirm your identity. If something does not sit right, you can also turn to the Dutch Data Protection Authority.
Article 7: Automated decisions
BeeSensible makes no automated decisions that affect you. You get a highlight with a suggestion; you decide what to do.
Article 8: Cookies
We use only functional cookies needed to run the site, plus the security cookies set by Cloudflare, our CDN. Our visitor statistics are cookieless: we measure visits without cookies and without tracking you. We do not use tracking or marketing cookies, so there is no consent banner.
Article 9: For organisations deploying BeeSensible
BeeSensible is not built to monitor employees. A product DPIA is available on request at trust@beesensible.eu; your own DPIA stays your responsibility.
Article 10: Changes
We may update this policy. The date at the top shows when we last did. We let you know about material changes.