Beehuman — a service of Hackberry Bay AB

Privacy Policy

Last updated: 17 April 2026

This Privacy Policy explains how Hackberry Bay AB ("Hackberry", "we", "us") collects, uses, and shares personal data and customer data when you use Beehuman (the "Service"). Beehuman is a brand operated by Hackberry Bay AB, a company registered in Sweden.

We have tried to keep this document short and readable. If anything here is unclear, contact us at the address at the end of this policy.

1. Who we are

Hackberry Bay AB is the data controller for personal data processed in connection with Beehuman. Our contact details are at the end of this policy.

2. What this policy covers

This policy covers data we process when you:

  • Visit our websites, including hackberry.se and the Beehuman website.
  • Create an account or communicate with us about the Service.
  • Use Beehuman, including when our AI developers ("Bees") act on tasks in your tools.

It does not cover third-party services you connect to Beehuman (for example GitHub, Linear, Jira, Figma, Slack, or Notion). Those services have their own privacy policies.

3. What data we collect

3.1 Account and contact data

When you sign up or contact us, we collect information such as your name, work email, company name, role, and any messages you send us.

3.2 Customer content

To do its job, a Bee needs access to the tools and content you connect to it. This typically includes:

  • Source code in your Git repositories, including branches, commits, and pull requests.
  • Tickets, issues, and comments in tools such as Linear, Jira, or Notion.
  • Design files and comments in tools such as Figma.
  • Messages in channels or threads where the Bee is invited, for example in Slack.

We refer to this collectively as "Customer Content". Customer Content may contain personal data about you, your team, or third parties. You remain the controller of Customer Content; Hackberry acts as processor on your behalf.

3.3 Usage data

We collect technical data about how the Service is used, such as log data, task metadata, pull request metadata, error reports, and performance metrics. This helps us run the Service, debug issues, and improve the Bees.

3.4 Data from AI providers

Bees are powered by large language models from third-party AI providers (see section 6). When a Bee performs a task, relevant parts of your Customer Content are sent to the AI provider so the model can generate code and other outputs. The outputs are returned to us and then to your tools (for example as a pull request).

4. Why we process data

We process data to:

  • Provide the Service — including letting Bees pick up tasks, access repositories, write code, and open pull requests.
  • Operate the managed service — monitoring Bees, handling incidents, and providing support.
  • Maintain and improve the Bees — including tuning prompts, patterns, and integrations so the Bees produce better work over time.
  • Communicate with you — about your account, support requests, and important changes to the Service.
  • Comply with legal obligations — such as bookkeeping, tax, and responding to lawful requests.
  • Protect the Service — detecting abuse, fraud, or security threats.

5. Legal basis (for EU/EEA users)

Where the GDPR applies, we rely on the following legal bases:

  • Contract — to provide the Service to you under our Terms of Service.
  • Legitimate interests — to operate, secure, and improve the Service, and to communicate with customers.
  • Legal obligation — to meet Swedish and EU law, including accounting and tax requirements.
  • Consent — where we ask for it, for example for certain marketing emails.

6. Who we share data with

We only share data with parties that help us run the Service, or where we are required to by law.

6.1 Anthropic and other AI providers

Beehuman uses AI models to generate code and perform tasks. By default, Bees run on Anthropic's Claude models. This means relevant Customer Content — for example code, tickets, and task context — is sent to Anthropic so the model can produce an output. Anthropic processes this data under its own terms and privacy commitments for API customers. If you want a different setup (for example EU-only hosting or a different model provider), contact us to discuss a Custom Bee deployment.

6.2 Infrastructure and tooling providers

We use trusted service providers for hosting, monitoring, error tracking, email, and similar functions. These providers act as our subprocessors and may process data on our behalf. The default hosting region for the Bee package is the United States.

6.3 Hackberry staff

As part of the managed service, Hackberry personnel may access Customer Content to set up Bees, investigate incidents, fix issues, and improve the Service. All Hackberry personnel are bound by confidentiality obligations, and Hackberry operates under a non-disclosure agreement (NDA) with its customers as standard.

6.4 Legal and safety

We may share data where we are legally required to — for example in response to a valid legal request — or where necessary to protect our rights, users, or the Service.

6.5 No sale of personal data

We do not sell personal data.

7. International transfers

By default, the Bee package is hosted in the United States, and Anthropic processes data in the United States. This means your data, including Customer Content, may be transferred to and processed outside the EU/EEA.

When we transfer personal data outside the EU/EEA, we rely on appropriate safeguards, typically the European Commission's Standard Contractual Clauses and the contractual commitments of our providers.

If you require EU-only processing, this can be arranged as part of a Custom Bee or Custom Hive deployment. Please contact us.

8. How long we keep data

We keep data for as long as we need it to provide the Service and meet our legal obligations.

  • Account data is kept for the life of your account and for a reasonable period after termination.
  • Customer Content is kept while your Bee needs it to work, and deleted or returned after termination of the Service, in line with your agreement with us.
  • Logs and usage data are kept for a limited period for debugging, security, and service improvement.
  • Invoicing and accounting records are kept for the period required by Swedish law (currently seven years).

9. Security

We take reasonable technical and organisational measures to protect data against loss, misuse, and unauthorised access. This includes access controls, encryption in transit, logging, least-privilege access for Hackberry personnel, and NDAs for staff and contractors.

No system is perfectly secure. If we become aware of a security incident affecting your data, we will notify you in line with applicable law.

10. Your rights

If you are in the EU/EEA, you have rights under the GDPR, including the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Request deletion in certain circumstances.
  • Object to or restrict certain processing.
  • Receive your data in a portable format.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority — in Sweden, the Swedish Authority for Privacy Protection (IMY).

Where we process data on behalf of a customer (as a processor), please direct requests to that customer first. We will support them in responding.

11. Children

Beehuman is a business service and is not intended for children under 16. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service before the changes take effect.

13. Contact us

If you have questions about this policy or how we process data, contact us at:

Hackberry Bay AB
Email: [email protected]
Website: https://hackberry.se