GDPR compliance and cyber security
General information
This page provides information about how your use of a Beefree service relates to the EU’s General Data Protection Regulation, or GDPR (GDPR – Official page, GDPR – Wikipedia page).
Some frequently asked questions are included at the bottom of the page. For more high-level information, you can check the Security and Compliance page.
Beefree is a service of Bee Content Design, Inc., a Delaware corporation. Bee Content Design, Inc. acts as a Data Controller under the GDPR (for more information about data controllers and data processors, please click here). Specifically, below please find a description of how your personally identifiable information is handled when our services are used.
Beefree service infrastructure
The entire Beefree system infrastructure is hosted on Amazon Web Services (Ireland region), using multiple instances propagated inside multiple availability zones. The service has been built to scale and support a high number of concurrent sessions. Security of the hosting facilities is managed directly by Amazon (see https://aws.amazon.com/security/).
Bee Content Design, Inc. – which provides the Beefree service – does not directly manage the AWS account, which is managed by its parent company. Specifically, Bee Content Design, Inc. is a business unit within Growens, which is publicly traded on the Italian stock exchange. Everything from internal security policies to the AWS account is managed directly by Growens. As an EU-based company, Growens is particularly committed to GDPR compliance.
Beefree's Starter Plan
How data is processed
When you use the Starter Plan by Beefree – the free version of our drag-and-drop email and landing page builder available at https://beefree.io – we process as Data Controller your email address and message content when you use the “Send a test” feature. Please note that said feature is only intended for you to test the effectiveness of the e-mail template you created and shall not be used to send a test email to a recipient who is not you.
All personal data is handled according to our Privacy Policy.
Beefree (other plans)
How data is processed
When you use Beefree – the email and landing page creation suite available at https://beefree.io/app – we process your name, your email address, your email message content, and your IP address. Additionally, we may also process additional users’ IP addresses and credentials to allow you collaborators to join your projects. Please note that the ‘Send a test’ feature is only intended for you to test the effectiveness of the e-mail template you created and shall not be used to send a test email to a recipient who is not you.
All personal data is handled according to our Privacy Policy.
Beefree SDK
How data is processed
When you use Beefree SDK – i.e. you embed our visual builders inside your software applications – we may access and process as Data Controller your end-users’ IP addresses when they use the Beefree editor’s features within your application to protect the security of our infrastructure. B
Bee Content Design, Inc. is also a Data Controller of your personal data as a Beefree SDK customer, and your information is handled according to our Privacy Policy.
Frequently Asked Questions
Is Beefree acting as Data Controller or Data Processor in the provision of its services?
In the provision of our services (Beefree Wed Builder, Beefree, and Beefree SDK), we don’t process any of your personal data on your behalf. In fact, all data processed through the provision of our services are processed for our primary purposes and through our means and, therefore, according to the Guidelines 07/2020 on the concepts of controller and processor in the GDPR, we act as Data Controller, as explained in the previous sections of this page.
I’m already a Beefree customer: can I appoint Beefree as Data Processor?
No, because we act as Data Controller. Please see the answer to the question immediately above for details.
Where can I find your Privacy Policy?
You can find it on our website at https://beefree.io/privacy-policy/.
I’m interested in purchasing your services: where can I find the Terms of Use?
You can find the Terms of Use for each of our services here:
I’m a previous customer: how can I submit a data deletion request?
Please write an email to privacy@beefree.io. Our operators will handle your request.
Cyber Security
Organizational model
Bee Content Design, Inc. enables advanced and optimized management of cybersecurity risks through the adoption of a Cybersecurity Organizational Model. This model consists of policies and procedures that are structured to ensure that the company's information is protected and that compliance with applicable data protection laws is maintained.
The Cybersecurity Organizational Model is first and foremost an essential mechanism for identifying and analyzing potential vulnerabilities. The defined procedures facilitate a timely and effective response to security incidents, minimizing the impact and ensuring business continuity. In addition, the policies within the model provide clear guidelines for all company employees, promote a culture of security and ensure that all company stakeholders understand their responsibilities in this regard.
The importance of the Cybersecurity Organisational Model is further reinforced by the current context, where cyber threats are constantly evolving and can have significant economic and reputational impacts. The existence of well-structured policies and procedures enables BEE Content Design, Inc. to operate within a secure framework, while assuring its stakeholders and customers of a tangible commitment to data protection and information security. This organizational model is an integral part of the ISO 27001-certified Information Security Management System.
Certifications
ISO 27001
ISO 27001 certification is an international standard for information security management. This standard provides guidelines and general criteria for the implementation, administration, monitoring, maintenance and continuous improvement of an Information Security Management System (ISMS). BEE Content Design, Inc.'s achievement of this certification is not only a certificate of compliance but also demonstrates the company's concrete commitment to protecting its own and its customers' information and data.
ISO 27001 compliance demonstrates that BEE Content Design, Inc. has identified, assessed and minimized information security risks through a systematic and continually updated process.
SOC 2 TYPE II
We are proud to announce that our organisation has achieved SOC 2 Type II certification, a significant milestone that underlines our ongoing commitment to protecting the security, availability and confidentiality of our customers’ information. This recognition, combined with our previous ISO/IEC 27001 certification, validates the effectiveness of our internal controls and information security management practices.
Designed to provide intuitive digital design tools, our platform incorporates rigorous controls to ensure the security of our users’ information at every stage of the creative process. Hosted on Amazon Web Services (AWS), the infrastructure benefits from complementary security controls provided by AWS, as well as specific controls implemented directly by our organisation.
The SOC 2 Type II certification is the result of a thorough examination of our processes and internal controls, conducted over an extended period of time, to ensure that they are effective in meeting our service commitments and system requirements. This recognition underlines our commitment to maintaining the highest standards of security and reliability for our customers and confirms our role as an industry leader in digital design solutions.
Security measures
Security is a priority for BEE Content Design, Inc. and we are constantly striving to protect our users' information. To better understand the breadth and depth of our efforts in this area, some of the key security measures we have implemented are listed below. These measures have been implemented with the aim of providing a safe and secure experience for all our users.
System access principles
At Bee Content Design, Inc., all access to corporate information systems is provided in accordance with the principles of:
- Need to know (users or resources only have access to the systems necessary to fulfill their roles and responsibilities)
- Least Privilege (users or resources have the minimum privileges necessary to fulfill their roles and responsibilities)
- Segregation of duties (authorization criteria are differentiated based on defined areas of responsibility)
Authentication protocols
In order to guarantee the security of internal systems, Bee Content Design, Inc. only allows employees access via an encrypted VPN connection. Once this connection is established, a username and password are required, as well as a second authentication factor such as a temporary code or hardware token. This combination of measures ensures that access to systems is well protected and makes it difficult for potential attackers.
Bee Content Design, Inc. ensures that the passwords chosen by its users are strong and enable multi-factor authentication. In addition, rate-limiting mechanisms are implemented to significantly limit brute-forcing attempts.
Web security and network protection
Bee Content Design, Inc. has implemented a number of security measures to protect its resources and the information of its users. One of these measures is the implementation of a Web Application Firewall (WAF). This tool is specifically designed to protect web applications from common attacks such as SQL injection and cross-site scripting (XSS) attacks. The WAF analyses and filters web traffic in real-time, blocking suspicious or malicious requests before they can reach the application itself.
In addition to the WAF, to further protect the perimeter of the corporate network, BEE Content Design, Inc. has deployed firewalls that support both Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). The IDS monitors network traffic for possible suspicious or malicious activity and reports any anomalies to the security team. Meanwhile, the IPS can actually block or stop malicious traffic, providing an additional layer of defense against potential intrusions.
This combination of solutions reflects BEE Content Design, Inc.'s proactive approach to security: not just trying to detect attacks, but actively preventing any compromise attempts, thus ensuring a safe and reliable digital environment for its users and partners.
Malware protection
Bee Content Design, Inc. uses anti-virus/anti-malware solutions that are regularly updated to detect and counter the latest threats that have emerged in the digital landscape. These solutions are deployed across the organization's devices and systems, ensuring comprehensive protection against potential malicious attacks.
Security monitoring and training
Bee Content Design, Inc. relies on a Security Operation Centre (SOC) that constantly monitors its systems to identify potential threats in a timely manner. Logs are protected from possible alteration or unauthorized access.
Bee Content Design, Inc. staff receive ongoing training in information security. The technical knowledge of each candidate is assessed prior to employment.
Penetration testing and secure development
Regular Vulnerability Assessments (VA) and Penetration Tests (PT) are conducted to identify potential vulnerabilities and validate existing security measures. In addition, static application security testing and software composition analysis are used to identify potential vulnerabilities during code development.
Bee Content Design, Inc. has adopted a secure software development lifecycle policy to ensure that each phase of development includes useful activities to ensure that the software produced is not only functional and efficient but also robust against potential threats and vulnerabilities, thus ensuring data security and end-user confidence.
Protecting data in transit
Recognizing the importance of protecting information during online transmission, Be Content Design, Inc. has adopted the use of HTTPS, a secure protocol for data transmission over the Internet. This protocol acts as a layer of protection, encrypting data transmitted between the server and the client to prevent unauthorized interception or malicious modification. In addition, Bee Content Design, Inc. uses the TLS 1.2 protocol, one of the latest and most secure encryption standards, ensuring that data is protected with the best available technology at every transmission stage.
Backup management
Bee Content Design, Inc. backs up its data daily, using a versioning system to track changes over time. Each backup is encrypted for maximum security. To ensure their reliability, Bee Content Design, Inc. performs regular recovery tests.