Data Processing Agreement: summary
This page summarises, in plain language, how Innovation Bee processes personal data in connection with FundyBee. It complements our Privacy Policy. A full Data Processing Agreement (DPA) for signature is available on request to [DPO / PRIVACY CONTACT EMAIL, e.g. privacy@fundybee.eu].
Contents
1. Roles
Roles depend on the data in question:
- For your own account data and your use of the Service, Innovation Bee acts as a controller (see the Privacy Policy).
- For partner organisation and contact data, and other personal data you put into your proposals, your organisation is typically the controller and Innovation Bee acts as a processor, processing that data only on your documented instructions to provide the Service.
Where Innovation Bee acts as a processor, it will not process the data for its own purposes and will process it only as needed to deliver the Service or as required by EU or Member State law.
2. Scope of processing
| Element | Detail |
|---|---|
| Subject matter | Provision of the FundyBee proposal co-pilot. |
| Duration | For the term of your use of the Service, plus retention periods in the Privacy Policy. |
| Nature & purpose | Storing, drafting, scoring and organising proposal and partner content. |
| Data categories | Account identifiers, partner organisation/contact details, proposal content, usage logs. |
| Data subjects | Your team members and partner-organisation contacts you add. |
3. Sub-processors
We use a small set of vetted sub-processors and remain responsible for their performance. Current sub-processors:
| Sub-processor | Service | Location |
|---|---|---|
| Supabase | Database hosting & authentication | European Union |
| Anthropic | AI model provider for proposal drafting & scoring (intended terms: no training on your data) | Contractual safeguards / SCCs as applicable |
| [PAYMENT PROVIDER] | Payment processing | [REGION] |
| [EMAIL PROVIDER] | Transactional email | [REGION] |
We will give notice of new or replacement sub-processors so you can object on reasonable data-protection grounds.
4. Security measures
- Multi-tenant isolation using Postgres row-level security, so one account cannot read another’s data.
- EU hosting of the database and authentication.
- Encryption in transit (TLS) and access controls on administrative access.
- Authentication handled by a dedicated provider, with passwords never stored in plaintext.
- Logging and monitoring for security and abuse prevention.
5. International transfers & SCCs
Primary processing and storage take place in the European Union. Where a sub-processor processes personal data outside the EEA, the transfer is covered by the European Commission’s Standard Contractual Clauses (SCCs) and, where appropriate, supplementary technical and organisational measures. Because Innovation Bee is established in Greece (within the EEA), a GDPR Article 27 representative is not applicable.
6. Assistance & breach notification
As processor, we will provide reasonable assistance with data-subject requests, data protection impact assessments and prior consultations, and will notify you without undue delay after becoming aware of a personal-data breach affecting data we process on your behalf.
7. Return & deletion
On termination, or on your instruction, we will delete or return the personal data we process on your behalf, subject to any legal retention requirement. In-app controls for export and deletion are available under Account → Privacy.
8. Contact
To request the signable DPA or ask a question, email [DPO / PRIVACY CONTACT EMAIL, e.g. privacy@fundybee.eu].