Back to FundyBee

Legal & policies

How FundyBee works, what we do with your data, and the terms you agree to when you use the service.

Template. Review with legal counsel before relying on it. This document is a good-faith starting point for an EU SaaS operating from Greece. It is not legal advice. Replace every value shown in square brackets and have a qualified lawyer review it for your circumstances.

Privacy Policy

Effective date: [EFFECTIVE DATE, e.g. 1 July 2026]

Contents

  1. 1. Controller identity
  2. 2. What data we collect
  3. 3. Purposes and lawful bases
  4. 4. Partner organisation data
  5. 5. AI processing & sub-processors
  6. 6. Hosting & international transfers
  7. 7. Retention
  8. 8. Your rights
  9. 9. Security
  10. 10. Cookies
  11. 11. Changes
  12. 12. How to contact us

1. Controller identity

The controller for personal data processed through FundyBee is Innovation Bee, established in Greece ([REGISTERED ADDRESS: street, postcode, city, Greece], company no. [COMPANY / GEMI REGISTRATION NUMBER], VAT [VAT / ΑΦΜ NUMBER]).

For privacy questions, data-subject requests, or to reach our data protection contact, email [DPO / PRIVACY CONTACT EMAIL, e.g. privacy@fundybee.eu]. Because Innovation Bee is established in Greece, within the European Economic Area, no GDPR Article 27 EU representative is required, as the controller is itself established in the EEA.

2. What data we collect

CategoryExamples
Account dataName, email, password (hashed by our auth provider), workspace/team membership, role.
Proposal contentThe text, objectives, activities, budgets and other content you create or upload for your applications.
Partner organisation dataDetails of partner organisations and their contacts you add to your partner library (e.g. organisation name, PIC, contact name and email). See section 4.
AI usage logsRecords of AI requests (such as prompts, the proposal context sent, timestamps and token usage) used to operate, debug, secure and meter the Service.
Billing dataRecords of proposals purchased and amounts. Card details are handled by our payment provider, not stored by us.
Technical dataIP address, device/browser information and essential-cookie identifiers needed to keep you signed in and the Service secure.

3. Purposes and lawful bases

PurposeLawful basis (GDPR Art. 6)
Provide the Service: accounts, drafting, scoring, partners, billing.Performance of a contract (Art. 6(1)(b)).
Security, abuse prevention, debugging, and improving reliability.Legitimate interests (Art. 6(1)(f)).
Comply with legal, accounting and tax obligations.Legal obligation (Art. 6(1)(c)).
Service and (where applicable) optional product communications.Legitimate interests, or consent (Art. 6(1)(a)) where required.

We do not use special-category data for the Service and ask that you do not enter it. We do not sell personal data, and we do not use it for automated decision-making that produces legal effects on you.

4. Partner organisation data

Your workspace may store details of partner organisations and their contacts. As a rule, partner contact data is managed at the organisation leveland is shared within your workspace so your team can collaborate. You are responsible for having a lawful basis to add a partner’s contact details and for honouring their rights. For that processing you may act as a controller and we as a processor. See our Data Processing Agreement summary.

5. AI processing & sub-processors

To draft and score proposals, relevant content is sent to our AI sub-processor for processing. We engage the following sub-processors:

Sub-processorRoleLocation
SupabaseDatabase hosting & authentication.European Union.
AnthropicAI model provider (proposal drafting & scoring).Processed under contractual terms. See below.
[PAYMENT PROVIDER]Payment processing.[REGION].
[EMAIL PROVIDER]Transactional email (e.g. invitations, support).[REGION].

Our intended contractual terms with our AI sub-processor provide that your content is not used to train their models and is processed only to return results to you. Where any sub-processor is outside the EEA, transfers are protected by appropriate safeguards (see section 6). We keep a current list of sub-processors and will give notice of material changes.

6. Hosting & international transfers

Your account, proposals and partner data are hosted in the European Union. Where a sub-processor processes data outside the EEA, we rely on appropriate safeguards under the GDPR, principally the European Commission’s Standard Contractual Clauses (SCCs), together with supplementary measures where needed. You can request more information about the safeguards in place using the contact details below.

7. Retention

We keep your data for as long as your account is active and as needed to provide the Service. After you delete content or close your account, we delete or anonymise personal data within a reasonable period, except where we must retain certain records (for example, billing records for statutory accounting periods) or to establish, exercise or defend legal claims.

8. Your rights

Subject to the GDPR, you have the right to:

  • access your personal data and obtain a copy / export (Art. 15).
  • rectify inaccurate data (Art. 16).
  • erase your data (Art. 17).
  • restrict or object to processing (Arts. 18 & 21).
  • data portability (Art. 20).
  • withdraw consent at any time, where processing is based on consent.

You can exercise the main rights yourself from the in-app privacy controls under Account → Privacy (export and deletion), or by emailing [DPO / PRIVACY CONTACT EMAIL, e.g. privacy@fundybee.eu]. You also have the right to lodge a complaint with a supervisory authority. In Greece, this is the Hellenic Data Protection Authority (HDPA / Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα).

9. Security

We apply technical and organisational measures appropriate to the risk, including row-level security for multi-tenant isolation (so other accounts cannot see your data), encryption in transit, access controls, and EU hosting. No system is perfectly secure, but we work to protect your data and to notify you and the relevant authority of a personal-data breach where the GDPR requires.

10. Cookies

We use only essential cookies needed to sign you in and keep the Service working. There is no analytics or advertising cookie. See our Cookie Policy for the full list.

11. Changes

We may update this policy. Material changes will be notified by email or an in-app notice before they take effect. The effective date above shows the current version.

12. How to contact us

Innovation Bee, [REGISTERED ADDRESS: street, postcode, city, Greece]. Privacy contact: [DPO / PRIVACY CONTACT EMAIL, e.g. privacy@fundybee.eu]. General support: support page or support@fundybee.eu.