Last updated: June 4, 2026
Applies to users worldwide. Compliant with NJDPA · GDPR · CCPA/CPRA.
Table of Contents
HE TRADE LLC ("Company", "we", "us", "our"), a limited liability company organized under the laws of the State of New Jersey, USA, operates the BeeAgent platform accessible at getbeeagent.com ("Platform"). We are committed to protecting the privacy and security of your personal information.
This Privacy Policy explains how we collect, use, disclose, and protect personal information when you access or use our Platform. It applies to all users worldwide and is written in compliance with the following applicable laws:
• **New Jersey Data Privacy Act (NJDPA)**, P.L.2023, c.266, effective January 15, 2025 — applies to New Jersey residents.
• **EU General Data Protection Regulation (GDPR)**, Regulation (EU) 2016/679 — applies to residents of the European Union and European Economic Area.
• **California Consumer Privacy Act (CCPA)**, as amended by the California Privacy Rights Act (CPRA) — applies to California residents.
Please read this policy carefully. By using the Platform, you acknowledge that you have read and understood this Privacy Policy.
The data controller responsible for the processing of your personal information is:
HE TRADE LLC
State of New Jersey, United States of America
Privacy Contact:
📧 privacy@getbeeagent.com
🌐 getbeeagent.com
For GDPR purposes, HE TRADE LLC acts as the data controller for personal data of EU/EEA residents. For CCPA/CPRA purposes, HE TRADE LLC is the "business" as defined under California law. For NJDPA purposes, HE TRADE LLC is the "controller" as defined under New Jersey law.
We collect the following categories of personal information when you use the Platform:
3.1 Account Data
• Full name
• Email address
• Password (stored as a one-way bcrypt hash — we never store plaintext passwords)
• Account creation date and subscription status
3.2 Beekeeping Data
• Apiary and hive information (name, GPS coordinates or manually entered location, health notes, health scores)
• Voice notes and their AI-generated transcriptions
• AI-generated weekly analysis reports
• Harvest records and migration plans
3.3 Payment Data
All payment transactions are processed by Stripe, Inc. HE TRADE LLC does not store or have access to your full credit card number, CVV, or card expiry. We retain only the Stripe Customer ID associated with your account for subscription management purposes. Stripe's own privacy policy (stripe.com/privacy) governs the handling of your payment data.
3.4 Usage and Technical Data
• IP address
• Browser type and version, operating system, device type
• Dates, times, and frequency of Platform access
• Pages visited and features used
• Referring URLs
3.5 Location Data
Your apiary coordinates (entered manually or via map selection) are used solely to retrieve local weather forecasts and regional flora calendar data. We do not use this data for advertising or share it with third parties beyond the weather/calendar service providers listed in Section 6.
3.6 Google Calendar Integration Data
If you authorize Google Calendar integration, we store an OAuth 2.0 access token and refresh token for the sole purpose of creating and managing BeeAgent-generated tasks in your calendar. We read and write only BeeAgent-specific calendar events and do not access, read, or process any other calendar data.
3.7 Communications Data
If you contact us via the contact form or email, we retain the content of your message and your contact information for the purpose of responding to your inquiry.
We use the personal information we collect for the following purposes:
1. **Service Delivery** — Providing weekly AI-powered beekeeping analysis, hive health scoring, voice note transcription, and personalized action plans.
2. **Google Calendar Integration** — Pushing weekly tasks and recommendations to your authorized Google Calendar.
3. **Payment Processing** — Managing your subscription, processing charges, and handling billing inquiries through Stripe.
4. **Customer Support** — Responding to your questions, feedback, and support requests.
5. **Platform Security** — Detecting unauthorized access, abuse, fraud, and other malicious activity.
6. **Service Improvement** — Analyzing aggregated, anonymized usage statistics to improve Platform features and performance.
7. **Legal Compliance** — Meeting our obligations under applicable laws, including tax and accounting record-keeping.
8. **Transactional Communications** — Sending you account-related emails (e.g., subscription confirmation, password reset, service notifications). We do not send unsolicited marketing emails without your explicit consent.
5.1 For EU/EEA Users — GDPR Legal Bases
We process your personal data under the following lawful bases as defined in GDPR Article 6:
• **Contract Performance (Art. 6(1)(b))**: Processing necessary to provide the services you have subscribed to, including account creation, AI analysis, and calendar sync.
• **Legitimate Interests (Art. 6(1)(f))**: Platform security, fraud prevention, and improving service quality, where such interests are not overridden by your rights and freedoms.
• **Legal Obligation (Art. 6(1)(c))**: Processing required to comply with applicable laws, including financial and tax record-keeping.
• **Consent (Art. 6(1)(a))**: Where we rely on consent (e.g., optional marketing communications), you may withdraw it at any time without affecting the lawfulness of prior processing.
Where we process special categories of data (none currently), we will obtain explicit consent as required by GDPR Article 9.
5.2 For New Jersey Users — NJDPA
Under the New Jersey Data Privacy Act, we process your personal data for the purposes described in Section 4 above. We do not sell your personal data to third parties, nor do we process it for purposes of targeted advertising without providing you a clear opportunity to opt out.
5.3 For California Users — CCPA/CPRA
Under the California Consumer Privacy Act and California Privacy Rights Act, we process your personal information for the business purposes described in Section 4. We do not sell personal information as defined under the CCPA. We do not share personal information for cross-context behavioral advertising without consent.
We engage the following third-party service providers to operate the Platform. Each provider acts as a data processor (under GDPR) or service provider (under CCPA/NJDPA) and may access your personal information only to the extent necessary to perform their specific service.
All providers are contractually required to process your data only for the stated purposes and to implement appropriate security measures. We do not sell, rent, or disclose your personal information to third parties for their own marketing purposes.
We may disclose personal information if required by law, court order, or lawful request by government authorities, or to protect the rights, property, or safety of HE TRADE LLC, our users, or the public.
We retain personal information only as long as necessary for the purposes described in this policy, or as required by law:
• **Account data** (name, email, password hash): Retained for the duration of your account. Deleted within 30 days following a verified account deletion request, except where retention is required by law.
• **Beekeeping data** (hive notes, reports, voice transcriptions): Deleted immediately upon account deletion or upon your specific deletion request.
• **Payment records** (Stripe Customer ID, subscription history, invoices): Retained for 7 years as required by U.S. tax and financial record-keeping laws.
• **Server logs** (IP addresses, access times): Retained for 90 days for security and abuse prevention purposes.
• **Google Calendar OAuth tokens**: Deleted immediately upon you revoking calendar integration access or deleting your account.
• **Support communications**: Retained for 2 years following resolution of your inquiry.
Upon expiration of the applicable retention period, data is securely deleted or irreversibly anonymized.
HE TRADE LLC implements the following technical and organizational security measures to protect your personal information:
• **Encryption in transit**: All data transmitted between your browser and our servers is protected via HTTPS/TLS.
• **Encryption at rest**: Database contents are encrypted at the infrastructure level by Supabase.
• **Password security**: Passwords are hashed using the bcrypt algorithm with a cost factor designed to resist brute-force attacks. Plaintext passwords are never stored.
• **Authentication**: JWT-based session tokens with configurable expiry are used for user authentication.
• **Access controls**: Access to production databases and infrastructure is restricted to authorized personnel on a need-to-know basis.
• **Third-party security**: All service providers are evaluated for their security certifications and compliance programs (e.g., SOC 2, ISO 27001 where applicable).
• **Regular updates**: We apply security patches and dependency updates on a regular basis.
No security system is completely impenetrable. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and, where required, the relevant supervisory authority within the legally mandated timeframe.
Depending on your location, you may have the following rights regarding your personal information. To exercise any of these rights, contact us at privacy@getbeeagent.com.
9.1 Rights for EU/EEA Residents (GDPR)
• **Right of Access (Art. 15)**: Request a copy of the personal data we hold about you.
• **Right to Rectification (Art. 16)**: Request correction of inaccurate or incomplete data.
• **Right to Erasure / Right to be Forgotten (Art. 17)**: Request deletion of your personal data, subject to legal retention obligations.
• **Right to Restriction of Processing (Art. 18)**: Request that we limit how we process your data in certain circumstances.
• **Right to Data Portability (Art. 20)**: Receive your personal data in a structured, commonly used, machine-readable format.
• **Right to Object (Art. 21)**: Object to processing based on legitimate interests or for direct marketing.
• **Rights Related to Automated Decision-Making (Art. 22)**: Not be subject to solely automated decisions that produce significant legal or similar effects.
• **Right to Withdraw Consent**: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
We will respond to GDPR requests within 30 calendar days. This may be extended by up to 60 additional days where requests are complex or numerous, with notice provided.
You also have the right to lodge a complaint with your local EU/EEA Data Protection Authority (DPA). A list of DPAs is available at: edpb.europa.eu/about-edpb/about-edpb/members_en
9.2 Rights for California Residents (CCPA/CPRA)
• **Right to Know**: Request disclosure of the categories and specific pieces of personal information collected, used, disclosed, or sold over the past 12 months.
• **Right to Delete**: Request deletion of personal information we have collected from you, subject to certain exceptions.
• **Right to Correct**: Request correction of inaccurate personal information.
• **Right to Opt-Out of Sale or Sharing**: We do not sell or share your personal information for cross-context behavioral advertising. If this practice changes, you will have the right to opt out.
• **Right to Limit Use of Sensitive Personal Information**: We do not use sensitive personal information beyond what is necessary to provide the service.
• **Right to Non-Discrimination**: We will not discriminate against you for exercising your CCPA/CPRA rights.
We will respond to verifiable consumer requests within 45 calendar days. We may extend by an additional 45 days where reasonably necessary, with prior notice.
To submit a request, email privacy@getbeeagent.com from the email address associated with your account.
9.3 Rights for New Jersey Residents (NJDPA)
Under the New Jersey Data Privacy Act (P.L.2023, c.266), New Jersey residents have the right to:
• **Access**: Confirm whether we process your personal data and obtain a copy.
• **Correction**: Correct inaccuracies in your personal data.
• **Deletion**: Delete personal data you have provided to us or that we have collected about you.
• **Data Portability**: Obtain a portable copy of your personal data in a format that is technically feasible.
• **Opt-Out of Sale**: Opt out of the sale of personal data to third parties. We do not currently sell personal data.
• **Opt-Out of Targeted Advertising**: Opt out of processing for purposes of targeted advertising. We do not currently engage in targeted advertising using your personal data.
• **Opt-Out of Profiling**: Opt out of profiling for decisions that produce legal or similarly significant effects.
Response timeline: We will respond to opt-out requests within 15 business days. We will respond to access, correction, deletion, and portability requests within 45 calendar days, extendable by an additional 45 days with notice.
Appeals: If we decline to act on your request, you may appeal by contacting privacy@getbeeagent.com with the subject line "Privacy Rights Appeal." We will respond to appeals within 60 days. If your appeal is denied, you may contact the New Jersey Division of Consumer Affairs at njconsumeraffairs.gov.
HE TRADE LLC is based in New Jersey, USA. Your personal information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States and countries where our service providers operate.
For EU/EEA Users: Transfers of personal data outside the EEA are conducted with appropriate safeguards in accordance with GDPR Chapter V, including:
• Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.
• Reliance on adequacy decisions.
• Other transfer mechanisms permitted under GDPR.
By using the Platform, you acknowledge that your data may be transferred to and processed in the United States, which may not have the same level of data protection laws as your home country.
The Platform is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal information from a child under 16, we will take immediate steps to delete that information.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@getbeeagent.com.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. The "Last Updated" date at the top of this page will always reflect the most recent revision.
For material changes, we will provide notice by:
• Sending an email to your registered email address, and/or
• Displaying a prominent notice on the Platform.
Your continued use of the Platform after the effective date of a revised policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you must stop using the Platform and may request deletion of your account.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
📧 privacy@getbeeagent.com
🏢 HE TRADE LLC, New Jersey, USA
🌐 getbeeagent.com
We take all privacy inquiries seriously and aim to respond promptly. For formal rights requests, please include your full name and the email address associated with your account so we can verify your identity.
© 2025 HE TRADE LLC. All rights reserved.