Privacy

Privacy Policy

How Spyingbee handles your data. Plain language, no surprises.

Last updated: February 2026

TLDR

  • We collect your name, email, and the competitors you track. That's about it.
  • Your data is hosted in the EU (Hetzner, Helsinki).
  • We use one analytics cookie (Google Analytics). You can opt out anytime.
  • We never sell your data. We share it only with the services listed on our sub-processors page.
  • You can delete your account and all your data from your settings page.
  • Questions? Email support@spyingbee.com.

Who we are

Spyingbee is a remote-first competitor monitoring platform. When this policy says "we", "us", or "our", it means Spyingbee as the data controller responsible for your personal data. Contact: support@spyingbee.com.

What we collect

  • Account: name and email when you sign up
  • Service data: competitors you track, your preferences, and AI-generated signal reports
  • Technical: IP address, browser type, and session identifiers (for security)
  • Payment: billing info processed by Stripe. We never see or store your card number.

Why we process it

Under the GDPR, we need a legal basis for each type of processing:

  • To run the service (contract): monitoring competitors, sending notifications, managing your subscription
  • To keep things secure (legitimate interest): abuse prevention, session management, service improvements
  • Analytics (consent): Google Analytics, only if you accept cookies
  • Legal requirements (obligation): tax records, law enforcement requests

Cookies

CookieTypePurposeDuration
sessionEssentialKeeps you logged inSession
_ga, _ga_*AnalyticsGoogle Analytics usage stats2 years

The session cookie is strictly necessary and does not require consent. Analytics cookies are only set if you accept them. We do not use advertising or tracking cookies.

You can withdraw cookie consent at any time by clearing cookies in your browser or using the cookie preferences in the site footer.

Who we share data with

We never sell your data. We only share it with the services needed to run Spyingbee. The full list is on our sub-processors page.

Your data is stored in the EU (Hetzner, Helsinki, Finland). Some sub-processors are US-based (Stripe, Resend). For those transfers, we rely on Standard Contractual Clauses or the EU-US Data Privacy Framework.

How long we keep it

  • Account data: while your account is active, plus 30 days after deletion
  • Monitoring data: while your account is active
  • Activity logs: 90 days
  • Payment records: as required by tax law (typically 7 years)

Your rights

Under the GDPR, you can:

  • Access your data
  • Correct inaccurate data
  • Delete your account and data
  • Export your data in a machine-readable format
  • Object to processing based on legitimate interest
  • Withdraw consent for analytics cookies at any time

To exercise any of these, email support@spyingbee.com. We respond within 30 days.

Security

All connections use TLS encryption. Database connections are encrypted. Access to production systems is restricted. Our infrastructure runs in Hetzner's ISO 27001-certified data center in Helsinki, Finland.

Complaints

If you think we are handling your data incorrectly, please reach out to support@spyingbee.com first. You also have the right to file a complaint with your local data protection authority.

Changes

If we make material changes to this policy, we will notify you by email at least 30 days before they take effect.