Skip to content
BeeShelf
Cataloging Circulation Discovery Pricing Docs
Sign in Get started
Cataloging Circulation Discovery Requests Pricing Docs Sign in

Legal

Privacy PolicyTerms of ServiceData Processing AddendumSub-processorsTrust & Compliance

Trust & Compliance

Last updated 4 July 2026

Schools and libraries hold sensitive data, often about minors. BeeShelf is designed so that meeting your obligations is the default, not extra work. This page explains our posture toward the laws that matter most to institutions. It describes how the product is built and what we commit to — it is not a legal certification, and each institution remains responsible for its own compliance. We’re glad to work through your procurement and security review.

Privacy by design — the foundations

  • Strict tenant isolation. Every institution’s data is separated at the database level (row-level security). One library can never read another’s data — enforced in the database, not just the app.
  • You own and can export your data. One-click export of your full data set, any time, in a portable format. No lock-in.
  • Opt-out of tracking. Reading personalization can be turned off — by an individual member, or institution-wide (popularity-only mode, zero behavioural tracking).
  • Retention you control. Choose whether reading history is kept and for how long; purge old records automatically.
  • Security basics done right. Encryption in transit and at rest, salted-hash passwords, email verification, rate-limited sign-ins, role-based access.
  • EU data residency. Primary data is hosted in the European Union (Frankfurt).
  • No selling data, no ads. We never sell personal data and don’t run advertising.

FERPA (US — student education records)

Where BeeShelf holds student library records for a US school, the school is the controller of those education records and BeeShelf acts under the school’s direction. BeeShelf is designed to operate on the “school official” basis: we use student data only to provide the service the school has engaged us for, under its control; we don’t use it for our own purposes; we don’t re-disclose it; and the school can access, export, correct, and delete records, and have data returned or deleted when the relationship ends. Our DPA puts these commitments in writing.

COPPA (US — children under 13)

BeeShelf is provided to institutions and is not directed at or marketed to children. Where children under 13 use BeeShelf, they do so through their school, which may provide consent on parents’ behalf for the educational context (the school-consent model). In support of this: we collect only the data needed to run a library; we do not use children’s data for behavioural advertising or sell it; personalization can be switched off entirely; and the institution controls and can delete the data.

GDPR / UK GDPR (EU / UK)

  • Clear roles. The institution is the controller of its library data; BeeShelf is the processor, acting on documented instructions.
  • A DPA ready to sign (Art. 28 processor terms), including security measures, breach notification, and sub-processor commitments.
  • Data-subject rights supported in-product: access & portability (export), correction, deletion, retention control, and objection to personalization.
  • EU hosting, with published sub-processors and Standard Contractual Clauses for any transfers outside the EU/EEA.
  • Lawful bases documented in our Privacy Policy.

Being straight about what we don’t yet have

We’d rather be honest than overstate. BeeShelf does not currently hold formal third-party certifications such as SOC 2 or ISO 27001, and has not yet completed an independent penetration test. Security is engineered into the product’s foundations, and these are on our roadmap as we grow. If your procurement needs a specific attestation, tell us — we’ll be transparent about where we are and work with you.

BeeShelf is operated by iBX Design Consultancy (Dubai Silicon Oasis, United Arab Emirates) and observes applicable data-protection law, including the UAE Personal Data Protection Law, in addition to supporting our customers’ obligations under the laws above.

Talk to us

Running a procurement or security review? Email hello@beeshelf.com and we’ll help you through it — including a signable DPA.

BeeShelf

A library system built around the reason the library exists.

Product

Cataloging Circulation Discovery Requests Pricing Documentation

Get going

Get started See the live demo Sign in

Company

Contact Privacy Terms Trust & Compliance
© 2026 BeeShelf · an iBX product Made for the libraries the big systems forgot.