What this policy covers.
Studio b. ("we," "us," "our") is an operator-owned holding company that runs a portfolio of products and publications. This policy describes how we collect, use, and protect information when you use any Studio b. surface listed below.
We collect only what is required to deliver the surface you're using, and we never sell your data. Where a third party processes data on our behalf, we name them and the data shared.
Products and publications.
This policy applies to the following Studio b. surfaces:
- ProductAcuOps — Acumatica DevOps platform at acuops.com. Continuous monitoring, CI/CD for customizations, post-publish validation.
- ProductBolt — Continuous-goods WMS at bolt.b.studio. Order processing, inventory, and warehouse operations on top of Acumatica.
- ProductAmplify — Engagement platform at amplify.b.studio. Scores LinkedIn intent, drafts content in your calibrated voice, and routes every action through a Slack approval before publishing — with an HMAC-chained audit ledger of every step.
- PortalEnhancement Portal — Customer-facing portal for change requests and training documentation.
- NewsletterMarkdown, by Studio b. — Operator-facing newsletter at markdown.b.studio.
- NewsletterStudio b. LMMI — LP-facing publication at lmmi.b.studio, including the open Lower Middle Market Direct Lending Index.
- SurfaceInvest with us — LP entry surface at invest.b.studio. Rule 506(c) accreditation flow for Studio b. LMM Bridge Fund I.
- Siteb.studio — The firm site you're reading now.
Connecting to your Acumatica.
AcuOps and Bolt connect to a customer's Acumatica ERP instance via the Acumatica REST and SOAP APIs to deliver monitoring, deployment, and warehouse operations.
- API credentials are stored encrypted in our hosting platform's environment-variable system. They are never committed to source control and never shared between customers.
- Read-only API access is used for monitoring and validation. Write access is used for CI/CD deployments and warehouse transactions only with explicit customer authorization.
- Schema snapshots and lookup caches are stored in our application database and Redis with bounded retention.
- Order and inventory records processed by Bolt are persisted in our application database for the duration of the customer engagement and are scoped per tenant.
- Health-check and deploy-history data is retained for 90 days for trend analysis and incident review.
Engagement intelligence with an approval gate.
Amplify is a horizontal LinkedIn engagement engine sold to agencies and individual operators. The full loop is: discover public engagement signals on LinkedIn (and other platforms as they're added), score them for intent, draft a response in the operator's calibrated voice, and route every draft through a Slack approval before anything publishes. Nothing publishes without an explicit approve action; every step is recorded on an HMAC-chained, append-only audit ledger.
Discovery runs on public platform content via Bright Data residential infrastructure plus Playwright — never the operator's logged-in session, never private content. Publish actions, when they're enabled, run through official platform APIs (LinkedIn Community Management API, etc.) as the operator's authenticated identity.
Amplify persists, per tenant: the calibrated voice and brand profile, the discovered signal records, the per-signal intent scores, the drafts (approved and rejected) with the model used, the approval transcript (who approved, when, in which Slack channel), and the audit ledger. Tenants are scoped per brand; one tenant's signals, drafts, and approvals are not visible to another.
Markdown and LMMI.
Both newsletters are hosted on beehiiv. When you subscribe, we collect:
- Email address (required to deliver the newsletter)
- IP address and basic browser metadata at signup (for spam and abuse prevention; collected by beehiiv)
- Open and click events from emails you receive (used to gauge interest and improve future issues)
You can unsubscribe from either newsletter at any time using the unsubscribe link in the footer of every issue. Unsubscribing removes you from the active send list immediately. We do not share newsletter subscriber lists with third parties or use them to seed advertising audiences.
Accreditation and LP intake.
The Invest surface at invest.b.studio is the entry point for prospective limited partners in Studio b. LMM Bridge Fund I. Fund I is offered under SEC Rule 506(c), which permits public solicitation but requires verified accredited status before subscription.
If you submit the LP inquiry form, we collect the information you provide (name, email, accreditation status, ticket interest, and any notes you share) into our customer-relationship system, which is HubSpot. This information is used only to evaluate fit and progress an inquiry to the appropriate next step, which may include accreditation verification by a third-party verifier and review of subscription documents.
If you grant consent on the form, we may also send you Studio b. LMMI issues. You can withdraw that consent at any time via the unsubscribe link in any issue.
Customer change requests.
The Enhancement Portal collects change requests, training questions, and feedback from authenticated users at customer organizations. Authentication is via single sign-on through the customer's identity provider (Microsoft Entra ID for current customers).
The portal stores: the request body, attachments you provide, the requesting user's identity (name, email, role within the customer organization), and the lifecycle state of the request. Requests are scoped per customer; users at one customer cannot see requests from another.
Storage and security.
- All data is transmitted over HTTPS / TLS-encrypted connections.
- Backend services are hosted on Railway with infrastructure-level encryption at rest.
- API credentials and secrets are stored in environment-variable systems, never committed to source control, and rotated on a defined cadence.
- Access to production systems is scoped per role; not all staff have access to customer data.
- We conduct periodic security reviews including credential rotation, permission scoping, and dependency-vulnerability scanning.
Who processes data on our behalf.
The following third parties process data on our behalf to deliver Studio b. surfaces. We do not sell, rent, or trade data to third parties; data shared with the processors below is used only to deliver the listed function.
| Processor | Function | Data shared |
|---|---|---|
| Railway | Application hosting | Application logs, metrics, and the operational data each surface persists |
| Anthropic (Claude) | AI capabilities inside Studio b. products | Task-scoped inputs (prompts, document fragments, code) — never persisted at Anthropic for training |
| HubSpot | Customer-relationship management for AcuOps, Bolt, and Invest inquiries; lead routing for Amplify | Contact details, interaction history, deal/ticket records, Amplify signal/score upserts |
| beehiiv | Newsletter delivery (Markdown, LMMI) | Subscriber email, name (optional), engagement events |
| Slack | Internal notifications, customer-facing channels, and Amplify approval routing | Operational notifications, messages you send to a Studio b. channel, Amplify approval transcripts |
| Bright Data | Residential infrastructure for Amplify discovery on public platform content | Outbound requests to public LinkedIn (and other platform) URLs — no Studio b. credentials shared |
| LinkedIn (CMAPI) | Publishing reactions, comments, and posts on behalf of Amplify operators | The drafted, operator-approved content and the operator's LinkedIn auth (held by LinkedIn, not by us) |
| Microsoft Entra ID | Single sign-on for the Enhancement Portal and internal surfaces | User identity attributes (email, name, group membership) |
| Google Workspace | Email correspondence with Studio b. staff | Email content addressed to or from Studio b. addresses |
How long we keep things.
- Operational records inside AcuOps and Bolt are retained for the duration of the customer engagement and for the period required to meet contractual and legal obligations after engagement ends.
- Amplify signal records, scores, drafts, and approval transcripts are retained for the duration of the customer engagement. The HMAC-chained audit ledger is append-only and retained for the contractual audit window agreed at signup.
- Newsletter subscriber records are retained until you unsubscribe, after which the active send record is removed and only suppression metadata is kept (so we don't accidentally email you again).
- HubSpot CRM records are retained for the lifetime of the relationship and pruned per our internal retention schedule.
- Application logs are retained for 30 days unless required longer for incident review.
- Analytics and email-engagement records are retained for up to 24 months.
Access, deletion, portability.
You have the right to:
- Request access to information we hold about you or your organization.
- Request correction or deletion of your information.
- Opt out of newsletter subscriptions at any time.
- Request a copy of your information in a portable format.
To exercise any of these rights, write to hello@b.studio from the address on file. We respond within 30 days.
How we update.
We may update this policy. Material changes will be communicated via the affected surface (in-app notice for product surfaces, or a footer notice on b.studio) before they take effect. The Effective date at the top of this page reflects the most recent revision.
Questions: hello@b.studio.