Privacy Policy

Last updated: March 2026

The key information on how we handle personal data is provided below, but the full legal text is available here.

Beacon is built on a simple principle: collect only what's necessary. We don't sell your data, we don't run ads, and we don't track you across the web.

What we collect

Account information

  • Email address — required for account creation and login
  • Username — your unique handle on Beacon
  • Display name and bio — optional, only if you choose to add them
  • Profile photo — optional, only if you upload one

Authentication data

Depending on how you sign in:

  • Email OTP — we send a one-time code to your email. Codes are deleted after use.
  • Passkeys — we store only the public key. Your private key never leaves your device.
  • Google/Apple sign-in — we receive your email, name, and profile photo from the provider. We don't receive or store your password.

Your content

  • Beacons — the signals you send, including title, description, and optional location name (text only, not GPS coordinates)
  • Comments and interactions — comments, likes, and join requests you make
  • Friend connections — who you've added as friends and any groups you create

Technical data

  • Push notification tokens — if you enable notifications, we store the endpoint to send them
  • Session data — to keep you logged in
  • Error logs — we use Sentry for crash reporting (configured to exclude personal data)

What we don't collect

  • GPS location — we don't track where you are. Location in beacons is just text you type.
  • Contacts — we never access your phone contacts
  • Browsing history — no cross-site tracking, no pixels, no fingerprinting
  • Ad identifiers — we don't run ads or use advertising SDKs

How we use your data

  • To provide the Beacon service — showing your beacons to friends and theirs to you
  • To send notifications you've opted into
  • To improve the app through aggregated, anonymized usage statistics
  • To respond to support requests

Who sees your data

Your friends — they see your beacons, profile, and interactions with them. That's the point.

No one else — we don't sell, rent, or share your personal data with third parties for their marketing purposes.

Service providers — we use Cloudflare for hosting and Sentry for error monitoring. These services process data on our behalf under strict agreements.

Data retention

  • Beacons — visible for 12 hours, then no longer shown (data retained for history)
  • Account data — kept while your account is active
  • Deleted accounts — we delete your data within 30 days of account deletion

Your rights

You can:

  • Access your data through your profile settings
  • Update or correct your information at any time
  • Delete your account and all associated data
  • Request a copy of your data by contacting us

Security

We use industry-standard security practices: encrypted connections (HTTPS), secure authentication (passkeys, OAuth), and rate limiting to prevent abuse. Your data is stored on Cloudflare's infrastructure with encryption at rest.

Changes to this policy

We'll notify you of significant changes via email or in-app notification. Minor clarifications won't trigger a notification but will update the "last updated" date above.

Contact

Questions? Reach us at team@usebeacon.social.