beam is built by indie founders, for indie founders. we take data seriously — not because lawyers made us, but because we'd want the same from tools we use.
when you use beam, we collect:
we use your data to:
we do not sell your data. we do not share visitor data with third parties except the enrichment providers we use to identify visitors on your behalf (people data labs, proxycurl). those providers have their own privacy policies.
beam's person-level visitor identification only resolves visitors with US-based IP addresses. we use IP geofencing to restrict person-level identification to US traffic only. beam does not intentionally or deliberately provide person-level identification for european, UK, or other non-US markets.
beam resolves anonymous visitors by matching IP addresses against third-party data providers (people data labs, proxycurl, fullcontact). the information surfaced — names, job titles, companies, linkedin profiles — comes from these data enrichment services and publicly available sources. this data is cached for 30 days and only used within your beam dashboard.
identified visitors can request deletion by emailing [email protected]. we'll process requests within 7 days.
when you install the beam pixel on your site, you are responsible for updating your own site's privacy policy to disclose visitor tracking and identification. you should inform your visitors that you use a third-party service to identify anonymous traffic.
we recommend adding language about data collection, cookies/local storage, and third-party data enrichment to your privacy policy.
visitor event data is retained for 90 days by default. enriched profiles are retained for as long as your account is active. you can delete any or all data from your dashboard settings at any time.
all data is encrypted in transit (tls) and at rest. we use supabase for storage, which is soc 2 compliant. we follow the principle of least privilege — only the services that need your data can access it.
beam's person-level identification is restricted to US-based IP addresses only. we do not resolve visitors from the EU or UK.
if you believe your data has been processed and you're in the EU, email us at [email protected] and we'll handle your access, correction, or deletion request within 30 days.
if you're a california resident, you have the right to know what personal data we collect, request deletion, and opt out of the sale of your data.
beam does not sell personal data in the traditional sense, but identity resolution may constitute a "sale" under CCPA's broad definition. to opt out: email [email protected] with subject "Do Not Sell My Information".
we honor browser-level opt-out signals: if your browser sends a Global Privacy Control (GPC) or Do Not Track (DNT) signal, beam will not resolve your identity — your visits stay anonymous and are never matched against our data providers.
beam uses minimal cookies: one session cookie to keep you logged in, and one analytics cookie to measure basic usage (no third-party trackers). the beam tracking pixel on your site uses first-party storage only.
if we make material changes, we'll email registered users at least 14 days before they take effect. the latest version is always at this url.
questions? email [email protected]. we're a small team and we respond personally.
last updated: june 2026