← back to beam
getbeam.fyi privacy policy

privacy policy. plain english.

beam is built by indie founders, for indie founders. we take data seriously — not because lawyers made us, but because we'd want the same from tools we use.

what we collect

when you use beam, we collect:

what we do with it

we use your data to:

we do not sell your data. we do not share visitor data with third parties except the enrichment providers we use to identify visitors on your behalf (people data labs, proxycurl). those providers have their own privacy policies.

visitor data and your visitors

beam's person-level visitor identification only resolves visitors with US-based IP addresses. we use IP geofencing to restrict person-level identification to US traffic only. beam does not intentionally or deliberately provide person-level identification for european, UK, or other non-US markets.

beam resolves anonymous visitors by matching IP addresses against third-party data providers (people data labs, proxycurl, fullcontact). the information surfaced — names, job titles, companies, linkedin profiles — comes from these data enrichment services and publicly available sources. this data is cached for 30 days and only used within your beam dashboard.

identified visitors can request deletion by emailing [email protected]. we'll process requests within 7 days.

your responsibilities as a beam user

when you install the beam pixel on your site, you are responsible for updating your own site's privacy policy to disclose visitor tracking and identification. you should inform your visitors that you use a third-party service to identify anonymous traffic.

we recommend adding language about data collection, cookies/local storage, and third-party data enrichment to your privacy policy.

data retention

visitor event data is retained for 90 days by default. enriched profiles are retained for as long as your account is active. you can delete any or all data from your dashboard settings at any time.

security

all data is encrypted in transit (tls) and at rest. we use supabase for storage, which is soc 2 compliant. we follow the principle of least privilege — only the services that need your data can access it.

gdpr

beam's person-level identification is restricted to US-based IP addresses only. we do not resolve visitors from the EU or UK.

if you believe your data has been processed and you're in the EU, email us at [email protected] and we'll handle your access, correction, or deletion request within 30 days.

ccpa / us state privacy laws

if you're a california resident, you have the right to know what personal data we collect, request deletion, and opt out of the sale of your data.

beam does not sell personal data in the traditional sense, but identity resolution may constitute a "sale" under CCPA's broad definition. to opt out: email [email protected] with subject "Do Not Sell My Information".

we honor browser-level opt-out signals: if your browser sends a Global Privacy Control (GPC) or Do Not Track (DNT) signal, beam will not resolve your identity — your visits stay anonymous and are never matched against our data providers.

cookies

beam uses minimal cookies: one session cookie to keep you logged in, and one analytics cookie to measure basic usage (no third-party trackers). the beam tracking pixel on your site uses first-party storage only.

changes to this policy

if we make material changes, we'll email registered users at least 14 days before they take effect. the latest version is always at this url.

contact

questions? email [email protected]. we're a small team and we respond personally.

last updated: june 2026