Privacy Policy

Last updated: February 2026

1. Introduction

BeamFlow Ltd. ("Company," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes the types of information we collect from and about you when you use our website, platform, and related services (collectively, the "Service"), how we use and share that information, and the choices and rights you have regarding your information.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

2. Information We Collect

We collect information in the following ways:

2.1 Information You Provide Directly

  • Account Information: When you create an account, we collect your name, email address, and authentication credentials. If you register using a third-party service (e.g., Google OAuth), we receive your name and email address from that service.
  • Scan Data: The domain names you submit for analysis and the resulting ads.txt and app-ads.txt scan reports, including health scores, error listings, and verification results.
  • Payment Information: When you subscribe to a paid plan, payment information (such as credit card details and billing address) is collected and processed securely by Paddle.com Market Limited ("Paddle"), which acts as our Merchant of Record. Paddle processes all payments, handles sales tax and VAT, and manages billing on our behalf. We do not directly store or have access to your full credit card number. For details on how Paddle handles your data, please see Paddle's Privacy Policy.
  • Communications: When you contact us for support, provide feedback, or communicate with us through email or other channels, we collect the content of those communications along with associated metadata (e.g., timestamps, email addresses).

2.2 Information Collected Automatically

  • Usage Data: We automatically collect information about how you interact with the Service, including pages visited, features used, actions taken, time spent on pages, clickstream data, and referring/exit URLs.
  • Device and Technical Data: We collect information about the device and browser you use to access the Service, including IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
  • Log Data: Our servers automatically record information about requests made to the Service, including the date and time of the request, the referring URL, the user agent, and the resources accessed.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, operate, maintain, and improve the Service, including processing scans, generating reports, and delivering monitoring alerts and notifications.
  • Account Management: To create and manage your account, authenticate your identity, and provide customer support.
  • Payment Processing: To process transactions, manage subscriptions, send billing-related communications, and prevent fraud.
  • Communications: To send you transactional emails (e.g., scan results, account notifications, security alerts), and, with your consent, promotional communications about new features, product updates, and offers. You may opt out of marketing communications at any time.
  • Analytics and Improvement: To analyze usage patterns, diagnose technical issues, and improve the functionality, performance, and user experience of the Service.
  • Security and Compliance: To detect, prevent, and address fraud, abuse, security incidents, and technical issues, and to comply with applicable legal obligations.
  • Aggregated Insights: To generate aggregated, anonymized, or de-identified industry insights and statistics that cannot reasonably be used to identify you.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or a jurisdiction with similar data protection laws, we process your personal data on the following legal bases:

  • Performance of a Contract: Processing necessary to perform our agreement with you (e.g., providing the Service, managing your account).
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, provided such interests are not overridden by your rights and freedoms.
  • Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications). You may withdraw consent at any time.
  • Legal Obligation: Processing necessary to comply with applicable laws, regulations, or legal processes.

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We share information only in the following limited circumstances:

  • Service Providers: We engage trusted third-party companies and individuals to perform services on our behalf, including cloud hosting (Vercel), database management (Supabase), payment processing (Paddle.com Market Limited, acting as Merchant of Record), email delivery (Resend), and analytics (Google Analytics). These providers are contractually obligated to use your information only as necessary to provide services to us and are bound by confidentiality obligations.
  • Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.
  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
  • With Your Consent: We may share your information when you explicitly authorize us to do so.

6. Data Security

We implement and maintain commercially reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include, but are not limited to:

  • Encryption of data in transit using Transport Layer Security (TLS/SSL).
  • Encryption of sensitive data at rest.
  • Row-level security policies on our database to ensure strict data isolation between users.
  • Regular security assessments, vulnerability scanning, and code reviews.
  • Access controls limiting employee access to personal data on a need-to-know basis.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee the absolute security of your data, and you acknowledge that you transmit your information at your own risk.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account Data: Retained for as long as your account remains active. Upon account deletion, we will delete or anonymize your personal data within thirty (30) days, except where retention is required by law.
  • Scan Results: Retained for ninety (90) days for free-tier users and for the duration of an active paid subscription. Upon downgrade or cancellation, scan results exceeding the free-tier retention period may be deleted.
  • Payment Records: Retained for a minimum of seven (7) years as required by applicable tax and financial regulations.
  • Log and Usage Data: Retained for up to twelve (12) months for analytics and security purposes, after which it is aggregated or deleted.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): You may request the deletion of your personal data, subject to certain exceptions (e.g., legal retention requirements).
  • Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Restriction of Processing: You may request that we restrict the processing of your personal data under certain circumstances.
  • Right to Object: You may object to the processing of your personal data where processing is based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
  • Right to Opt Out of Marketing: You may opt out of promotional communications by clicking the "unsubscribe" link in any marketing email or by contacting us directly.

To exercise any of these rights, please contact us at support@beamflow.co. We will respond to your request within thirty (30) days, or as required by applicable law. We may need to verify your identity before processing your request.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service. The types of cookies we use include:

  • Essential Cookies: Required for the basic functionality of the Service, including authentication, session management, and security. These cookies cannot be disabled.
  • Analytics Cookies: Used to understand how visitors interact with the Service, track page views, and measure feature usage. We use these to improve the Service. You may opt out of analytics cookies through your browser settings or cookie preferences.

We do not use third-party advertising cookies or tracking pixels for ad targeting purposes. We do not participate in behavioral advertising networks.

Most web browsers allow you to control cookies through their settings. Please note that disabling essential cookies may affect the functionality of the Service.

10. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from the laws of your jurisdiction. When we transfer personal data outside of the EEA or United Kingdom, we implement appropriate safeguards as required by applicable data protection laws, such as Standard Contractual Clauses approved by the European Commission, to ensure that your personal data receives an adequate level of protection.

11. Children's Privacy

The Service is not directed to, and we do not knowingly collect personal information from, individuals under the age of 18 (or the applicable age of majority in your jurisdiction). If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at support@beamflow.co.

12. Third-Party Links and Services

The Service may contain links to third-party websites, services, or applications that are not operated or controlled by us. This Privacy Policy does not apply to such third-party services, and we are not responsible for their privacy practices or content. We encourage you to review the privacy policies of any third-party services you access through the Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending you an email notification or displaying a prominent notice within the Service. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

BeamFlow Ltd.
Email: support@beamflow.co

If you are located in the EEA and believe that your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.