B
Beacon AI

Privacy Policy

Last updated: March 2026

1. Who we are

Beacon AI is operated by Beacon AI Ltd. We provide an AI-powered social media engagement platform for brands. Our contact email is hello@beacon-socials.com.

2. What data we collect

We collect the following categories of personal data:

  • Account data — name, work email address, and password (hashed) when you create an account.
  • Subscription data — your chosen plan, billing status, and Stripe customer ID. Payment card details are held by Stripe and never stored by us.
  • Brand data — your brand name, voice settings, tone preferences, FAQs, and onboarding responses.
  • Social interaction data — usernames, comment text, and DM content from social platforms you connect to Beacon. This is used solely to generate AI response suggestions.
  • Shopify store data — if you connect a Shopify store, we access customer names, email addresses, order history, fulfilment status, and tracking information via the Shopify Admin API. This data is used solely to display order context to your team inside the Beacon inbox. We do not store your customers' order data beyond the duration of your active session — it is fetched on demand and never persisted to our database.
  • Usage data — pages visited, features used, and session logs for product improvement and support.
  • Communication data — emails we send you and any replies you send us.

3. How we use your data

  • To provide, maintain, and improve the Beacon AI platform.
  • To generate AI-powered response suggestions using Anthropic's Claude API. Your data is sent to Anthropic for this purpose — see Anthropic's privacy policy at anthropic.com.
  • To process payments via Stripe.
  • To send transactional emails (account confirmation, password reset, billing receipts) and product emails (daily briefings, weekly digests) you have opted into by using the platform.
  • To comply with legal obligations.

4. Legal basis for processing (UK GDPR)

  • Contract — processing necessary to provide the service you've signed up for.
  • Legitimate interests — product analytics, fraud prevention, and service improvement.
  • Legal obligation — where we are required to process data by law.

5. Data storage and security

Your data is stored in Supabase (PostgreSQL), hosted on servers in the European Union. We use industry-standard encryption in transit (TLS) and at rest. Access to production data is restricted to authorised personnel only.

6. Third-party services

We share data with the following third parties only as necessary to provide the service:

  • Anthropic — AI response generation (anthropic.com)
  • Supabase — database and authentication (supabase.com)
  • Stripe — payment processing (stripe.com)
  • Resend — transactional email (resend.com)
  • Vercel — hosting (vercel.com)
  • Shopify — if you connect a Shopify store, we access your store data via the Shopify Admin API under the permissions you grant during installation (shopify.com/legal/privacy)

We do not sell your data to any third party.

7. Your rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — request deletion of your account and all associated data. You can do this directly from your Account settings, or by emailing hello@beacon-socials.com.
  • Restriction — ask us to pause processing of your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interests.

To exercise any of these rights, email hello@beacon-socials.com. We will respond within 30 days.

8. Cookies

We use strictly necessary cookies to maintain your login session. We do not use tracking or advertising cookies. You can disable cookies in your browser settings but this will prevent you from staying logged in.

9. Data retention

We retain your data for as long as your account is active. When you delete your account, all personal data is permanently deleted within 30 days. Anonymised, aggregated usage data may be retained for analytics.

10. Shopify merchant data

If you install Beacon via the Shopify App Store or connect your Shopify store manually, the following applies:

  • Data accessed — we request read-only access to your store's orders and customer records (read_orders, read_customers). We do not request write access and cannot modify your store data.
  • How it is used — order and customer data is fetched on demand when a team member opens an order lookup inside the Beacon inbox. It is displayed in real time and is not stored in our database.
  • Your customers' data — we access your customers' names, email addresses, and order history solely to provide the inbox order lookup feature. This data is never used for marketing, analytics, or AI training.
  • Revoking access — you can disconnect your Shopify store at any time from Beacon's Settings → Connections page. Uninstalling the app from your Shopify Admin also revokes all access immediately.
  • GDPR requests — if one of your customers submits a data access or erasure request under GDPR, contact us at hello@beacon-socials.com. Because we do not persistently store customer order data, there is typically no data to action — but we will confirm this in writing within 30 days.

11. Contact and complaints

For privacy enquiries — including Shopify merchant or customer data requests — contact us at hello@beacon-socials.com. If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ico.org.uk).

HomeTerms of Service