Privacy Policy

Last updated: February 12, 2026

1. Introduction

Beacony ("Beacony," "we," "us," or "our") operates the website monitoring platform available at beacony.io and associated services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, create an account, or use the Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you register, we collect your name, email address, and password (stored as a bcrypt hash; we never store plaintext passwords).
  • Billing Information: If you subscribe to a paid plan, payment is processed by Stripe, Inc. We do not store your full credit card number. We receive and store a Stripe Customer ID, subscription status, and plan tier.
  • Workspace & Team Data: Workspace names, member email addresses, roles, and invitations.
  • Monitor Configuration: URLs, domains, IP addresses, ports, check intervals, expected status codes, keywords, and other monitoring parameters you configure.
  • Integration Configuration: Alert channel settings such as email addresses, phone numbers, Slack/Discord webhook URLs, PagerDuty routing keys, and generic webhook endpoints.
  • Support Communications: Any information you provide when contacting us for support.

2.2 Information Collected Automatically

  • Check Results: Response codes, response times, error messages, SSL certificate details, and timestamps generated by our monitoring checks against your configured endpoints.
  • Incident Data: Automatically generated records of downtime events, including start time, resolution time, cause, and acknowledgment status.
  • Usage Data: Log data including your IP address, browser type, operating system, referring URLs, pages viewed, and access timestamps.
  • Cookies: We use strictly necessary cookies for authentication (JWT token storage) and session management. We do not use third-party advertising or tracking cookies.

2.3 Information We Do Not Collect

  • We do not collect or store the response body content of your monitored endpoints (except for keyword-match validation, which is checked in-memory and not persisted).
  • We do not collect data from your end users or visitors to your monitored websites.
  • We do not sell, rent, or trade your personal information to any third party.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and operate the Service: Execute monitoring checks, detect incidents, send alerts, and display analytics.
  • Account management: Create and manage your account, authenticate your identity, and process billing.
  • Communication: Send transactional emails (account verification, password resets, billing receipts), alert notifications through your configured channels, and service-related announcements.
  • Improvement: Analyze usage patterns in aggregate to improve performance, reliability, and features of the Service.
  • Security: Detect, prevent, and address fraud, abuse, security incidents, and technical issues.
  • Legal compliance: Comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. How We Share Your Information

We do not sell your personal information. We may share information only in the following circumstances:

  • Service Providers: We share data with third-party vendors who perform services on our behalf, subject to contractual obligations of confidentiality:
    • Stripe, Inc. — payment processing
    • Amazon Web Services (AWS) — infrastructure hosting and email delivery (SES)
    • Twilio, Inc. — SMS and WhatsApp alert delivery
  • Workspace Members: If you belong to a workspace, other members of that workspace may see monitors, incidents, analytics, and settings associated with the workspace in accordance with their assigned role.
  • Public Status Pages: If you create a public status page, the monitor names, uptime status, and incident information you choose to display will be publicly accessible.
  • Legal Requirements: We may disclose information if required by law, subpoena, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice on the Service before your information becomes subject to a different privacy policy.

5. Data Retention

  • Account Data: Retained for as long as your account is active. Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.
  • Check Results & Incident Data: Retained for the duration specified by your subscription plan (up to 365 days). Older data is automatically purged.
  • Billing Records: Transaction records are retained for 7 years to comply with tax and financial regulations.
  • Server Logs: Automatically deleted after 90 days.

6. Data Security

We implement industry-standard technical and organizational measures to protect your information:

  • All data in transit is encrypted using TLS 1.2 or higher.
  • All data at rest is encrypted using AES-256.
  • Passwords are hashed using bcrypt with a cost factor of 10 or higher.
  • API keys are stored as SHA-256 hashes; the raw key is shown only once at creation and never stored.
  • JWT authentication tokens expire after 7 days.
  • Access to production systems is restricted to authorized personnel with multi-factor authentication.
  • We conduct regular security reviews and promptly address identified vulnerabilities.

Despite our efforts, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we commit to notifying affected users of any data breach within 72 hours of discovery.

7. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request a machine-readable copy of your data.
  • Restriction: Request restriction of processing of your personal data.
  • Objection: Object to processing of your personal data for certain purposes.
  • Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, contact us at privacy@beacony.io. We will respond within 30 days. We may request verification of your identity before processing your request.

8. International Data Transfers

Our servers and service providers are located in the United States and other countries. If you are accessing the Service from the European Economic Area (EEA), United Kingdom, Switzerland, or other regions with data transfer regulations, please be aware that your data may be transferred to, stored, and processed in jurisdictions that may not provide the same level of data protection as your home jurisdiction.

Where required, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms, to ensure appropriate safeguards for cross-border data transfers.

9. GDPR Compliance (EEA Users)

If you are in the European Economic Area, the following additional provisions apply:

  • Legal Bases: We process your data based on: (a) contractual necessity (to provide the Service), (b) legitimate interests (to improve and secure the Service), and (c) your consent (for optional communications).
  • Data Protection Officer: You may contact our data protection team at dpo@beacony.io.
  • Supervisory Authority: You have the right to lodge a complaint with your local supervisory authority if you believe your data is being processed unlawfully.

10. CCPA Compliance (California Users)

If you are a California resident, the following additional provisions apply under the California Consumer Privacy Act (CCPA):

  • Right to Know: You have the right to request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at privacy@beacony.io.

11. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information. If you believe we have collected information from a child under 16, please contact us at privacy@beacony.io.

12. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we will provide additional notice (such as an email notification or an in-Service alert). Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

  • Email: privacy@beacony.io
  • Data Protection Officer: dpo@beacony.io
Back to HomeTerms of Service