Privacy Policy

Effective date: 2024-09-01

BeamIt is a zero-knowledge file transfer service. Your files are encrypted in your browser using modern cryptography before upload, and we never see the decryption key. This policy explains what we collect and why.

What We Collect

  • Account (optional): Email address for sign-in via one-time codes if you choose to create an account.
  • Transfer metadata: A randomly generated Beam ID, encrypted object size, file count, retention period, upload status/mode, timestamps, and an object key for storage. We do not store filenames or file contents.
  • Download telemetry: Timestamp, country code (from network edge), bytes downloaded, duration, and a completed flag. Used to operate the service and compute site-wide statistics.
  • Site stats: Aggregated counters (e.g., total bytes transferred) streamed to clients via server-sent events. No personal data is included in these streams.
  • Local storage: Your browser may store temporary upload state (for reliability) and service worker messages for downloads. This stays on your device.

Cookies

We use only essential, first-party session cookies to keep you signed in and to secure account-related actions. We do not use analytics, advertising, or tracking cookies. Session cookies are set securely in production and have limited lifetimes.

Why We Collect This

  • To provide and operate the service (file transfers, account access).
  • To maintain reliability and detect abuse (aggregate telemetry, rate limits).
  • To comply with legal obligations when applicable.

Third Parties

  • Storage: Encrypted objects are stored with a cloud storage provider. Without your decryption key, the data is indistinguishable from random bytes.
  • Email delivery: One-time codes are sent via an email provider when you sign in.

Retention

  • Encrypted files expire automatically based on the selected retention period (e.g., 72 hours by default).
  • Account data (if any) is retained for as long as needed to provide the service. You can request deletion at any time.
  • Operational download logs are retained to operate and improve the service and may be periodically pruned.

Security

Files are encrypted client-side with AES‑256‑GCM via the Web Crypto API. The decryption key never leaves your possession. We employ standard web security practices to protect service endpoints and metadata.

International Transfers

Data may be processed in regions operated by our infrastructure providers. We work with reputable vendors who offer industry-standard safeguards for international data transfers.

Your Rights

  • Access/Deletion: If you created an account, you can request access to or deletion of your account data. Encrypted file contents cannot be retrieved or decrypted by us.
  • Contact us at [email protected] or via our contact page for requests.

Children

BeamIt is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us at [email protected] or through our contact page.

Changes & Contact

We may update this policy over time. Material changes will be reflected on this page with a new effective date. Questions? Contact us at [email protected] or via our contact page.