PRIVACY POLICY

1. Introduction

Beacon AI Solutions is committed to protecting the privacy and security of the personal data we process. This Privacy Policy ("Policy") describes how we collect, use, process, share, and protect Personal Data in connection with the provision and use of the Beacon service (the "Service"), as well as our websites and related interactions (collectively, the "Platform").

This Policy applies to:

• Organizations that subscribe to the Beacon Service.
• Individuals (employees, contractors, agents of Customers) granted access to use the Beacon Service under a Customer's subscription.
• Individuals who visit our public-facing websites.

"Personal Data" means any information relating to an identified or identifiable natural person. This can include names, email addresses, IP addresses, and other information defined as personal data under applicable data protection laws.

Please read this Policy carefully. By accessing or using our Platform, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you are using the Service as an Authorized User on behalf of a Customer, your use is also governed by the agreement between Beacon AI Solutions and that Customer (the "SaaS Agreement").

2. Information We Collect

We collect information in the following ways:

• Information You Provide Directly:
  • When a Customer subscribes or an Authorized User creates an account, we collect your name and email address.
  • Customers and Authorized Users upload, input, or submit data into the Beacon Service for processing and analysis ("Customer Data"). Customer Data may contain Personal Data depending on what the Customer chooses to upload. Beacon AI Solutions processes Customer Data as a "Processor" or "Service Provider" on behalf of the Customer, who acts as the "Controller" or "Business." The Customer is responsible for ensuring they have the necessary rights and lawful basis to process any Personal Data within Customer Data using our Service.
  • If you contact us for support, provide feedback, participate in surveys, or otherwise communicate with us, we collect the information you provide in those communications.
  • If you sign up for newsletters, webinars, or marketing communications, we collect your contact details like name and email address.
• Information Collected Automatically:
  • When you use the Beacon Service or visit our websites, we automatically collect information about your interaction, such as your IP address, browser type and settings, device information (type, operating system), access times, pages viewed, features used, interactions with AI Outputs, crash data, and referring URL ("Usage Data"). This data helps us operate, secure, and improve the Service.
  • We use cookies (small text files stored on your device) and similar tracking technologies (like web beacons, pixels) on our websites and potentially within the Service to:
    • Operate and secure the Service (e.g., session management, authentication).
    • Analyze usage and performance (e.g., Google Analytics).
    • Remember your preferences.
    • Potentially deliver relevant marketing on our websites (with consent where required). You can control cookies through your browser settings and other tools.
• Information from Third Parties:
  • We may occasionally receive information about you from third-party sources, such as business partners or data enrichment services, but only where these third parties confirm they have your consent or are otherwise legally permitted or required to disclose your personal information to us.

3. How We Use Your Information

We use the Personal Data we collect for the following purposes:

• To Provide, Operate, and Maintain the Service:
  • Set up and manage user accounts.
  • Process Customer Data as instructed by the Customer to generate insights and AI Outputs within Beacon.
  • Provide customer support and respond to inquiries.
  • Operate, secure, monitor, and maintain the technical infrastructure of the Service.
• To Improve and Develop the Service:
  • Analyze Usage Data to understand how users interact with the Service, identify trends, and improve functionality, usability, and performance.
  • Develop new features and services.
  • AI Model Training: We DO NOT use Customer Data and Usage Data to train and improve the underlying AI models that power Beacon.
• To Communicate with You:
  • Send administrative information, such as service updates, technical notices, security alerts, and support messages.
  • Send marketing communications (e.g., newsletters, promotions) about our products and services, but only where permitted by law and with your consent if required. You can opt-out of marketing communications at any time (see Section 8).
• For Security and Compliance:
  • Detect, prevent, and respond to fraud, abuse, security risks, and technical issues.
  • Enforce our Terms and Conditions, SaaS Agreement, and other policies.
  • Comply with legal obligations, court orders, or governmental requests.
• For Billing and Account Management:
  • Process payments and manage subscriptions.

4. How We Share Your Information

We DO NOT sell your Personal Data in the traditional sense. We may share Personal Data under the following circumstances:

• With the Customer: Information related to an Authorized User's account and usage within the Service may be shared with the Customer entity that holds the subscription.
• Service Providers (Sub-processors): We engage trusted third-party companies and individuals to perform services on our behalf (e.g., cloud hosting providers like AWS/Azure/GCP, payment processors, analytics providers, customer support tools, email service providers). These providers process Personal Data only based on our instructions and under contractual obligations to implement appropriate security and confidentiality measures. A list of our main sub-processors can be provided upon request.
• Legal Requirements: We may disclose Personal Data if required by law, regulation, subpoena, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
• Business Transfers: If Beacon AI Solutions is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your Personal Data may be transferred as part of that transaction, subject to standard confidentiality arrangements.

Crucially, we treat Customer Data (the data uploaded by Customers/Users for processing by Beacon) as confidential information belonging to the Customer. We will NOT access or share Customer Data except as necessary to provide the Service as instructed by the Customer, for support purposes initiated by the Customer/User, to improve the service (using anonymized/aggregated data as described above), or as required by law.

5. Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Key retention considerations include:

• Retained for the duration of the Customer's subscription and for a reasonable period thereafter as necessary for legitimate business purposes (e.g., final billing, record-keeping, resolving disputes) or legal requirements.
• Processed according to the terms of the SaaS Agreement. Generally retained while the Customer's subscription is active and deleted or returned upon termination according to the Agreement's terms (typically within a defined period like 30-90 days post-termination), unless legal obligations require longer retention.
• Retained for a limited period necessary for security, analysis, and service improvement. Anonymized/aggregated data may be kept longer.
• Retained until you opt-out or we determine the information is no longer relevant.

6. Data Security

Beacon AI Solutions takes the security of Personal Data seriously. We implement and maintain reasonable and appropriate technical, administrative, and physical security measures designed to protect Personal Data from unauthorized access, disclosure, alteration, misuse, loss, or destruction. These measures include, but are not limited to:

• Encryption of data in transit and at rest.
• Access controls and authentication mechanisms.
• Regular security assessments and updates.
• Confidentiality agreements with employees and contractors.
• Security measures provided by our cloud hosting partners (Microsoft Azure).

7. Third-Party Integrations and OAuth Data

Beacon offers optional integrations that allow you to connect your accounts with third-party services so that Beacon can read information on your behalf to provide meeting and sales-context features. You explicitly authorize each integration through the provider's OAuth consent screen, and you can disconnect any integration at any time from Beacon's Integrations page or from the third party's own account security settings.

7.1 Google (Calendar)

When you connect your Google account and grant the https://www.googleapis.com/auth/calendar.readonly scope, Beacon reads a short window of upcoming calendar events solely so that you can select one to start a Beacon recording session and to pre-populate meeting context (attendees, subject, start time).

Google API Services User Data Policy — Limited Use Disclosure: Beacon's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google user data only to provide or improve user-facing features that are prominent in Beacon's UI (the meeting picker and meeting-context display).
• We do not transfer Google user data to third parties except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with user notice.
• We do not use Google user data for serving advertisements.
• We do not allow humans to read Google user data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes (e.g., investigating abuse), to comply with applicable law, or for Beacon's internal operations — and then only when the data has been aggregated and anonymized.
• Calendar events read for a session are used in-session and are not retained as a permanent store of your calendar. OAuth tokens are stored encrypted at rest (via ASP.NET Core Data Protection) and are used only to make authorized API calls on your behalf.

7.2 Microsoft 365 (SharePoint, OneDrive, Outlook Calendar)

When you connect Microsoft 365, Beacon requests only the scopes needed for features you use — for example, Calendars.Read for the calendar meeting picker, and Sites.Read.All / Files.Read.All for SharePoint / OneDrive file selection. Data is read on demand; OAuth tokens are stored encrypted at rest.

7.3 Salesforce

When you connect Salesforce, Beacon requests the api and refresh_token scopes and makes read-only SOQL queries to fetch Accounts, Contacts, Opportunities, recent Tasks/Events, Cases, and Notes related to meetings you select. No data is written back to Salesforce. OAuth tokens and instance URL are stored encrypted at rest.

7.4 Pipedrive

When you connect Pipedrive, Beacon requests the Access to basic information, Contacts, Deals, Activities, and Read users data scopes and makes read-only REST calls to fetch Organizations, Persons, Deals, Activities, and Notes related to meetings you select. No data is written back to Pipedrive. OAuth tokens and API domain are stored encrypted at rest.

7.5 Revocation

You can revoke Beacon's access to any connected account at any time:

• From within Beacon at app.beaconhq.ai/app/integrations (Disconnect button).
• From the provider's own account settings — for example, Google Account → Security → Third-party apps with account access.

Disconnecting revokes the refresh token and deactivates Beacon's stored tokens for that provider.

8. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by posting the updated Policy on this page with a new "Last Updated" date, and/or by sending an email to the address associated with your account, or through a notification within the Service, prior to the change becoming effective. We encourage you to review this Policy periodically. Your continued use of the Platform after any changes constitutes your acceptance of the revised Policy.