Privacy Policy


About

Last updated 24.8.2023 (See changes)

The General Data Protection Regulation (GDPR) is European Union legislation to strengthen and unify data protection laws for all individuals within the European Union. The regulation becomes effective and enforceable on May 25, 2018.

As an EU business, founded and run by EU (German) citizens, but also as people who value privacy, we are fully committed to being compliant with GDPR. This page lays out our commitment to data protection and makes transparent what data we store about our users.

We're not in the business of selling your personal data. We believe that storing personal data is a liability and only store the minimum required to do our job.

This document will explain how info-beamer.com and other info-beamer related online properties (called 'service' in the following text) handle your data. If you have any questions, don't hesitate to contact us.

Unregistered users of our service

This section describes how our service collects data if you just visit our service as an unauthenticated users without an info-beamer account.

Information gathered by us

Our services my use cookies in order to provide our service to you. Cookies are saved by your browser and allow us to assign a unique identification to that browser. Unless you want to log into our service, all of our service is functional without cookies. You may delete our cookie yourself through your browser's cookie manager.

  • We use our cookie to (for example) redirect you to the appropriate page after you log in.
  • We don't store any personal information directly in the browser cookie data nor the server side data.
  • If you log into our service, we have to store your user ID on the server side.
  • You can either delete our cookie yourself or wait until it expires on its own (usually after two weeks).

Access Log

If you visit our service, we store some information of the sort that web browsers and servers typically make available, such as the your IP address, browser type, referring site, and the date and time of each request.

  • We use this information to help debug problems or detect and prevent abuse.
  • We never sell, share or otherwise make this information available to any outside party. It's only used internally to improve our service.
  • We completely remove these log files after four weeks.

Other data processors we use

Cloudflare

Some of the content of our website is delivered with the help of the Cloudflare content delivery service. We use it to ensure that our service is as fast as possible, regardless from where your visiting our service. Cloudflare is only used for domains within our service that don't handle personal data. Right now that's mainly `cdn.infobeamer.com`, the domain that, for example, served you all the images on this web page.

  • We use this service to make our website faster.
  • We don't use Cloudflare for requests that contain any personally identifying information. We only use it to serve JavaScript, images and asset thumbnails.

FastMail

We use FastMail as our mail service provider. If you send us mail, it will be handled and stored on their servers.

  • We don't want to run our own mail server as that's a huge effort. So we chose FastMail.
  • We are legaly required to keep certain emails.

Users of the info-beamer hosted service

Information gathered by us

User information

If you sign up to our service, we collect your email address and password. The password is hashed with a strong hashing function (bcrypt) and never stored in plain text. We do not request any other personally identifying information.

All other information stored is easily visible on our service web site: We store the packages you've imported, all assets you uploaded and setups you created as well as devices you assigned to your account. You are in complete control and can delete this data at any time.

  • We might retain your information after you delete it in automated backups we create. These backups are stored encrypted for up to 90 days.
  • Right now there is no automated process to delete your user account. If you want to completely close your account, please get contact with support.
  • Similarly if you want to retrieve all data stored in your account, also contact our support.

Invoicing

Regardless of how you make a purchase on our service, we are legally required to store invoice information associated with your account. You can always see all stored invoices at https://info-beamer.com/shop/purchases.

  • We are legally required to store this information.
  • We share this information with our accountants and other official tax authorities.

Learn more about the privacy policies here:

Other data processors we use

Device configuration

A device you operate needs to reach out to external service unless you explicitly provide your own configuration settings to overwrite these default services.

If no DNS service is provided by your local network and no manual DNS configuration exists, the DNS server 1.1.1.1, operated by Cloudflare is used.

Similarly if no NTP server is provided or configured, the server time.cloudflare.com, operated by Cloudflare is used.

Compute

We directly operate multiple servers for our service. They handle your uploaded data, run the database required for our services, served your this website and more. All of them are located in the EU. At the moment all of them are located in a data center in Amsterdam operated by DigitalOcean.

  • We follow best practices operating our servers to be as secure as possible.

Emails

We occasionally send you emails like the welcome email or a password recovery email. We use a third party for email delivery as this greatly improves the delivery rate compared to sending email directly from our servers. We use mailgun for that.

  • We need a reliable way to send emails to you.
  • Sent emails and associated logs are deleted from their service after 2 days.
  • If there is a problem delivering an email, the address might be saved to prevent sending further emails to the same address in the future.

Learn more about mailgun and their privacy policy:

Data storage

If you upload data to our service, like images and videos, we store them for you. We're using two different service providers for that: Amazon S3 as the primary storage location as well as Google Storage for backups. All data sent and received from these services always uses encrypted connections. All data is stored in the EU.

  • We use this services to safely and reliably store your content and to deliver it to your devices.
  • We only store data you submit to us either by uploading content to the service or by applying a configuration to a setup you create.
  • If you delete the last remaining copy of a file or remove a setup it will be deleted from those services after approximately 7 days. Note that due to aggressive caching, it might be possible that some of the deleted content is accessible longer than that.
  • Data (e.g. images/videos/fonts) and configuration options are still cached on your devices if they have been previously used by them. They can't be automatically deleted remotely. You can learn more about device security and how that might relate to data privacy here.

Learn more about the used services and their privacy policies:

Payment processing

We handle payment processing depending on user location using one of Stripe or Paddle.

Stripe

We use stripe.com for credit card payment processing. During checkout you are required to provide your credit card information. We never store or even receive your credit card information on our servers. Instead it is securely handled by stripe. If you make a payment, stripe.com receives your credit card information, your email address and the amount charged. Stripe can't see what you paid for, only the total amount.

  • Since we can't handle credit card payment on our own, we have to rely on a third party. We believe stripe.com is a trustworthy partner.
  • We only submit the minimum information required for a successful payment. No other information is shared.

Learn more about stripe and their privacy policy:

Paddle.com Market Limited

Payments information provided by you via the Sites will be stored and processed by Paddle.com Market Limited and any other third party service providers as designated by us from time to time. We will collect certain information on the Sites required for Paddle.com Market Limited and such third party services providers to process payments, including credit / debit card numbers, security numbers and other related payment information. All such information is subject to the privacy policy of Paddle.com Market Limited or any other third party service provider as applicable.

Device geolocation

We offer you to automatically locate your devices and show their location on a map. By default the shown device location is based on their public IP address. You can optionally query a "precise device location". In that case the device provides a list MAC addresses of nearby WiFi networks with all networks ending in _nomap removed. This list is then sent to the Google Geolocation Service to get a location.

The request to the geolocation API is made from our servers and doesn't include any information about the querying user account. If you remove the precise geolocation again using the provided "delete button" we remove the saved coordinates and show you the location based on the device IP.

The map on the device page itself is rendered using the tile servers from openstreetmap.org. Embedding such a map results in your browser querying their tile servers. Such queries don't contain any personal information, only your IP address.

  • We cannot provide you a precise geolocation of your devices without using an external API.
  • We can't provide our own tile servers and chose to use the Openstreetmap tile servers for that.
  • This feature is opt-in. By default we don't query a geolocation and you explicitly have to request it on the device detail page for each device or through the API.

Learn more about the privacy policies here:

Changes and updates

We may update this privacy policy from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision.

Summary

We believe that we're doing our best to provide you a great service without invading your privacy. Our business model doesn't involve collecting or selling your personal information so we try to keep only the information we need to provide our service. Your trust is important to use and we try to be as transparent as possible with how we handle your data.

If you want us to correct or remove your personal information or account, we'll of course assist you in that, just like we did before this policy got updated.

Please contact us if you have questions about the use of our service or your data.

Changes

26.6.2018 - Added the "Device geolocation" section to make it transparent how new and opt-in device geolocation feature works and how we get a precise location.

14.6.2021 - Added Google location service usage for verifying invoice addresses.

09.8.2021 - Added Paddle.com as payment processor.

20.2.2023 - Added information about services potentially accessed by your devices.

24.8.2023 - Removed the use of server-side only Google Analytics click logging.