Privacy Policy

Last updated: June 2026

1. Our Zero-Upload Guarantee

SimpleBeacon is engineered with a strict zero-upload architecture. All scanning runs entirely offline on your local machine. No source code, file paths, repository contents, or proprietary intellectual property is ever transmitted to SimpleBeacon or any third party.

2. What We Do Not Collect

During any complimentary or paid audit:

• No source code leaves your machine
• No file paths or repository structure is transmitted
• No API keys, credentials, or secrets are uploaded
• No telemetry, analytics, or usage tracking is collected
• No persistent cloud access to your systems

3. What We Do Collect (Enterprise Clients)

For paid services and enterprise contracts, we collect only the minimum data necessary:

• Contact information — name, work email, company name, job title for service delivery and activation calls
• Anonymized report metadata — severity counts and pattern IDs only (no code snippets, no file paths) for certificate generation
• Payment records — processed securely by Stripe; we do not store payment card details

We do not retain, index, or share your data with any third party for marketing or analytics purposes.

4. Data Retention

Contact information and service records are retained only for as long as necessary to provide our services and comply with legal obligations. Audit reports and anonymized metadata are deleted within 90 days of certificate delivery unless you opt into a recurring Protection Pack. You may request immediate deletion of your data at any time by emailing [email protected].

5. Security

We implement enterprise-grade security measures for all client data. Anonymized report metadata is encrypted in transit and at rest. However, no method of transmission over the internet is entirely secure, and we encourage clients to review our zero-upload design to minimize exposure.

6. Third-Party Services

We use only the following third-party services, each subject to their own privacy policies:

• Stripe — Payment processing for Executive Risk Certificates, Protection Packs, and enterprise contracts
• Formspree — Secure contact form submission handling for audit requests

7. Your Rights (GDPR / CCPA)

You have the right to:

• Access all personal data we hold about you
• Request correction of inaccurate data
• Request complete deletion of your data (right to be forgotten)
• Receive a copy of your data in a portable format
• Opt out of any marketing communications

8. Enterprise Confidentiality

Both parties agree to treat all audit findings, reports, and business discussions as strictly confidential. SimpleBeacon will not disclose your company name, findings, or engagement details to any third party — including in marketing materials, case studies, or public references — without your express written consent.

9. Changes to This Policy

We may update this privacy policy to reflect changes in our services or regulatory requirements. Enterprise clients will be notified of significant changes via email at least 30 days before they take effect.

10. Contact

For privacy-related questions, data deletion requests, or GDPR/CCPA inquiries, please contact us or email [email protected].

← Back to SimpleBeacon home